Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help , Constant Rebooting At Startup Hijackthis,mbam Logs


  • This topic is locked This topic is locked
24 replies to this topic

#1 blueskyz888

blueskyz888

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 29 September 2008 - 09:54 AM

hi, i recently got spyware /adware on my computer. I've used spyware doctor, SUPERantispyware, Malwarebytes, S&D, ad-aware to remove all the spyware/adware and it seems to be all okay from there , but there after my computer kept rebooting when windows was just about to log in... " the screen where is says "welcome"" (my OS is Vista ultimate).. the only way i can log back onto windows is if i select the boot option "Last Known Good Configuration" at the boot menu.. I cannot log into Safe Mode as it will restart at the same screen where it welcomes me into windows.. ive tried full system scans on all the spyware removal tools mentioned above and none can detect and fix any problems associated to the constant auto rebooting.. I cant do system restore either because i had no previous stored points

can someone offer me another removal tool that may fix my problem. everytime i turn on my computer i have to forcefully reboot the computer inorder to boot at "Last known good configuration" which looks quiet damaging..
Your Help is Appreciated! and i would like to know the name of the virus/spyware if you recognise this problem

Here are some logs ive done today

quickscan first

Malwarebytes' Anti-Malware 1.28
Database version: 1190
Windows 6.0.6001 Service Pack 1

29/09/2008 6:25:54 PM
mbam-log-2008-09-29 (18-25-54).txt

Scan type: Quick Scan
Objects scanned: 57662
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Kevin\AppData\Roaming\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


then a full scan of that

Malwarebytes' Anti-Malware 1.28
Database version: 1190
Windows 6.0.6001 Service Pack 1

29/09/2008 7:57:43 PM
mbam-log-2008-09-29 (19-57-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 202891
Time elapsed: 1 hour(s), 24 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:45 PM, on 29/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {28FC7C87-4614-4434-89D7-71E0FD335AA2} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: snrfbo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: dtseqrxk - {9FAEF8E1-CD17-45BC-99AF-453D17D1EBDE} - C:\Windows\dtseqrxk.dll (file missing)
O21 - SSODL: mgxfebsq - {9A506FF0-EA96-413D-9D34-008F6C15CF00} - C:\Windows\mgxfebsq.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntispywareBot Scanning Engine (AntispywareBotSrv) - Unknown owner - C:\Program Files\AntispywareBot\AntispywareBot.srv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 12865 bytes


What do i do from here?

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:21 PM

Posted 02 October 2008 - 03:49 PM

Hi blueskyz888,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

You have posted to 5 days no reply but my calculator says it's shorter than 5 days, how about your calculator? :thumbsup:

Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.

Note 2. Copy and paste the logs to your reply.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1:The logs will be created in this folder: C:\rsit

      Note 2:The tool takes not more than one minute to scan the system.
  • Tell me if you have run any other tool than you have already mentioned.

  • Tell me about the current condition of your computer if there has been any changes from what you have described.


#3 blueskyz888

blueskyz888
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 02 October 2008 - 10:53 PM

hi farbar
sorry id figured my post wont be replied since all the mods seem very busy with their work :thumbsup:
i just ran RSIT here are the logs

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kevin at 2008-10-03 13:43:58
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 4 GB (3%) free of 131 GB
Total RAM: 2044 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:32 PM, on 3/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kevin\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Kevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {28FC7C87-4614-4434-89D7-71E0FD335AA2} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Updater] updater.com
O4 - HKLM\..\RunServices: [Windows Updater] updater.com
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: snrfbo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: dtseqrxk - {9FAEF8E1-CD17-45BC-99AF-453D17D1EBDE} - C:\Windows\dtseqrxk.dll (file missing)
O21 - SSODL: mgxfebsq - {9A506FF0-EA96-413D-9D34-008F6C15CF00} - C:\Windows\mgxfebsq.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntispywareBot Scanning Engine (AntispywareBotSrv) - Unknown owner - C:\Program Files\AntispywareBot\AntispywareBot.srv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 12715 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Kevin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28FC7C87-4614-4434-89D7-71E0FD335AA2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-19 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"JMB36X IDE Setup"=C:\Windows\JM\JMInsIDE.exe [2006-10-30 36864]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-19 185896]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-09-15 1107848]
"Windows Updater"=C:\Windows\updater.com [2008-10-02 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="snrfbo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
dtseqrxk - {9FAEF8E1-CD17-45BC-99AF-453D17D1EBDE} - C:\Windows\dtseqrxk.dll []
mgxfebsq - {9A506FF0-EA96-413D-9D34-008F6C15CF00} - C:\Windows\mgxfebsq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\iifedeEU

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=1
"DisableRegistrytools"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dde5457-39af-11dc-abf2-001a9261c473}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-03 13:43:58 ----D---- C:\rsit
2008-10-02 23:53:31 ----RSH---- C:\Windows\updater.com
2008-10-02 23:53:24 ----A---- C:\Windows\system32\install_flash_player.exe
2008-09-30 15:28:01 ----D---- C:\ProgramData\is-B3BRR
2008-09-30 15:02:10 ----D---- C:\ProgramData\is-3BVED
2008-09-30 12:48:33 ----D---- C:\ProgramData\is-VQVAO
2008-09-16 18:57:33 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:16:38 ----D---- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-09-15 21:16:12 ----D---- C:\ProgramData\Malwarebytes
2008-09-15 21:16:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 17:42:31 ----D---- C:\ProgramData\PC Tools
2008-09-15 17:36:04 ----D---- C:\Program Files\Common Files\PC Tools
2008-09-14 23:53:09 ----D---- C:\Users\Kevin\AppData\Roaming\PC Tools
2008-09-14 23:53:09 ----D---- C:\Program Files\Spyware Doctor
2008-09-14 20:34:58 ----D---- C:\Program Files\Lavasoft
2008-09-14 20:34:49 ----D---- C:\ProgramData\Lavasoft
2008-09-14 19:26:32 ----A---- C:\Windows\wininit.ini
2008-09-14 19:05:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-14 19:05:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-14 18:52:22 ----D---- C:\Program Files\Trend Micro
2008-09-14 17:22:16 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-12 00:19:13 ----D---- C:\Program Files\CE Remote Tools
2008-09-10 17:35:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 17:35:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 17:26:58 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\cdd.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\vxblock.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxwave.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxmas.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxafs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\px.dll
2008-09-07 18:23:12 ----D---- C:\Users\Kevin\AppData\Roaming\Winamp
2008-09-07 18:23:12 ----D---- C:\Program Files\Winamp
2008-09-07 15:40:24 ----A---- C:\sat79.tmp

======List of files/folders modified in the last 1 months======

2008-10-03 13:44:16 ----D---- C:\Windows\Prefetch
2008-10-03 13:44:09 ----D---- C:\Windows\Temp
2008-10-03 11:38:22 ----AD---- C:\ProgramData\TEMP
2008-10-03 11:08:41 ----D---- C:\Windows\system32\drivers
2008-10-03 02:27:18 ----SHD---- C:\System Volume Information
2008-10-02 23:59:18 ----SD---- C:\Windows\Downloaded Program Files
2008-10-02 23:59:14 ----D---- C:\Windows\inf
2008-10-02 23:59:13 ----D---- C:\Windows\system32\Macromed
2008-10-02 23:53:31 ----D---- C:\Windows
2008-10-02 23:53:24 ----D---- C:\Windows\System32
2008-10-02 19:51:49 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-02 00:38:46 ----D---- C:\Users\Kevin\AppData\Roaming\Hamachi
2008-10-01 03:44:38 ----D---- C:\Downloads
2008-09-30 15:28:01 ----HD---- C:\ProgramData
2008-09-30 12:02:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-28 23:26:00 ----D---- C:\Windows\Debug
2008-09-28 23:15:23 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-28 21:46:05 ----D---- C:\Program Files\Mozilla Firefox
2008-09-22 17:38:16 ----D---- C:\Program Files\PeerGuardian2
2008-09-16 18:48:29 ----D---- C:\Program Files\ASUS
2008-09-16 18:48:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-16 17:39:45 ----D---- C:\Program Files\BitComet
2008-09-15 21:16:11 ----RD---- C:\Program Files
2008-09-15 20:54:57 ----D---- C:\Windows\system32\catroot2
2008-09-15 17:36:04 ----D---- C:\Program Files\Common Files
2008-09-15 01:14:22 ----D---- C:\Windows\system32\Tasks
2008-09-14 21:08:49 ----D---- C:\Program Files\Internet Explorer
2008-09-14 20:37:22 ----SHD---- C:\Windows\Installer
2008-09-14 20:32:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 20:07:03 ----D---- C:\Program Files\iTunes
2008-09-14 19:33:48 ----D---- C:\Users\Kevin\AppData\Roaming\LimeWire
2008-09-14 19:26:46 ----D---- C:\Windows\Tasks
2008-09-14 16:46:42 ----D---- C:\Program Files\LimeWire
2008-09-13 18:29:16 ----A---- C:\Windows\NeroDigital.ini
2008-09-12 18:38:21 ----D---- C:\Windows\winsxs
2008-09-12 18:24:50 ----D---- C:\Windows\AppPatch
2008-09-12 00:23:21 ----D---- C:\ProgramData\Microsoft Help
2008-09-12 00:23:18 ----D---- C:\Windows\Microsoft.NET
2008-09-12 00:19:37 ----RSD---- C:\Windows\assembly
2008-09-12 00:15:39 ----D---- C:\Windows\system32\catroot
2008-09-11 23:38:21 ----D---- C:\Users\Kevin\AppData\Roaming\Canon
2008-09-07 11:55:54 ----A---- C:\ProgramData\BMbf236268.txt
2008-09-07 10:11:24 ----A---- C:\ProgramData\pskt.ini
2008-09-04 23:21:49 ----D---- C:\Windows\rescache
2008-09-04 23:04:33 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080926.001\IDSvix86.sys [2008-09-12 270384]
R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 is-B3BRRdrv;is-B3BRRdrv; C:\Windows\system32\DRIVERS\53722587.sys [2008-07-08 148496]
R1 pctfw2;pctfw2; \??\C:\Windows\System32\drivers\pctfw2.sys [2008-09-15 160792]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-01-16 316928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2007-11-23 25280]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081002.004\NAVENG.SYS [2008-09-17 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081002.004\NAVEX15.SYS [2008-09-17 873552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-05-31 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S3 aflwg5vs;aflwg5vs; C:\Windows\system32\drivers\aflwg5vs.sys []
S3 amldugcw;amldugcw; C:\Windows\system32\drivers\amldugcw.sys []
S3 Bcim;Bandwidth Controller kernel component; C:\Windows\system32\DRIVERS\bcim.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\GatheringRO\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Sandra.sys [2007-08-10 21920]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 stinbus;NEC WMC USB_T1 Composite Device driver (WDM); C:\Windows\system32\DRIVERS\stinbus.sys [2006-03-16 58352]
S3 stinmdfl;NEC WMC USB_T1 Modem Filter; C:\Windows\system32\DRIVERS\stinmdfl.sys [2004-09-29 6000]
S3 stinmdm;NEC WMC USB_T1 Port Drivers; C:\Windows\system32\DRIVERS\stinmdm.sys [2004-09-29 85632]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-18 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 XDva028;XDva028; \??\C:\Windows\system32\XDva028.sys []
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2006-11-02 514560]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-02-17 52352]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-14 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-02-06 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-09-15 337800]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-15 1017224]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-17 1251720]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 AntispywareBotSrv;AntispywareBot Scanning Engine; C:\Program Files\AntispywareBot\AntispywareBot.srv.exe []
S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-03 654848]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe [2007-08-15 1441968]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-04-24 354560]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------


info.txt

info.txt logfile of random's system information tool 1.04 2008-10-03 13:44:41

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AntispywareBot-->MsiExec.exe /X{3E27D124-0F2E-4B14-B720-5D822B5B5DC7}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Audio Record Wizard v3.99-->"C:\Program Files\ARWizard3\unins000.exe"
AudioFileHandler 2.8.1-->"C:\Program Files\AudioFileHandler\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BitComet 1.01-->C:\Program Files\BitComet\uninst.exe
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CanoScan Toolbox Ver4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
Crysis® SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
CUE Splitter-->MsiExec.exe /I{12B60D3B-90B4-4175-BB90-FCE19ACD9B02}
deskPDF 2.5 Professional Edition-->"C:\Program Files\Docudesk\deskPDF\unins000.exe"
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Docudesk GPL Ghostscript 8.15-->"C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVDInfoPro-->"C:\Program Files\DVDInfoPro\uninstall.exe"
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\Windows\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Introduction to Visual Basic 2005-->MsiExec.exe /I{638C1D72-FFAD-4EC3-B1AD-ABA96BB15B0B}
iriver Firmware Updater (remove only)-->"C:\Program Files\iriver\iriver Firmware Updater\uninstall.exe"
iriver LDB Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C086DBAD-BB4B-4D0E-B980-70F469EFBFE4}\Setup.exe" -l0x9
iriver plus 3 (remove only)-->"C:\Program Files\iriver\iriver plus 3\uninstall.exe"
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.1.30182-->"C:\Program Files\Last.fm\unins000.exe"
LimeWire PRO 4.18.5-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MAGIX Music Maker 14 Producer Edition Download version 13.0.2.1 (US)-->C:\Program Files\MAGIX\MusicMaker14PE_Download_version\unwise.exe
MAGIX Screenshare 4.3.6.1987 (US)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MemoryEditorN720_N728-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C29E5CD9-485C-4C75-8D56-83C31E598CF1} /l1033
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
MiniMinder 7.27-->"C:\Program Files\MiniMind\unins000.exe"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Movie Converter (remove only)-->"C:\Program Files\iriver\Movie Converter\uninstall.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NEC WMC USB_T1 Software-->C:\Program Files\NEC\NEC WMC USB_T1\STINUninstall.exe
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 8-->MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
O2Jam R3 5.0-->C:\Program Files\R3 Games\O2Jam R3\Uninstall.exe
OJOsoft MKV Converter-->"C:\Program Files\OJOsoft\uninstall.exe" "/U:C:\Program Files\OJOsoft\OJOsoft MKV Converter\Uninstall\uninstall.xml"
PartyPoker-->"C:\Programs\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programs\PartyGaming\PartyPoker\install.log"
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recordpad-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SiSoftware Sandra Professional Business XII-->"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\unins000.exe"
Soldat 1.4.2-->"C:\Soldat\unins001.exe"
Sound Editor Deluxe v3.9-->"C:\Program Files\Sound Editor Deluxe\unins000.exe"
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Ulead Video ToolBox Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~2\UNWISE.EXE C:\PROGRA~1\VIRTUA~2\INSTALL.LOG
Virtual Earth 3D (Beta)-->MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinMP3Packer-1.0.13-->MsiExec.exe /I{7E90434E-78A5-43BC-9C4D-88429F131D4B}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->C:\Program Files\WordWeb\uninst.exe
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Zortam ID3 Tag Editor 4.00-->"C:\Program Files\Zortam ID3 Tag Editor\unins000.exe"

=====HijackThis Backups=====

O23 - Service: AntispywareBot Scanning Engine (AntispywareBotSrv) - Unknown owner - C:\Program Files\AntispywareBot\AntispywareBot.srv.exe (file missing)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus
AV: Spyware Doctor with AntiVirus
FW: Norton AntiVirus
AS: AntispywareBot
AS: Spyware Doctor (outdated)
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: Norton AntiVirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\

-----------------EOF-----------------


i recently ran kaspersky but it as well hasnt found any problems
i realised that this problem occurs at random times..one day it will reboot at the startup screen forcing me to load "last good known configuration" in order to go into windows, the next day it will work normally etc. but im sure it has 100% success in booting from "last good known configuration"

Edited by blueskyz888, 02 October 2008 - 10:53 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:21 PM

Posted 03 October 2008 - 01:50 AM

Please copy/paste your reply and don't put them in the quote box. Thanks.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire and BitComet). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • I see on your log that PartyPoker is installed on your computer:

    This program is known to be related to adware/spyware. More information here: http://www.bleepingcomputer.com/uninstall/...PartyPoker.html
    To uninstall it:
    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Programs and Features" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    PartyPoker

    Also remove the folder in bold: C:\Program Files\PartyGaming

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to Programs and Features in Control Panel and remove the outdated Spyware Doctor. If you want to keep it should be updated. Let me now if you want to keep it and remove Norton. Otherwise uninstall Spyware Doctor right now.

  • Your log shows that you have too many other security software on your computer. I recommend you to keep MBAM and Spybot S&D and uninstall SUPERantispyware and ad-aware. If you decide to keep them make sure they are not starting with Windows and running. They can be used as on demand scanners, meaning they run when you want to scan your system. Please don't run them unless I request you to do that. When we are done you may run as many scans as you want.

  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Open Windows Defender.
    • Click on Tools, Options.
    • Scroll down the list of options to select "Real-time Protection Options."
    • Uncheck "Use Real-Time Protection (Recommended)".
    • After you uncheck this, click on the Save button and close Windows Defender.
    After all of the fixes are complete you may enable Real-time Protection again.

  • Now we need to make sure to turn off UAC ( UAC = User Account Control )
    • Click Start, and then click Control Panel.
    • In Control Panel, click User Accounts.
    • In the User Accounts window, click User Accounts.
    • In the User Accounts tasks window, click Turn User Account Control on or off.
    • If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
    • Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
    • Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
    NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted.

  • Go to start > Run copy/paste: The following lines one by one in the run box and click OK after each line.

    sc stop AntispywareBotSrv
    sc delete AntispywareBotSrv


  • Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Right click on combofix.exe , select "Run as Administrator" & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

    Tell me also how it went and if you faced any problem doing the steps.
Please copy/paste in your next reply:
  • The Combofix log.
  • The RSIT log.
  • Feedback on how it went.


#5 blueskyz888

blueskyz888
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 03 October 2008 - 04:41 AM

hey here is the comobfix log
ComboFix 08-10-02.04 - Kevin 2008-10-03 19:01:13.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.938 [GMT 10:00]
Running from: C:\Users\Kevin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\firmware.inf
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\head_firmware.inf
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ip3picfile.temp
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ip3Wmapic.temp
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\U20_0x4102_0x1126_N_ENG.ZIP
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\U20CLIX.GIF
C:\Windows\system32\einfopsv10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-03 16:12 . 2008-10-03 16:12 54,156 --ah----- C:\Windows\QTFont.qfn
2008-10-03 16:12 . 2008-10-03 16:12 1,409 --a------ C:\Windows\QTFont.for
2008-10-03 13:43 . 2008-10-03 13:44 <DIR> d-------- C:\rsit
2008-10-02 23:53 . 2008-10-02 23:53 49,152 -r-hs---- C:\Windows\updater.com
2008-10-02 23:53 . 2008-10-02 23:53 49,152 --a------ C:\Windows\System32\install_flash_player.exe
2008-09-30 15:28 . 2008-09-30 15:28 <DIR> d-------- C:\Users\All Users\is-B3BRR
2008-09-30 15:28 . 2008-09-30 15:28 <DIR> d-------- C:\ProgramData\is-B3BRR
2008-09-30 15:27 . 2008-07-08 14:54 148,496 --a------ C:\Windows\System32\drivers\53722587.sys
2008-09-30 15:02 . 2008-09-30 15:02 <DIR> d-------- C:\Users\All Users\is-3BVED
2008-09-30 15:02 . 2008-09-30 15:02 <DIR> d-------- C:\ProgramData\is-3BVED
2008-09-30 12:48 . 2008-09-30 12:48 <DIR> d-------- C:\Users\All Users\is-VQVAO
2008-09-30 12:48 . 2008-09-30 12:48 <DIR> d-------- C:\ProgramData\is-VQVAO
2008-09-30 12:48 . 2008-10-03 19:09 78,456,864 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-09-30 12:48 . 2008-10-03 11:05 742,736 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-09-16 18:48 . 2006-10-19 03:11 12,096 --a------ C:\Windows\System32\drivers\AsInsHelp64.sys
2008-09-16 18:48 . 2006-10-19 03:11 10,304 --a------ C:\Windows\System32\drivers\AsInsHelp32.sys
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 21:16 . 2008-09-10 00:07 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-15 21:16 . 2008-09-10 00:07 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-15 17:42 . 2008-09-15 17:42 <DIR> d-------- C:\Users\All Users\PC Tools
2008-09-15 17:42 . 2008-09-15 17:42 <DIR> d-------- C:\ProgramData\PC Tools
2008-09-14 20:34 . 2008-09-14 20:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-14 20:34 . 2008-09-14 20:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-14 20:23 . 2008-09-14 21:09 <DIR> d-------- C:\Users\Kevin\.housecall6.6
2008-09-14 19:26 . 2008-09-15 18:14 1,111 --a------ C:\Windows\wininit.ini
2008-09-14 19:05 . 2008-09-15 00:33 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-14 19:05 . 2008-09-15 00:33 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-14 19:05 . 2008-09-15 00:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-14 18:52 . 2008-09-14 18:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-14 17:22 . 2008-09-14 17:22 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-09-14 17:22 . 2008-09-14 17:22 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 17:21 . 2008-10-03 18:40 <DIR> d-------- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 17:21 . 2008-10-03 18:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-14 16:34 . 2008-09-14 19:26 <DIR> d-------- C:\Users\Kevin\Incomplete
2008-09-12 00:19 . 2008-09-12 00:19 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-09-10 17:35 . 2008-07-31 11:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 17:35 . 2008-07-31 13:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 17:26 . 2008-06-26 13:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 17:16 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 17:16 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 17:16 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 17:16 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 17:16 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 17:16 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-07 18:23 . 2008-09-07 18:26 <DIR> d-------- C:\Users\Kevin\AppData\Roaming\Winamp
2008-09-07 18:23 . 2008-09-07 18:24 <DIR> d-------- C:\Program Files\Winamp
2008-09-07 18:23 . 2007-03-08 09:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-09-07 15:40 . 2008-09-07 15:40 0 --a------ C:\sat79.tmp
2008-09-07 12:39 . 2007-10-07 17:08 2,728 --a------ C:\Windows\System32\mini_spectrum2.swf
2008-09-03 21:20 . 2008-07-19 15:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-03 21:20 . 2008-07-19 13:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-03 21:20 . 2008-07-19 15:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-03 21:20 . 2008-07-19 13:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-03 21:20 . 2008-07-19 15:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-03 21:20 . 2008-07-19 15:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-03 21:20 . 2008-07-19 15:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-03 21:19 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-03 21:19 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 08:45 --------- d-----w C:\Program Files\LimeWire
2008-10-03 08:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-03 08:36 --------- d---a-w C:\ProgramData\TEMP
2008-10-02 09:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-10-01 14:38 --------- d-----w C:\Users\Kevin\AppData\Roaming\Hamachi
2008-09-28 13:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-22 07:38 --------- d-----w C:\Program Files\PeerGuardian2
2008-09-16 08:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 08:48 --------- d-----w C:\Program Files\ASUS
2008-09-16 07:39 --------- d-----w C:\Program Files\BitComet
2008-09-14 10:07 --------- d-----w C:\Program Files\iTunes
2008-09-14 09:33 --------- d-----w C:\Users\Kevin\AppData\Roaming\LimeWire
2008-09-11 14:23 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 13:38 --------- d-----w C:\Users\Kevin\AppData\Roaming\Canon
2008-09-01 08:08 --------- d-----w C:\Program Files\MiniMind
2008-08-31 13:41 --------- d-----w C:\Program Files\Blaze Media Pro
2008-08-31 13:40 --------- d-----w C:\Program Files\Frets on Fire
2008-08-31 13:40 --------- d-----w C:\Program Files\AVS4YOU
2008-08-29 08:38 575,523 --sha-w C:\Windows\System32\UEedefii.ini2
2008-08-22 12:32 --------- d-----w C:\Users\Kevin\AppData\Roaming\AVS4YOU
2008-08-22 12:32 --------- d-----w C:\ProgramData\AVS4YOU
2008-08-22 12:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-22 11:52 --------- d-----w C:\Program Files\ARWizard3
2008-08-22 11:42 --------- d-----w C:\Program Files\Record Smart 10
2008-08-22 11:36 --------- d-----w C:\Program Files\LitexMedia
2008-08-22 11:32 --------- d-----w C:\Users\Kevin\AppData\Roaming\Download Manager
2008-08-17 09:03 --------- d-----w C:\Users\Kevin\AppData\Roaming\vlc
2008-08-17 09:03 --------- d-----w C:\Users\Kevin\AppData\Roaming\dvdcss
2008-08-16 14:41 --------- d-----w C:\Program Files\Windows Mail
2008-08-16 13:00 --------- d-----w C:\Program Files\Warcraft III
2008-08-14 10:01 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-08-14 09:59 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-14 09:00 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-14 09:00 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-14 08:59 --------- d-----w C:\Program Files\DIFX
2008-08-14 08:58 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-14 08:57 --------- d-----w C:\Program Files\Nokia
2008-08-14 08:56 --------- d-----w C:\ProgramData\Installations
2008-08-14 08:21 --------- d-----w C:\Program Files\NetmarbleJP
2008-08-14 08:10 --------- d-----w C:\Program Files\R3 Games
2008-08-13 07:25 --------- d-----w C:\Users\Kevin\AppData\Roaming\mIRC
2008-08-13 07:02 --------- d-----w C:\Program Files\mIRC
2008-08-08 09:30 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-08 09:30 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-05 01:26 --------- d-----w C:\ProgramData\Symantec
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-28 10:09 174 --sha-w C:\Program Files\desktop.ini
2008-02-03 06:32 22,328 ----a-w C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
2007-08-26 10:54 136 ----a-w C:\Program Files\BMonitor.dll
2008-04-20 04:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-20 04:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-20 04:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-17 09:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 8530464]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 185896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe [2008-09-01 237568]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-03 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=snrfbo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E0E596FB-5981-4007-AB82-5FBC0F131FEE}"= UDP:25084:BitComet 25084 TCP
"{D99C811E-2B67-4599-BE36-621FBF77B62F}"= TCP:25084:BitComet 25084 UDP
"TCP Query User{BFF41C77-178A-4A9D-B33B-7039337A9B3F}C:\\windows.old\\program files\\warcraft iii\\war3.exe"= UDP:C:\windows.old\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{2EE6F00B-E0D5-4818-9CF8-03C0A517C675}C:\\windows.old\\program files\\warcraft iii\\war3.exe"= TCP:C:\windows.old\program files\warcraft iii\war3.exe:Warcraft III
"{7863E017-6117-4A1C-B1C0-14A9B2B7273C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A6FD2731-A4E3-4EF5-A58A-24C225557051}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D64BBE12-9068-4E27-B96D-D183A5F1B9ED}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{82597663-E36D-4959-A7D0-7B5F93941D40}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AB5B4153-9E09-48CC-B0CA-D9638270DEB0}"= UDP:C:\Program Files\Warcraft III\war3.exe:war3
"{790CD284-1799-48DD-9E84-8789D8683F1C}"= TCP:C:\Program Files\Warcraft III\war3.exe:war3
"{0338F26A-EACB-4267-B8BE-D556CAEBAD5A}"= UDP:55365:BitComet 55365 TCP
"{EC57BDD2-53E2-4C15-A0B1-FF3633E58800}"= TCP:55365:BitComet 55365 UDP
"{81AD1C52-D8F1-4975-A0B6-83E29D529EF7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{30F30576-2A9F-4F64-A3DA-B47869555DD4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8799E692-F4E2-4D1C-A300-FDD5B9F84814}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CC751216-6B69-455C-B6EF-97C7F6C4D31C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BC4ECC8-74DD-4E8A-A159-3ED0A74B44E8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6F581071-BE79-4C3E-A1EE-C42F2D5AE00D}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{F1683C0C-6F65-45C8-B657-E77F29896651}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{0269A286-DB6C-4BAC-896A-DF236F09D0EE}"= UDP:19580:BitComet 19580 TCP
"{912703D1-6442-4C8B-BC3A-E26BC31D3822}"= TCP:19580:BitComet 19580 UDP
"TCP Query User{28436F07-2834-4BCA-83B5-9E2AC43470A9}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E754C196-950F-46AE-A5BA-B483B2CE10C1}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"{A04153BD-9593-4A78-9AED-16349F0797D9}"= UDP:55365:BitComet 55365 TCP
"{C60222B3-FE06-4736-B8A9-037963001488}"= TCP:55365:BitComet 55365 UDP
"{FE8C2FD1-2CDC-4F87-BAA2-098A1AA7E42B}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{4559DD79-9E0F-4FDE-98DB-F7E5AC76D704}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{1232DD91-FBCA-4477-9D7E-08980C4BEE62}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{03633BE6-3BB1-4D99-8F52-2DE41839969D}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{3E55FB5C-82EF-4D39-B73F-4089DBA983EA}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{B6AD4F48-20F8-429F-AC12-3440D3B684D1}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{9CC687FE-0193-4AA3-AC86-C29D494C545C}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{FB0540AD-4EAE-4C97-8463-11A395CF6674}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{CD9991B1-D12F-42CE-BCD9-BAC30159FBBF}"= Disabled:UDP:9842:SolidNetworkManager
"{596CF8DD-9B52-4AF0-95FA-886DC25A1E46}"= Disabled:TCP:9842:SolidNetworkManager
"{E35AA88F-3863-4F49-BC69-1311C7E382E0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FD972D26-7ED5-4F4A-B058-67D5BBEFE2CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B707D3B0-1E9A-4AE6-8F94-C784583C4EA9}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{05B6AB64-A94B-402C-8270-428757CA0208}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B2F7D2BE-1439-4FAE-876C-582F0AF5B557}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EFE0B9F5-F42B-48B5-BEE8-9DA47D2F81E3}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{93245A71-64BC-424C-AAB4-BEF8320BCD8C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{83F13174-9335-4F77-8D1C-96C6C853F45F}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{36253208-7F41-4187-A118-CA7CC0812C33}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{94F5C70A-FADB-4C54-A9AE-B57D31604C93}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{186DFAAC-F44B-4651-84E8-531AD451541B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{61262F4A-9191-46AD-941B-91F4E53100D6}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{98BAB439-8E8A-4A0F-A143-928C15C0E1E0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{374291A8-CBAA-4570-ABE6-7789025E0C9B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{2A86BDAA-1813-4CA2-A9AA-77A748AA25CD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D4B134F9-E9D8-4AF3-B3F0-E5A38EAEEF3B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{40B55926-3DAD-4C78-ACAC-B04EF2B8890F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FC9F7C17-4A3E-4AD3-899A-21DAB24B329A}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{B10ECA56-A7AF-4BDE-9CEF-92B8EAC53BB4}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{25B5BDB5-D9A0-4B56-9FBC-EF6030C438E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{08AC98B2-7237-4383-8D41-F71ED02EA851}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{5A666B86-1856-4B03-B700-CD550D0A2CE9}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{3359F9A9-5482-472E-B254-96082F763BE5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{10409CF0-0D6C-4BDC-B9CC-B4A29DDA6C34}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{51E0BDC3-CDB1-43B1-B013-3E60BD29480C}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{CCD5643D-C5D0-42F7-BCA6-4D71B2BFCB95}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{FB4F8309-C977-4DEA-B0BF-83F73D24063E}"= UDP:55366:BitComet 55366 TCP
"{CDC89B54-0EEE-4B07-8588-500858EB070D}"= TCP:55366:BitComet 55366 UDP
"TCP Query User{8E2A74D7-BEE3-4F98-BCBA-1D54949CA351}C:\\users\\kevin\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\kevin\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{AAFBE388-87F0-4609-BADE-F04A035F2946}C:\\users\\kevin\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\kevin\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"{2B1A3F48-CFA4-4236-B814-F1CDAB267B57}"= UDP:55369:BitComet 55369 TCP
"{1D77D47C-7D01-4E30-91A9-A17B6745CDC4}"= TCP:55369:BitComet 55369 UDP
"{46BC4D89-FCCE-4B75-B543-1424022287D2}"= UDP:55555:BitComet 55555 TCP
"{CD1479A7-BA46-413C-BEF2-4DF31A9B552B}"= TCP:55555:BitComet 55555 UDP
"{0872D605-C5A9-4A12-852E-CD4DA229FBEB}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{212C0F5B-BD8D-43E6-8E1E-2465D01CA6E5}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080926.001\IDSvix86.sys [2008-09-12 270384]
R1 is-B3BRRdrv;is-B3BRRdrv;C:\Windows\system32\DRIVERS\53722587.sys [2008-07-08 148496]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 stinbus;NEC WMC USB_T1 Composite Device driver (WDM);C:\Windows\system32\DRIVERS\stinbus.sys [2006-03-16 58352]
S3 stinmdfl;NEC WMC USB_T1 Modem Filter;C:\Windows\system32\DRIVERS\stinmdfl.sys [2004-09-29 6000]
S3 stinmdm;NEC WMC USB_T1 Port Drivers;C:\Windows\system32\DRIVERS\stinmdm.sys [2004-09-29 85632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-04-24 354560]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dde5457-39af-11dc-abf2-001a9261c473}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{28FC7C87-4614-4434-89D7-71E0FD335AA2} - (no file)
SSODL-dtseqrxk-{9FAEF8E1-CD17-45BC-99AF-453D17D1EBDE} - C:\Windows\dtseqrxk.dll
SSODL-mgxfebsq-{9A506FF0-EA96-413D-9D34-008F6C15CF00} - C:\Windows\mgxfebsq.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5blxi4uk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com.au
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 19:14:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-10-03 19:22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 09:22:16

Pre-Run: 5,335,613,440 bytes free
Post-Run: 4,711,411,712 bytes free

347 --- E O F --- 2008-09-26 07:51:17

RSIT log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kevin at 2008-10-03 19:34:28
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 4 GB (3%) free of 131 GB
Total RAM: 2044 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:38 PM, on 3/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kevin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: snrfbo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9754 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Kevin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-19 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"JMB36X IDE Setup"=C:\Windows\JM\JMInsIDE.exe [2006-10-30 36864]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-19 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="snrfbo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dde5457-39af-11dc-abf2-001a9261c473}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 2 months======

2008-10-03 19:22:35 ----D---- C:\Windows\temp
2008-10-03 19:22:30 ----A---- C:\ComboFix.txt
2008-10-03 19:00:14 ----D---- C:\Windows\erdnt
2008-10-03 18:49:29 ----D---- C:\QooBox
2008-10-03 18:49:26 ----A---- C:\Windows\zip.exe
2008-10-03 18:49:26 ----A---- C:\Windows\VFind.exe
2008-10-03 18:49:26 ----A---- C:\Windows\swxcacls.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWSC.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWREG.exe
2008-10-03 18:49:26 ----A---- C:\Windows\sed.exe
2008-10-03 18:49:26 ----A---- C:\Windows\Nircmd.exe
2008-10-03 18:49:26 ----A---- C:\Windows\grep.exe
2008-10-03 18:49:26 ----A---- C:\Windows\fdsv.exe
2008-10-03 18:39:30 ----SHD---- C:\Config.Msi
2008-10-03 13:43:58 ----D---- C:\rsit
2008-10-02 23:53:31 ----RSH---- C:\Windows\updater.com
2008-10-02 23:53:24 ----A---- C:\Windows\system32\install_flash_player.exe
2008-09-30 15:28:01 ----D---- C:\ProgramData\is-B3BRR
2008-09-30 15:02:10 ----D---- C:\ProgramData\is-3BVED
2008-09-30 12:48:33 ----D---- C:\ProgramData\is-VQVAO
2008-09-16 18:57:33 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:16:38 ----D---- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-09-15 21:16:12 ----D---- C:\ProgramData\Malwarebytes
2008-09-15 21:16:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 17:42:31 ----D---- C:\ProgramData\PC Tools
2008-09-14 20:34:49 ----D---- C:\ProgramData\Lavasoft
2008-09-14 19:26:32 ----A---- C:\Windows\wininit.ini
2008-09-14 19:05:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-14 19:05:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-14 18:52:22 ----D---- C:\Program Files\Trend Micro
2008-09-14 17:22:16 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-12 00:19:13 ----D---- C:\Program Files\CE Remote Tools
2008-09-10 17:35:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 17:35:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 17:26:58 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\cdd.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\vxblock.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxwave.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxmas.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxafs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\px.dll
2008-09-07 18:23:12 ----D---- C:\Users\Kevin\AppData\Roaming\Winamp
2008-09-07 18:23:12 ----D---- C:\Program Files\Winamp
2008-09-07 15:40:24 ----A---- C:\sat79.tmp
2008-09-03 21:20:21 ----A---- C:\Windows\system32\wups2.dll
2008-09-03 21:20:21 ----A---- C:\Windows\system32\wucltux.dll
2008-09-03 21:20:21 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-03 21:20:21 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-03 21:20:06 ----A---- C:\Windows\system32\wups.dll
2008-09-03 21:20:06 ----A---- C:\Windows\system32\wudriver.dll
2008-09-03 21:20:06 ----A---- C:\Windows\system32\wuapi.dll
2008-09-03 21:19:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-03 21:19:55 ----A---- C:\Windows\system32\wuapp.exe
2008-09-01 18:08:35 ----D---- C:\Program Files\MiniMind
2008-08-31 16:56:27 ----D---- C:\Program Files\Frets on Fire
2008-08-29 18:31:59 ----A---- C:\ProgramData\pskt.ini
2008-08-29 18:31:59 ----A---- C:\ProgramData\BMbf236268.txt
2008-08-29 18:31:21 ----A---- C:\Windows\system32\b733958a-.txt
2008-08-29 18:27:48 ----ASH---- C:\Windows\system32\UEedefii.ini2
2008-08-29 18:27:48 ----ASH---- C:\Windows\system32\UEedefii.ini
2008-08-22 22:32:33 ----D---- C:\Users\Kevin\AppData\Roaming\AVS4YOU
2008-08-22 22:32:29 ----D---- C:\ProgramData\AVS4YOU
2008-08-22 22:31:38 ----D---- C:\Program Files\Common Files\AVSMedia
2008-08-22 22:31:38 ----D---- C:\Program Files\AVS4YOU
2008-08-22 22:31:38 ----A---- C:\Windows\system32\msxml3a.dll
2008-08-22 21:52:37 ----D---- C:\Program Files\ARWizard3
2008-08-22 21:44:18 ----D---- C:\VideoConvert
2008-08-22 21:40:06 ----D---- C:\Program Files\Record Smart 10
2008-08-22 21:32:55 ----D---- C:\Program Files\LitexMedia
2008-08-22 21:32:48 ----D---- C:\Users\Kevin\AppData\Roaming\Download Manager
2008-08-20 20:41:22 ----D---- C:\Program Files\Blaze Media Pro
2008-08-17 19:03:53 ----D---- C:\Users\Kevin\AppData\Roaming\dvdcss
2008-08-17 00:45:18 ----A---- C:\Windows\system32\tzres.dll
2008-08-16 14:22:41 ----A---- C:\Windows\system32\mshtml.dll
2008-08-16 14:22:40 ----A---- C:\Windows\system32\ieframe.dll
2008-08-16 14:22:39 ----A---- C:\Windows\system32\wininet.dll
2008-08-16 14:22:39 ----A---- C:\Windows\system32\urlmon.dll
2008-08-16 14:22:38 ----A---- C:\Windows\system32\mstime.dll
2008-08-16 14:22:35 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-16 14:12:02 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-16 14:06:59 ----A---- C:\Windows\system32\es.dll
2008-08-16 13:48:20 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-14 19:00:42 ----D---- C:\Program Files\Common Files\PCSuite
2008-08-14 19:00:42 ----D---- C:\Program Files\Common Files\Nokia
2008-08-14 18:59:06 ----D---- C:\Program Files\DIFX
2008-08-14 18:58:46 ----D---- C:\Program Files\PC Connectivity Solution
2008-08-14 18:21:05 ----D---- C:\Program Files\NetmarbleJP
2008-08-14 18:10:08 ----D---- C:\Program Files\R3 Games
2008-08-14 17:30:02 ----A---- C:\Windows\option.ini
2008-08-07 17:55:46 ----A---- C:\Windows\musiceditor.INI

======List of files/folders modified in the last 2 months======

2008-10-03 19:22:48 ----D---- C:\Windows\System32
2008-10-03 19:22:46 ----D---- C:\Windows\system32\drivers
2008-10-03 19:22:35 ----D---- C:\Windows
2008-10-03 19:13:57 ----A---- C:\Windows\system.ini
2008-10-03 19:12:56 ----RD---- C:\Program Files
2008-10-03 19:12:56 ----D---- C:\Program Files\Common Files
2008-10-03 19:08:46 ----D---- C:\Windows\system32\config
2008-10-03 19:04:40 ----D---- C:\Windows\AppPatch
2008-10-03 19:00:05 ----SHD---- C:\System Volume Information
2008-10-03 18:45:49 ----D---- C:\Program Files\LimeWire
2008-10-03 18:44:27 ----SHD---- C:\Windows\Installer
2008-10-03 18:44:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-03 18:36:43 ----D---- C:\Windows\Prefetch
2008-10-03 18:36:39 ----AD---- C:\ProgramData\TEMP
2008-10-03 16:09:34 ----D---- C:\Downloads
2008-10-02 23:59:18 ----SD---- C:\Windows\Downloaded Program Files
2008-10-02 23:59:14 ----D---- C:\Windows\inf
2008-10-02 23:59:13 ----D---- C:\Windows\system32\Macromed
2008-10-02 19:51:49 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-02 00:38:46 ----D---- C:\Users\Kevin\AppData\Roaming\Hamachi
2008-09-30 15:28:01 ----HD---- C:\ProgramData
2008-09-30 12:02:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-28 23:26:00 ----D---- C:\Windows\Debug
2008-09-28 23:15:23 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-28 21:46:05 ----D---- C:\Program Files\Mozilla Firefox
2008-09-22 17:38:16 ----D---- C:\Program Files\PeerGuardian2
2008-09-16 18:48:29 ----D---- C:\Program Files\ASUS
2008-09-16 18:48:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-16 17:39:45 ----D---- C:\Program Files\BitComet
2008-09-15 20:54:57 ----D---- C:\Windows\system32\catroot2
2008-09-15 01:14:22 ----D---- C:\Windows\system32\Tasks
2008-09-14 21:08:49 ----D---- C:\Program Files\Internet Explorer
2008-09-14 20:07:03 ----D---- C:\Program Files\iTunes
2008-09-14 19:33:48 ----D---- C:\Users\Kevin\AppData\Roaming\LimeWire
2008-09-14 19:26:46 ----D---- C:\Windows\Tasks
2008-09-13 18:29:16 ----A---- C:\Windows\NeroDigital.ini
2008-09-12 18:38:21 ----D---- C:\Windows\winsxs
2008-09-12 00:23:21 ----D---- C:\ProgramData\Microsoft Help
2008-09-12 00:23:18 ----D---- C:\Windows\Microsoft.NET
2008-09-12 00:19:37 ----RSD---- C:\Windows\assembly
2008-09-12 00:15:39 ----D---- C:\Windows\system32\catroot
2008-09-11 23:38:21 ----D---- C:\Users\Kevin\AppData\Roaming\Canon
2008-09-04 23:21:49 ----D---- C:\Windows\rescache
2008-09-04 23:04:33 ----D---- C:\Windows\system32\en-US
2008-09-03 21:21:27 ----D---- C:\Windows\PolicyDefinitions
2008-09-01 18:08:35 ----RSD---- C:\Windows\Fonts
2008-08-29 22:01:59 ----D---- C:\Windows\system32\Adobe
2008-08-27 06:28:12 ----A---- C:\Windows\system32\mrt.exe
2008-08-26 00:06:59 ----SHD---- C:\Boot
2008-08-22 21:30:31 ----SD---- C:\Users\Kevin\AppData\Roaming\Microsoft
2008-08-21 00:14:20 ----SD---- C:\ProgramData\Microsoft
2008-08-17 19:03:57 ----D---- C:\Users\Kevin\AppData\Roaming\vlc
2008-08-17 17:22:47 ----D---- C:\Soldat
2008-08-17 17:10:17 ----D---- C:\Windows\system32\migration
2008-08-17 00:41:22 ----D---- C:\Program Files\Windows Mail
2008-08-16 23:00:41 ----D---- C:\Program Files\Warcraft III
2008-08-14 18:59:03 ----DC---- C:\Windows\system32\DRVSTORE
2008-08-14 18:57:41 ----D---- C:\Program Files\Nokia
2008-08-14 18:56:22 ----D---- C:\ProgramData\Installations
2008-08-13 17:25:34 ----D---- C:\Users\Kevin\AppData\Roaming\mIRC
2008-08-13 17:02:58 ----D---- C:\Program Files\mIRC
2008-08-11 23:03:40 ----A---- C:\Windows\CSTBox.INI
2008-08-08 19:30:19 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-08-07 17:45:30 ----A---- C:\Windows\Robota.INI
2008-08-07 17:44:51 ----D---- C:\Windows\system32\MAGIX
2008-08-07 17:44:51 ----A---- C:\Windows\mgxoschk.ini
2008-08-07 17:09:01 ----D---- C:\Windows\ModemLogs
2008-08-05 11:26:02 ----D---- C:\ProgramData\Symantec

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080926.001\IDSvix86.sys [2008-09-12 270384]
R1 is-B3BRRdrv;is-B3BRRdrv; C:\Windows\system32\DRIVERS\53722587.sys [2008-07-08 148496]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-01-16 316928]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2007-11-23 25280]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081002.004\NAVENG.SYS [2008-09-17 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081002.004\NAVEX15.SYS [2008-09-17 873552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-05-31 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 a3m9ng6b;a3m9ng6b; C:\Windows\system32\drivers\a3m9ng6b.sys []
S3 ai8zlyuq;ai8zlyuq; C:\Windows\system32\drivers\ai8zlyuq.sys []
S3 Bcim;Bandwidth Controller kernel component; C:\Windows\system32\DRIVERS\bcim.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\GatheringRO\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Sandra.sys [2007-08-10 21920]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 stinbus;NEC WMC USB_T1 Composite Device driver (WDM); C:\Windows\system32\DRIVERS\stinbus.sys [2006-03-16 58352]
S3 stinmdfl;NEC WMC USB_T1 Modem Filter; C:\Windows\system32\DRIVERS\stinmdfl.sys [2004-09-29 6000]
S3 stinmdm;NEC WMC USB_T1 Port Drivers; C:\Windows\system32\DRIVERS\stinmdm.sys [2004-09-29 85632]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-18 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 XDva028;XDva028; \??\C:\Windows\system32\XDva028.sys []
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2006-11-02 514560]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-02-17 52352]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-02-06 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-17 1251720]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-03 654848]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe [2007-08-15 1441968]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-04-24 354560]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------

when the combofix was in the process of rebooting, i wasnt there to see it but when i was back at the startup which meant my computer did not reboot at startup. That should be a good sign right?
should i reboot the computer to see if it still auto-reboots at start up?

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:21 PM

Posted 03 October 2008 - 09:52 AM

when the combofix was in the process of rebooting, i wasnt there to see it but when i was back at the startup which meant my computer did not reboot at startup. That should be a good sign right?
should i reboot the computer to see if it still auto-reboots at start up?


If you carried out the instruction when you get a BSOD it will not reboot any more. Instead it stops on the error message until you reboot the computer mechanically. So the computer rebooted without problem and that is definitely a good sign.

You need not to reboot if it is not needed in the course of disinfection. There is still some work to be done. Lets finish the job first.
  • We are going to repair broken file associations.
    • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • The faulty file associations will appear in red beside a checkbox. Just place a checkmark (tick) in the boxes in question.
    • Click the Fix button.
  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows

    Please click this link--> virustotal

    Click the browse button and navigate to the files listed below in bold, then click Send File. You will only be able to have one file scanned at a time. If the file is analyzed before click Reanalyse File Now button.

    C:\sat79.tmp
    C:\Windows\System32\drivers\53722587.sys
    C:\ProgramData\pskt.ini
    C:\Windows\system32\UEedefii.ini

    Please post back the results of the scan in your next post.

  • Please read the note first. Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/171952/help-constant-rebooting-at-startup-hijackthismbam-logs/?p=964009
    
    Folder::
    C:\Program Files\AntispywareBot
    
    Collect::[4]
    C:\Windows\updater.com
    C:\snrfbo.dll
    C:\Windows\snrfbo.dll
    C:\Windows\system32\snrfbo.dll
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    Dirlook::
    C:\ProgramData\is-VQVAO
    C:\Users\All Users\is-B3BRR

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • Download FileFind.zip and unzip to your desktop.
    • Double-click FindFile.exe
    • In the box labeled "Enter the directory to search" enter the Drive: C:\
    • In the box labeled "Enter the File to Search" enter:
      snrfbo.dll
    • Click "Find" to begin the search.
    • When the search is done, it will list the total number of files found.
    • Double-click on "Export"
    • This will create and save a text file named export.txt in the root of your C:\ directory.
    • Locate export.txt and copy/paste its contents in your next post.
  • Please right click HiJackThis, select "Run as administrator". Then choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):


    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Please copy and paste a fresh Hijackthis log to your reply.
Tell me also how it went and if you faced any problem doing the steps.

Please copy/paste in your next reply:
  • The Combofix log.
  • Hijackthis log.
  • Feedback on how it went.


#7 blueskyz888

blueskyz888
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 03 October 2008 - 01:24 PM

step 2

C:\sat79.tmp
0 bytes size received / Se ha recibido un archivo vacio

C:\Windows\System32\drivers\53722587.sys

File 53722587.sys received on 10.03.2008 18:37:39 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.02 -
Authentium 5.1.0.4 2008.10.03 -
Avast 4.8.1248.0 2008.10.03 -
AVG 8.0.0.161 2008.10.03 -
BitDefender 7.2 2008.10.03 -
CAT-QuickHeal 9.50 2008.10.03 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.03 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6127 2008.10.03 -
Ewido 4.0 2008.10.03 -
F-Prot 4.4.4.56 2008.10.03 -
F-Secure 8.0.14332.0 2008.10.03 -
Fortinet 3.113.0.0 2008.10.03 -
GData 19 2008.10.03 -
Ikarus T3.1.1.34.0 2008.10.03 -
K7AntiVirus 7.10.483 2008.10.03 -
Kaspersky 7.0.0.125 2008.10.03 -
McAfee 5397 2008.10.02 -
Microsoft 1.4005 2008.10.03 -
NOD32 3493 2008.10.03 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.03 -
PCTools 4.4.2.0 2008.10.03 -
Prevx1 V2 2008.10.03 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.03 -
Sophos 4.34.0 2008.10.03 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.03 -
TheHacker 6.3.1.0.099 2008.10.03 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.3.1405 2008.10.03 -
VirusBuster 4.5.11.0 2008.10.03 -

Additional information
File size: 148496 bytes
MD5...: 0aa3ad071827118fcc8f37f7a6ab7aa1
SHA1..: 59784c49ffe530931010070c8843366f9d7fa6f0
SHA256: 3e893bcf9e3ec8fa44c8ef0cf7c2d269212651d65c16b30bd953cc3a54f3b2aa
SHA512: b56442c4271033f9547727ac097fc903f0bd51c062f415726aeee3e6abde24e1<BR>ec127cb548086d5429ff4dc4e78c322b2594bb4f29f817338299f6c9c23bbc25
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x33010<BR>timedatestamp.....: 0x4873470a (Tue Jul 08 10:52:58 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1a848 0x1aa00 6.38 ca8bbffb8c1aac75560de3ffede16f38<BR>NONPAGED 0x1c000 0x25 0x200 0.30 76fbfaa1c4997eccce3ca016c3b1345b<BR>.rdata 0x1d000 0x850 0xa00 4.25 6ffc26ac817e2ae1a1cf5ce42adc9f0b<BR>.data 0x1e000 0x1b00 0x600 6.42 2680643c152bf562cae4ab5d1ed2070c<BR>PAGE 0x20000 0x2cdc 0x2e00 6.28 7516763c152ec5b6c5df87c555fadbb5<BR>INIT 0x23000 0x1b88 0x1c00 5.96 4459dca4b85a564cb98f26cfbff36fbe<BR>.rsrc 0x25000 0x400 0x400 3.36 09f200edb8e02e6fa4ab2f6bc27ad921<BR>.reloc 0x26000 0x1b6e 0x1c00 6.47 5d73a4e2a3be56c2448dbd9511deefa3<BR><BR>( 3 imports ) <BR>&gt; ntoskrnl.exe: IoAllocateWorkItem, RtlDeleteElementGenericTableAvl, RtlGetElementGenericTableAvl, FsRtlIsNameInExpression, RtlInsertElementGenericTableAvl, InitSafeBootMode, InterlockedPopEntrySList, InterlockedPushEntrySList, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, SeTokenType, SeCreateClientSecurity, SeImpersonateClientEx, IoVerifyVolume, IoDeviceObjectType, IoBuildSynchronousFsdRequest, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, MmIsAddressValid, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, IoRegisterShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, RtlAppendUnicodeToString, KeDelayExecutionThread, KeQuerySystemTime, strncmp, IoGetCurrentProcess, ExGetPreviousMode, SeReleaseSubjectContext, IoQueueWorkItem, SeCaptureSubjectContext, PsDereferenceImpersonationToken, RtlCopySid, RtlLengthSid, SeQueryInformationToken, PsReferencePrimaryToken, PsReferenceImpersonationToken, PsIsThreadTerminating, IoThreadToProcess, RtlInitializeGenericTableAvl, READ_REGISTER_UCHAR, ProbeForRead, RtlLookupElementGenericTableAvl, ObQueryNameString, CmUnRegisterCallback, MmUserProbeAddress, CmRegisterCallback, ZwEnumerateValueKey, ZwDeleteValueKey, ZwQueryKey, wcsrchr, NtBuildNumber, KeClearEvent, ExInitializePagedLookasideList, ExDeletePagedLookasideList, PsLookupProcessByProcessId, RtlCopyUnicodeString, RtlNumberGenericTableElementsAvl, RtlEnumerateGenericTableAvl, PsSetLoadImageNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, PsRemoveCreateThreadNotifyRoutine, PsRemoveLoadImageNotifyRoutine, IoFreeWorkItem, IofCompleteRequest, IoWMIRegistrationControl, MmGetSystemRoutineAddress, RtlCompareMemory, IoWMIWriteEvent, ZwQueryInformationProcess, KeStackAttachProcess, _wcsicmp, KeUnstackDetachProcess, ZwOpenKey, ZwEnumerateKey, RtlUnicodeStringToInteger, ZwQueryValueKey, ZwCreateKey, RtlIntegerToUnicodeString, ZwSetValueKey, RtlAppendUnicodeStringToString, ZwDeleteKey, DbgBreakPoint, ZwCreateFile, IoGetRelatedDeviceObject, _vsnwprintf, KeQueryInterruptTime, strncpy, RtlInitUnicodeString, RtlCompareUnicodeString, IoFileObjectType, ObReferenceObjectByPointer, _allmul, KeWaitForMultipleObjects, KeSetEvent, ExDeleteResourceLite, ExInitializeResourceLite, memcpy, _except_handler3, ZwOpenProcess, ZwTerminateProcess, PsCreateSystemThread, ObReferenceObjectByHandle, ZwClose, PsTerminateSystemThread, ObfDereferenceObject, KeGetCurrentThread, PsGetCurrentProcessId, PsGetCurrentThreadId, RtlUpcaseUnicodeChar, RtlUpperChar, memset, ExAllocatePoolWithTag, KeInitializeEvent, IoBuildDeviceIoControlRequest, IofCallDriver, KeWaitForSingleObject, SeQueryAuthenticationIdToken, ExFreePoolWithTag<BR>&gt; HAL.dll: KfReleaseSpinLock, KeGetCurrentIrql, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock<BR>&gt; FLTMGR.SYS: FltQueryInformationFile, FltGetRoutineAddress, FltIsDirectory, FltGetFileNameInformation, FltParseFileNameInformation, FltAllocateCallbackData, FltPerformSynchronousIo, FltFreeCallbackData, FltReferenceFileNameInformation, FltReleaseFileNameInformation, FltGetStreamHandleContext, FltGetStreamContext, FltEnumerateVolumeInformation, FltRegisterFilter, FltStartFiltering, FltSetCallbackDataDirty, FltGetDestinationFileNameInformation, FltSetStreamHandleContext, FltCancelFileOpen, FltSetStreamContext, FltReleaseContext, FltGetVolumeProperties, FltAllocateContext, FltQueryVolumeInformation, FltGetVolumeName, FltSetInstanceContext, FltSetVolumeContext, FltUnregisterFilter, FltFsControlFile, FltGetVolumeFromFileObject, FltGetVolumeContext, FltGetInstanceContext, FltCreateFile, FltClose, FltFlushBuffers, FltSetInformationFile, FltWriteFile, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltObjectReference, FltAllocatePoolAlignedWithTag, FltReadFile, FltFreePoolAlignedWithTag, FltObjectDereference, FltSendMessage, FltCloseClientPort, FltCloseCommunicationPort, FltReleaseResource, FltAcquireResourceShared, FltAcquireResourceExclusive, FltGetFileNameInformationUnsafe<BR><BR>( 0 exports ) <BR>


C:\ProgramData\pskt.ini

File pskt.ini received on 10.03.2008 18:41:42 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.02 -
Authentium 5.1.0.4 2008.10.03 -
Avast 4.8.1248.0 2008.10.03 -
AVG 8.0.0.161 2008.10.03 -
BitDefender 7.2 2008.10.03 -
CAT-QuickHeal 9.50 2008.10.03 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.03 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6127 2008.10.03 -
Ewido 4.0 2008.10.03 -
F-Prot 4.4.4.56 2008.10.03 -
F-Secure 8.0.14332.0 2008.10.03 -
Fortinet 3.113.0.0 2008.10.03 -
GData 19 2008.10.03 -
Ikarus T3.1.1.34.0 2008.10.03 -
K7AntiVirus 7.10.483 2008.10.03 -
Kaspersky 7.0.0.125 2008.10.03 -
McAfee 5397 2008.10.02 -
Microsoft 1.4005 2008.10.03 -
NOD32 3493 2008.10.03 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.03 -
PCTools 4.4.2.0 2008.10.03 -
Prevx1 V2 2008.10.03 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.03 -
Sophos 4.34.0 2008.10.03 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.03 -
TheHacker 6.3.1.0.099 2008.10.03 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.3.1405 2008.10.03 -
VirusBuster 4.5.11.0 2008.10.03 -

Additional information
File size: 22 bytes
MD5...: 1f26c082ccf35011fc4d2a886b975a52
SHA1..: 949d4af318fd4ac54131ea51320aaa80d6164534
SHA256: 81857ad129b201a4354816b50f68e7d98655ac1bf3aa4b28447f640e4ffb2a2c
SHA512: 83bfb9d54862f04cce3a2a94fb7d2011bcbb388c0629f8e0338d4692dadf0c77<BR>138cd7d4b6b786e466229d6a64921963c3638ba1368383eee00204e6f67fa9f9
PEiD..: -
TrID..: File type identification<BR>Generic INI configuration (100.0%)
PEInfo: -

C:\Windows\system32\UEedefii.ini

File UEedefii.ini received on 10.03.2008 18:46:30 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.02 -
Authentium 5.1.0.4 2008.10.03 -
Avast 4.8.1248.0 2008.10.03 -
AVG 8.0.0.161 2008.10.03 -
BitDefender 7.2 2008.10.03 -
CAT-QuickHeal 9.50 2008.10.03 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.03 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6127 2008.10.03 -
Ewido 4.0 2008.10.03 -
F-Prot 4.4.4.56 2008.10.03 -
F-Secure 8.0.14332.0 2008.10.03 -
Fortinet 3.113.0.0 2008.10.03 -
GData 19 2008.10.03 -
Ikarus T3.1.1.34.0 2008.10.03 -
K7AntiVirus 7.10.483 2008.10.03 -
Kaspersky 7.0.0.125 2008.10.03 -
McAfee 5397 2008.10.02 -
Microsoft 1.4005 2008.10.03 -
NOD32 3493 2008.10.03 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.03 -
PCTools 4.4.2.0 2008.10.03 -
Prevx1 V2 2008.10.03 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.03 -
Sophos 4.34.0 2008.10.03 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.03 -
TheHacker 6.3.1.0.099 2008.10.03 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.3.1405 2008.10.03 -
VirusBuster 4.5.11.0 2008.10.03 -

Additional information
File size: 589190 bytes
MD5...: b4b1ebd6674ea2711c59caf5bcae9644
SHA1..: b536cd28b2a3dc9503db8f23584b955affcdc943
SHA256: 361605cc181736d9148ff257802cd25a664e0cbcffaeffdaa1f3a6a90cab369e
SHA512: fd4801fe3f5fecbc4986ff9c1c84b1014f15503e4b0f8071f562e730e09800e9<BR>562e960758a4ccfd5bdcd1af5b1cf586033606dd3ef73a7e03103b43c08d410f
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

step 3 - combo fix log
ComboFix 08-10-02.04 - Kevin 2008-10-04 2:55:18.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1043 [GMT 10:00]
Running from: C:\Users\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kevin\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
hxxp://78.157.142.26
.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-04 02:07 . 2008-10-04 02:07 347 --ahs---- C:\Windows\System32\LUxwFfhk.ini2
2008-10-04 02:07 . 2008-10-04 02:07 347 --ahs---- C:\Windows\System32\LUxwFfhk.ini
2008-10-03 16:12 . 2008-10-03 16:12 54,156 --ah----- C:\Windows\QTFont.qfn
2008-10-03 16:12 . 2008-10-03 16:12 1,409 --a------ C:\Windows\QTFont.for
2008-10-03 13:43 . 2008-10-03 13:44 <DIR> d-------- C:\rsit
2008-09-30 15:28 . 2008-09-30 15:28 <DIR> d-------- C:\Users\All Users\is-B3BRR
2008-09-30 15:28 . 2008-09-30 15:28 <DIR> d-------- C:\ProgramData\is-B3BRR
2008-09-30 15:27 . 2008-07-08 14:54 148,496 --a------ C:\Windows\System32\drivers\53722587.sys
2008-09-30 15:02 . 2008-09-30 15:02 <DIR> d-------- C:\Users\All Users\is-3BVED
2008-09-30 15:02 . 2008-09-30 15:02 <DIR> d-------- C:\ProgramData\is-3BVED
2008-09-30 12:48 . 2008-09-30 12:48 <DIR> d-------- C:\Users\All Users\is-VQVAO
2008-09-30 12:48 . 2008-09-30 12:48 <DIR> d-------- C:\ProgramData\is-VQVAO
2008-09-30 12:48 . 2008-10-04 02:11 78,456,864 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-09-30 12:48 . 2008-10-04 02:11 804,176 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-09-16 18:48 . 2006-10-19 03:11 12,096 --a------ C:\Windows\System32\drivers\AsInsHelp64.sys
2008-09-16 18:48 . 2006-10-19 03:11 10,304 --a------ C:\Windows\System32\drivers\AsInsHelp32.sys
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-15 21:16 . 2008-09-15 21:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 21:16 . 2008-09-10 00:07 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-15 21:16 . 2008-09-10 00:07 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-15 17:42 . 2008-09-15 17:42 <DIR> d-------- C:\Users\All Users\PC Tools
2008-09-15 17:42 . 2008-09-15 17:42 <DIR> d-------- C:\ProgramData\PC Tools
2008-09-14 20:34 . 2008-09-14 20:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-14 20:34 . 2008-09-14 20:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-14 20:23 . 2008-09-14 21:09 <DIR> d-------- C:\Users\Kevin\.housecall6.6
2008-09-14 19:26 . 2008-09-15 18:14 1,111 --a------ C:\Windows\wininit.ini
2008-09-14 19:05 . 2008-09-15 00:33 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-14 19:05 . 2008-09-15 00:33 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-14 19:05 . 2008-09-15 00:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-14 18:52 . 2008-09-14 18:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-14 17:22 . 2008-09-14 17:22 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-09-14 17:22 . 2008-09-14 17:22 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 17:21 . 2008-10-03 18:40 <DIR> d-------- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 17:21 . 2008-10-03 18:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-14 16:34 . 2008-09-14 19:26 <DIR> d-------- C:\Users\Kevin\Incomplete
2008-09-12 00:19 . 2008-09-12 00:19 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-09-10 17:35 . 2008-07-31 11:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 17:35 . 2008-07-31 13:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 17:26 . 2008-06-26 13:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 17:16 . 2008-08-02 11:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 17:16 . 2008-06-26 13:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 17:16 . 2008-05-09 05:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 17:16 . 2008-05-20 12:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 17:16 . 2008-06-26 13:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 17:16 . 2008-08-02 13:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-07 18:23 . 2008-09-07 18:26 <DIR> d-------- C:\Users\Kevin\AppData\Roaming\Winamp
2008-09-07 18:23 . 2008-09-07 18:24 <DIR> d-------- C:\Program Files\Winamp
2008-09-07 18:23 . 2007-03-08 09:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-09-07 15:40 . 2008-09-07 15:40 0 --a------ C:\sat79.tmp
2008-09-07 12:39 . 2007-10-07 17:08 2,728 --a------ C:\Windows\System32\mini_spectrum2.swf
2008-09-03 21:20 . 2008-07-19 15:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-03 21:20 . 2008-07-19 13:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-03 21:20 . 2008-07-19 15:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-03 21:20 . 2008-07-19 13:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-03 21:20 . 2008-07-19 15:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-03 21:20 . 2008-07-19 15:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-03 21:20 . 2008-07-19 15:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-03 21:19 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-03 21:19 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 15:56 --------- d-----w C:\Users\Kevin\AppData\Roaming\Hamachi
2008-10-03 08:45 --------- d-----w C:\Program Files\LimeWire
2008-10-03 08:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-03 08:36 --------- d---a-w C:\ProgramData\TEMP
2008-10-02 09:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-28 13:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-22 07:38 --------- d-----w C:\Program Files\PeerGuardian2
2008-09-16 08:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 08:48 --------- d-----w C:\Program Files\ASUS
2008-09-16 07:39 --------- d-----w C:\Program Files\BitComet
2008-09-14 10:07 --------- d-----w C:\Program Files\iTunes
2008-09-14 09:33 --------- d-----w C:\Users\Kevin\AppData\Roaming\LimeWire
2008-09-11 14:23 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 13:38 --------- d-----w C:\Users\Kevin\AppData\Roaming\Canon
2008-09-01 08:08 --------- d-----w C:\Program Files\MiniMind
2008-08-31 13:41 --------- d-----w C:\Program Files\Blaze Media Pro
2008-08-31 13:40 --------- d-----w C:\Program Files\Frets on Fire
2008-08-31 13:40 --------- d-----w C:\Program Files\AVS4YOU
2008-08-22 12:32 --------- d-----w C:\Users\Kevin\AppData\Roaming\AVS4YOU
2008-08-22 12:32 --------- d-----w C:\ProgramData\AVS4YOU
2008-08-22 12:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-22 11:52 --------- d-----w C:\Program Files\ARWizard3
2008-08-22 11:42 --------- d-----w C:\Program Files\Record Smart 10
2008-08-22 11:36 --------- d-----w C:\Program Files\LitexMedia
2008-08-22 11:32 --------- d-----w C:\Users\Kevin\AppData\Roaming\Download Manager
2008-08-17 09:03 --------- d-----w C:\Users\Kevin\AppData\Roaming\vlc
2008-08-17 09:03 --------- d-----w C:\Users\Kevin\AppData\Roaming\dvdcss
2008-08-16 14:41 --------- d-----w C:\Program Files\Windows Mail
2008-08-16 13:00 --------- d-----w C:\Program Files\Warcraft III
2008-08-14 10:01 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-08-14 09:59 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-14 09:00 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-14 09:00 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-14 08:59 --------- d-----w C:\Program Files\DIFX
2008-08-14 08:58 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-14 08:57 --------- d-----w C:\Program Files\Nokia
2008-08-14 08:56 --------- d-----w C:\ProgramData\Installations
2008-08-14 08:21 --------- d-----w C:\Program Files\NetmarbleJP
2008-08-14 08:10 --------- d-----w C:\Program Files\R3 Games
2008-08-13 07:25 --------- d-----w C:\Users\Kevin\AppData\Roaming\mIRC
2008-08-13 07:02 --------- d-----w C:\Program Files\mIRC
2008-08-08 09:30 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-05 01:26 --------- d-----w C:\ProgramData\Symantec
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-28 10:09 174 --sha-w C:\Program Files\desktop.ini
2008-02-03 06:32 22,328 ----a-w C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
2007-08-26 10:54 136 ----a-w C:\Program Files\BMonitor.dll
2008-04-20 04:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-20 04:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-20 04:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-17 09:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ProgramData\is-VQVAO ----

2008-09-30 12:48 64011 --ah----- C:\ProgramData\is-VQVAO\~PRObjects#f2.dat
2008-09-30 12:48 152011 --ah----- C:\ProgramData\is-VQVAO\~PRCustomProps#f2.dat

---- Directory of C:\Users\All Users\is-B3BRR ----

2008-09-30 15:28 64011 --ah----- C:\Users\All Users\is-B3BRR\~PRObjects#f2.dat
2008-09-30 15:28 152011 --ah----- C:\Users\All Users\is-B3BRR\~PRCustomProps#f2.dat


((((((((((((((((((((((((((((( snapshot@2008-10-03_19.20.24.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-03 09:13:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-03 17:48:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-03 17:48:28 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-03 09:13:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-03 17:48:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-03 17:48:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-03 09:09:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-03 17:38:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-03 09:09:03 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-03 17:38:03 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-03 09:09:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-03 17:38:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-03 01:10:34 13,212 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1824503714-143400310-745225825-1000_UserData.bin
+ 2008-10-03 16:14:46 13,340 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1824503714-143400310-745225825-1000_UserData.bin
- 2008-10-03 01:10:34 123,756 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-03 16:14:45 124,160 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 8530464]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 185896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe [2008-09-01 237568]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-03 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E0E596FB-5981-4007-AB82-5FBC0F131FEE}"= UDP:25084:BitComet 25084 TCP
"{D99C811E-2B67-4599-BE36-621FBF77B62F}"= TCP:25084:BitComet 25084 UDP
"TCP Query User{BFF41C77-178A-4A9D-B33B-7039337A9B3F}C:\\windows.old\\program files\\warcraft iii\\war3.exe"= UDP:C:\windows.old\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{2EE6F00B-E0D5-4818-9CF8-03C0A517C675}C:\\windows.old\\program files\\warcraft iii\\war3.exe"= TCP:C:\windows.old\program files\warcraft iii\war3.exe:Warcraft III
"{7863E017-6117-4A1C-B1C0-14A9B2B7273C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A6FD2731-A4E3-4EF5-A58A-24C225557051}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D64BBE12-9068-4E27-B96D-D183A5F1B9ED}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{82597663-E36D-4959-A7D0-7B5F93941D40}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AB5B4153-9E09-48CC-B0CA-D9638270DEB0}"= UDP:C:\Program Files\Warcraft III\war3.exe:war3
"{790CD284-1799-48DD-9E84-8789D8683F1C}"= TCP:C:\Program Files\Warcraft III\war3.exe:war3
"{0338F26A-EACB-4267-B8BE-D556CAEBAD5A}"= UDP:55365:BitComet 55365 TCP
"{EC57BDD2-53E2-4C15-A0B1-FF3633E58800}"= TCP:55365:BitComet 55365 UDP
"{81AD1C52-D8F1-4975-A0B6-83E29D529EF7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{30F30576-2A9F-4F64-A3DA-B47869555DD4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8799E692-F4E2-4D1C-A300-FDD5B9F84814}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CC751216-6B69-455C-B6EF-97C7F6C4D31C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BC4ECC8-74DD-4E8A-A159-3ED0A74B44E8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6F581071-BE79-4C3E-A1EE-C42F2D5AE00D}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{F1683C0C-6F65-45C8-B657-E77F29896651}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{0269A286-DB6C-4BAC-896A-DF236F09D0EE}"= UDP:19580:BitComet 19580 TCP
"{912703D1-6442-4C8B-BC3A-E26BC31D3822}"= TCP:19580:BitComet 19580 UDP
"TCP Query User{28436F07-2834-4BCA-83B5-9E2AC43470A9}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E754C196-950F-46AE-A5BA-B483B2CE10C1}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"{A04153BD-9593-4A78-9AED-16349F0797D9}"= UDP:55365:BitComet 55365 TCP
"{C60222B3-FE06-4736-B8A9-037963001488}"= TCP:55365:BitComet 55365 UDP
"{FE8C2FD1-2CDC-4F87-BAA2-098A1AA7E42B}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{4559DD79-9E0F-4FDE-98DB-F7E5AC76D704}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{1232DD91-FBCA-4477-9D7E-08980C4BEE62}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{03633BE6-3BB1-4D99-8F52-2DE41839969D}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{3E55FB5C-82EF-4D39-B73F-4089DBA983EA}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{B6AD4F48-20F8-429F-AC12-3440D3B684D1}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{9CC687FE-0193-4AA3-AC86-C29D494C545C}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{FB0540AD-4EAE-4C97-8463-11A395CF6674}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{CD9991B1-D12F-42CE-BCD9-BAC30159FBBF}"= Disabled:UDP:9842:SolidNetworkManager
"{596CF8DD-9B52-4AF0-95FA-886DC25A1E46}"= Disabled:TCP:9842:SolidNetworkManager
"{E35AA88F-3863-4F49-BC69-1311C7E382E0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FD972D26-7ED5-4F4A-B058-67D5BBEFE2CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B707D3B0-1E9A-4AE6-8F94-C784583C4EA9}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{05B6AB64-A94B-402C-8270-428757CA0208}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B2F7D2BE-1439-4FAE-876C-582F0AF5B557}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EFE0B9F5-F42B-48B5-BEE8-9DA47D2F81E3}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{93245A71-64BC-424C-AAB4-BEF8320BCD8C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{83F13174-9335-4F77-8D1C-96C6C853F45F}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{36253208-7F41-4187-A118-CA7CC0812C33}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{94F5C70A-FADB-4C54-A9AE-B57D31604C93}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{186DFAAC-F44B-4651-84E8-531AD451541B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{61262F4A-9191-46AD-941B-91F4E53100D6}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{98BAB439-8E8A-4A0F-A143-928C15C0E1E0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{374291A8-CBAA-4570-ABE6-7789025E0C9B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{2A86BDAA-1813-4CA2-A9AA-77A748AA25CD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D4B134F9-E9D8-4AF3-B3F0-E5A38EAEEF3B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{40B55926-3DAD-4C78-ACAC-B04EF2B8890F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FC9F7C17-4A3E-4AD3-899A-21DAB24B329A}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{B10ECA56-A7AF-4BDE-9CEF-92B8EAC53BB4}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{25B5BDB5-D9A0-4B56-9FBC-EF6030C438E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{08AC98B2-7237-4383-8D41-F71ED02EA851}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{5A666B86-1856-4B03-B700-CD550D0A2CE9}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{3359F9A9-5482-472E-B254-96082F763BE5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{10409CF0-0D6C-4BDC-B9CC-B4A29DDA6C34}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{51E0BDC3-CDB1-43B1-B013-3E60BD29480C}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{CCD5643D-C5D0-42F7-BCA6-4D71B2BFCB95}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{FB4F8309-C977-4DEA-B0BF-83F73D24063E}"= UDP:55366:BitComet 55366 TCP
"{CDC89B54-0EEE-4B07-8588-500858EB070D}"= TCP:55366:BitComet 55366 UDP
"TCP Query User{8E2A74D7-BEE3-4F98-BCBA-1D54949CA351}C:\\users\\kevin\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\kevin\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{AAFBE388-87F0-4609-BADE-F04A035F2946}C:\\users\\kevin\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\kevin\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"{2B1A3F48-CFA4-4236-B814-F1CDAB267B57}"= UDP:55369:BitComet 55369 TCP
"{1D77D47C-7D01-4E30-91A9-A17B6745CDC4}"= TCP:55369:BitComet 55369 UDP
"{46BC4D89-FCCE-4B75-B543-1424022287D2}"= UDP:55555:BitComet 55555 TCP
"{CD1479A7-BA46-413C-BEF2-4DF31A9B552B}"= TCP:55555:BitComet 55555 UDP
"{0872D605-C5A9-4A12-852E-CD4DA229FBEB}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{212C0F5B-BD8D-43E6-8E1E-2465D01CA6E5}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"TCP Query User{FD677CE8-BA55-40A0-99D5-493EAE2F0889}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
"UDP Query User{832FA64A-55C3-4F39-98E7-B65F6D344BBD}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080926.001\IDSvix86.sys [2008-09-12 270384]
R1 is-B3BRRdrv;is-B3BRRdrv;C:\Windows\system32\DRIVERS\53722587.sys [2008-07-08 148496]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 stinbus;NEC WMC USB_T1 Composite Device driver (WDM);C:\Windows\system32\DRIVERS\stinbus.sys [2006-03-16 58352]
S3 stinmdfl;NEC WMC USB_T1 Modem Filter;C:\Windows\system32\DRIVERS\stinmdfl.sys [2004-09-29 6000]
S3 stinmdm;NEC WMC USB_T1 Port Drivers;C:\Windows\system32\DRIVERS\stinmdm.sys [2004-09-29 85632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-04-24 354560]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dde5457-39af-11dc-abf2-001a9261c473}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3DF4B92-FD57-45D0-BC60-401BCFC86B57} - C:\Windows\system32\khfFwxUL.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 03:49:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-10-04 3:58:40 - machine was rebooted [Kevin]
ComboFix-quarantined-files.txt 2008-10-03 17:58:32
ComboFix2.txt 2008-10-03 09:22:30

Pre-Run: 4,967,063,552 bytes free
Post-Run: 4,447,875,072 bytes free

350 --- E O F --- 2008-09-26 07:51:17

step 4 - filefind
Could not find the file snrfbo.dll n the directory c:\

step 5 - hijack
removed both entries

new scan after removal
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:02 AM, on 4/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9364 bytes

a friend offered me a removal program called wormblaster but that didnt have any effect so i uninstalled it right after. Just to let you know

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:21 PM

Posted 03 October 2008 - 04:14 PM

Thanks for letting me know. Althought we might have passed the danger zone please don't run any tool or remove anything as a precaution.
  • If you can not find the following file make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows

    Click on this link--> virustotal

    Click the browse button and navigate to the file below in bold, then click Send File. If the file is analyzed before click Reanalyse File Now button.

    C:\Windows\System32\LUxwFfhk.ini

    Please copy and paste the results of the scan in your next post.

  • Run MBAM, update it first then run a quick scan and let remove what it find. Please post the log after removal or eventual reboot for deletion if it needed.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
    Note: You might have to disable Norton auto-protec to be able to run Kasperskey. When you want to run Internet Explorer in order to download Kasperskey run Internet Explorer by right clicking and celecting "Run as Asministrator".

    To disable Norton Antivirus, to do that
    • Please navigate to the system tray on the bottom right hand corner and look for the Norton system tray icon sign.
    • Right-click it -> chose "Disable Auto-Protect."
    • Select a duration of at least 2 hours (this assures no interference with the cleanup of your pc).
    • Click "Ok."
    • A popup will warn that protection will now be disabled. Then you see a rec circle with with cross on the system tray icon.
    • You successfully disabled the Norton Antivirus Guard.
  • First remove C:\rsit\info.txt then run RSIT again and copy and paste the content of both logs.
Please copy/paste in your next reply:
  • The scan result of virustotal.
  • The MBAM log.
  • The RSIT logs.


#9 blueskyz888

blueskyz888
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 04 October 2008 - 02:03 AM

1.C:\Windows\System32\LUxwFfhk.ini
File LUxwFfhk.ini received on 10.04.2008 03:09:57 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.03 -
Authentium 5.1.0.4 2008.10.03 -
Avast 4.8.1248.0 2008.10.03 -
AVG 8.0.0.161 2008.10.03 -
BitDefender 7.2 2008.10.04 -
CAT-QuickHeal 9.50 2008.10.03 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.04 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6127 2008.10.03 -
Ewido 4.0 2008.10.03 -
F-Prot 4.4.4.56 2008.10.03 -
F-Secure 8.0.14332.0 2008.10.04 -
Fortinet 3.113.0.0 2008.10.03 -
GData 19 2008.10.04 -
Ikarus T3.1.1.34.0 2008.10.04 -
K7AntiVirus 7.10.483 2008.10.03 -
Kaspersky 7.0.0.125 2008.10.04 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.04 -
NOD32 3494 2008.10.03 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.03 -
PCTools 4.4.2.0 2008.10.03 -
Prevx1 V2 2008.10.04 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.03 -
Sophos 4.34.0 2008.10.04 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.04 -
TheHacker 6.3.1.0.100 2008.10.03 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.03 -
ViRobot 2008.10.3.1405 2008.10.03 -
VirusBuster 4.5.11.0 2008.10.03 -

Additional information
File size: 347 bytes
MD5...: c56d14dad923b6a30afc5be0174cb95b
SHA1..: 13427ccd32c39ce3ae3cf30333906ff8615de43b
SHA256: 8163b51ecefb87382c77850e3f58d32af77e2a40ac6ece4f97044fd58db6261a
SHA512: 28248d493979fdfd6dce1bf23283184d28944a671dfc91b116cf2e2e5baa7c64<BR>0b8f088ca6847323aead8f171153abb6390805128f790481a89dbb716913a701
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

mbam log
Malwarebytes' Anti-Malware 1.28
Database version: 1226
Windows 6.0.6001 Service Pack 1

4/10/2008 11:31:09 AM
mbam-log-2008-10-04 (11-31-09).txt

Scan type: Quick Scan
Objects scanned: 57517
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kaspersky Online Scan
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 4, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 04, 2008 00:13:53
Records in database: 1287401
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 210728
Threat name: 7
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 03:19:02


File name / Threat name / Threats count
C:\Downloads\Girlicious - Girlicious (2008)\00 - Girlicious - Girlicious (2008).m3u.exe Infected: Trojan.Win32.Monder.fte 1
C:\Users\Kevin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AutoShutdown.gadget\core\gadget.js Infected: not-a-virus:RiskTool.JS.Shutdown.a 1
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36e2bac9-2f1a3aa1 Infected: Trojan.Win32.Agent.afkw 1
C:\Users\Kevin\Desktop\Spyware Removal Tools\setupxv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.hu 1
C:\Users\Kevin\Desktop\Spyware Removal Tools\setupxv.exe Infected: not-a-virus:FraudTool.Win32.SpywareStop.ft 1
C:\Users\Kevin\Documents\Kevin Stuff\Files\Audio Record Wizard 3.99 Inc Crack - Mast3r-\Crack\ARWizard3.exe Infected: Trojan-Dropper.Win32.NeodurkJoiner.h 1
D:\NEW PROGRAMS\BLMInstall277.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
D:\NEW PROGRAMS\DRIVERS\AutoShutdown.gadget Infected: not-a-virus:RiskTool.JS.Shutdown.a 1

The selected area was scanned.

RSIT
info.txt
info.txt logfile of random's system information tool 1.04 2008-10-04 17:00:54

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AntispywareBot-->MsiExec.exe /X{3E27D124-0F2E-4B14-B720-5D822B5B5DC7}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Audio Record Wizard v3.99-->"C:\Program Files\ARWizard3\unins000.exe"
AudioFileHandler 2.8.1-->"C:\Program Files\AudioFileHandler\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BitComet 1.01-->C:\Program Files\BitComet\uninst.exe
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CanoScan Toolbox Ver4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
Crysis® SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
CUE Splitter-->MsiExec.exe /I{12B60D3B-90B4-4175-BB90-FCE19ACD9B02}
deskPDF 2.5 Professional Edition-->"C:\Program Files\Docudesk\deskPDF\unins000.exe"
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Docudesk GPL Ghostscript 8.15-->"C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVDInfoPro-->"C:\Program Files\DVDInfoPro\uninstall.exe"
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\Windows\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Introduction to Visual Basic 2005-->MsiExec.exe /I{638C1D72-FFAD-4EC3-B1AD-ABA96BB15B0B}
iriver Firmware Updater (remove only)-->"C:\Program Files\iriver\iriver Firmware Updater\uninstall.exe"
iriver LDB Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C086DBAD-BB4B-4D0E-B980-70F469EFBFE4}\Setup.exe" -l0x9
iriver plus 3 (remove only)-->"C:\Program Files\iriver\iriver plus 3\uninstall.exe"
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.1.30182-->"C:\Program Files\Last.fm\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MAGIX Music Maker 14 Producer Edition Download version 13.0.2.1 (US)-->C:\Program Files\MAGIX\MusicMaker14PE_Download_version\unwise.exe
MAGIX Screenshare 4.3.6.1987 (US)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MemoryEditorN720_N728-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C29E5CD9-485C-4C75-8D56-83C31E598CF1} /l1033
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
MiniMinder 7.27-->"C:\Program Files\MiniMind\unins000.exe"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Movie Converter (remove only)-->"C:\Program Files\iriver\Movie Converter\uninstall.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NEC WMC USB_T1 Software-->C:\Program Files\NEC\NEC WMC USB_T1\STINUninstall.exe
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 8-->MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
O2Jam R3 5.0-->C:\Program Files\R3 Games\O2Jam R3\Uninstall.exe
OJOsoft MKV Converter-->"C:\Program Files\OJOsoft\uninstall.exe" "/U:C:\Program Files\OJOsoft\OJOsoft MKV Converter\Uninstall\uninstall.xml"
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recordpad-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SiSoftware Sandra Professional Business XII-->"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\unins000.exe"
Soldat 1.4.2-->"C:\Soldat\unins001.exe"
Sound Editor Deluxe v3.9-->"C:\Program Files\Sound Editor Deluxe\unins000.exe"
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Ulead Video ToolBox Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~2\UNWISE.EXE C:\PROGRA~1\VIRTUA~2\INSTALL.LOG
Virtual Earth 3D (Beta)-->MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinMP3Packer-1.0.13-->MsiExec.exe /I{7E90434E-78A5-43BC-9C4D-88429F131D4B}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->C:\Program Files\WordWeb\uninst.exe
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Zortam ID3 Tag Editor 4.00-->"C:\Program Files\Zortam ID3 Tag Editor\unins000.exe"

=====HijackThis Backups=====

O23 - Service: AntispywareBot Scanning Engine (AntispywareBotSrv) - Unknown owner - C:\Program Files\AntispywareBot\AntispywareBot.srv.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

======Security center information======

AV: Norton AntiVirus (disabled)
FW: Norton AntiVirus
AS: AntispywareBot
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
AS: Norton AntiVirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\

-----------------EOF-----------------

log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Kevin at 2008-10-04 17:00:23
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 3 GB (3%) free of 131 GB
Total RAM: 2044 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:42 PM, on 4/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Kevin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9577 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Kevin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-19 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"JMB36X IDE Setup"=C:\Windows\JM\JMInsIDE.exe [2006-10-30 36864]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-19 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dde5457-39af-11dc-abf2-001a9261c473}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-04 04:10:03 ----A---- C:\Export.txt
2008-10-04 03:58:45 ----D---- C:\Windows\temp
2008-10-04 03:58:43 ----A---- C:\ComboFix.txt
2008-10-04 02:07:17 ----ASH---- C:\Windows\system32\LUxwFfhk.ini2
2008-10-04 02:07:17 ----ASH---- C:\Windows\system32\LUxwFfhk.ini
2008-10-03 19:00:14 ----D---- C:\Windows\erdnt
2008-10-03 18:49:29 ----D---- C:\QooBox
2008-10-03 18:49:26 ----A---- C:\Windows\zip.exe
2008-10-03 18:49:26 ----A---- C:\Windows\VFind.exe
2008-10-03 18:49:26 ----A---- C:\Windows\swxcacls.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWSC.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWREG.exe
2008-10-03 18:49:26 ----A---- C:\Windows\sed.exe
2008-10-03 18:49:26 ----A---- C:\Windows\Nircmd.exe
2008-10-03 18:49:26 ----A---- C:\Windows\grep.exe
2008-10-03 18:49:26 ----A---- C:\Windows\fdsv.exe
2008-10-03 18:39:30 ----SHD---- C:\Config.Msi
2008-10-03 13:43:58 ----D---- C:\rsit
2008-09-30 15:28:01 ----D---- C:\ProgramData\is-B3BRR
2008-09-30 15:02:10 ----D---- C:\ProgramData\is-3BVED
2008-09-30 12:48:33 ----D---- C:\ProgramData\is-VQVAO
2008-09-16 18:57:33 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:16:38 ----D---- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-09-15 21:16:12 ----D---- C:\ProgramData\Malwarebytes
2008-09-15 21:16:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 17:42:31 ----D---- C:\ProgramData\PC Tools
2008-09-14 20:34:49 ----D---- C:\ProgramData\Lavasoft
2008-09-14 19:26:32 ----A---- C:\Windows\wininit.ini
2008-09-14 19:05:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-14 19:05:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-14 18:52:22 ----D---- C:\Program Files\Trend Micro
2008-09-14 17:22:16 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-12 00:19:13 ----D---- C:\Program Files\CE Remote Tools
2008-09-10 17:35:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 17:35:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 17:26:58 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\cdd.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\vxblock.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxwave.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxmas.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxafs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\px.dll
2008-09-07 18:23:12 ----D---- C:\Users\Kevin\AppData\Roaming\Winamp
2008-09-07 18:23:12 ----D---- C:\Program Files\Winamp
2008-09-07 15:40:24 ----A---- C:\sat79.tmp

======List of files/folders modified in the last 1 months======

2008-10-04 16:06:15 ----D---- C:\Users\Kevin\AppData\Roaming\mIRC
2008-10-04 16:02:26 ----D---- C:\Program Files\mIRC
2008-10-04 12:45:02 ----D---- C:\Windows\System32
2008-10-04 12:45:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-04 12:44:59 ----D---- C:\Windows\inf
2008-10-04 10:00:10 ----A---- C:\Windows\CSTBox.INI
2008-10-04 09:59:46 ----D---- C:\Users\Kevin\AppData\Roaming\Canon
2008-10-04 03:58:47 ----D---- C:\Windows\system32\drivers
2008-10-04 03:58:45 ----D---- C:\Windows
2008-10-04 03:49:26 ----A---- C:\Windows\system.ini
2008-10-04 03:02:19 ----D---- C:\Windows\system32\config
2008-10-04 02:58:06 ----D---- C:\Windows\AppPatch
2008-10-04 02:58:06 ----D---- C:\Program Files\Common Files
2008-10-04 02:53:19 ----SHD---- C:\System Volume Information
2008-10-04 02:13:13 ----D---- C:\Windows\system32\catroot2
2008-10-04 02:10:20 ----RD---- C:\Program Files
2008-10-04 01:56:12 ----D---- C:\Users\Kevin\AppData\Roaming\Hamachi
2008-10-04 01:31:39 ----D---- C:\Users\Kevin\AppData\Roaming\Adobe
2008-10-03 23:24:28 ----D---- C:\Downloads
2008-10-03 18:45:49 ----D---- C:\Program Files\LimeWire
2008-10-03 18:44:27 ----SHD---- C:\Windows\Installer
2008-10-03 18:44:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-03 18:36:43 ----D---- C:\Windows\Prefetch
2008-10-03 18:36:39 ----AD---- C:\ProgramData\TEMP
2008-10-02 23:59:18 ----SD---- C:\Windows\Downloaded Program Files
2008-10-02 23:59:13 ----D---- C:\Windows\system32\Macromed
2008-10-02 19:51:49 ----D---- C:\Program Files\SystemRequirementsLab
2008-09-30 15:28:01 ----HD---- C:\ProgramData
2008-09-28 23:26:00 ----D---- C:\Windows\Debug
2008-09-28 23:15:23 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-28 21:46:05 ----D---- C:\Program Files\Mozilla Firefox
2008-09-22 17:38:16 ----D---- C:\Program Files\PeerGuardian2
2008-09-16 18:48:29 ----D---- C:\Program Files\ASUS
2008-09-16 18:48:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-16 17:39:45 ----D---- C:\Program Files\BitComet
2008-09-15 01:14:22 ----D---- C:\Windows\system32\Tasks
2008-09-14 21:08:49 ----D---- C:\Program Files\Internet Explorer
2008-09-14 20:07:03 ----D---- C:\Program Files\iTunes
2008-09-14 19:33:48 ----D---- C:\Users\Kevin\AppData\Roaming\LimeWire
2008-09-14 19:26:46 ----D---- C:\Windows\Tasks
2008-09-13 18:29:16 ----A---- C:\Windows\NeroDigital.ini
2008-09-12 18:38:21 ----D---- C:\Windows\winsxs
2008-09-12 00:23:21 ----D---- C:\ProgramData\Microsoft Help
2008-09-12 00:23:18 ----D---- C:\Windows\Microsoft.NET
2008-09-12 00:19:37 ----RSD---- C:\Windows\assembly
2008-09-12 00:15:39 ----D---- C:\Windows\system32\catroot
2008-09-07 11:55:54 ----A---- C:\ProgramData\BMbf236268.txt
2008-09-07 10:11:24 ----A---- C:\ProgramData\pskt.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080926.001\IDSvix86.sys [2008-09-12 270384]
R1 is-B3BRRdrv;is-B3BRRdrv; C:\Windows\system32\DRIVERS\53722587.sys [2008-07-08 148496]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-01-16 316928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2007-11-23 25280]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081003.003\NAVENG.SYS [2008-09-17 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081003.003\NAVEX15.SYS [2008-09-17 873552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-05-31 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 a8ok9ph8;a8ok9ph8; C:\Windows\system32\drivers\a8ok9ph8.sys []
S3 axx9q7gg;axx9q7gg; C:\Windows\system32\drivers\axx9q7gg.sys []
S3 Bcim;Bandwidth Controller kernel component; C:\Windows\system32\DRIVERS\bcim.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\GatheringRO\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Sandra.sys [2007-08-10 21920]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 stinbus;NEC WMC USB_T1 Composite Device driver (WDM); C:\Windows\system32\DRIVERS\stinbus.sys [2006-03-16 58352]
S3 stinmdfl;NEC WMC USB_T1 Modem Filter; C:\Windows\system32\DRIVERS\stinmdfl.sys [2004-09-29 6000]
S3 stinmdm;NEC WMC USB_T1 Port Drivers; C:\Windows\system32\DRIVERS\stinmdm.sys [2004-09-29 85632]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-18 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 XDva028;XDva028; \??\C:\Windows\system32\XDva028.sys []
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2006-11-02 514560]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-02-17 52352]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-02-06 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-17 1251720]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-03 654848]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe [2007-08-15 1441968]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-04-24 354560]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------

im guessing i should remove those files detected by kaspersky?

Edited by blueskyz888, 04 October 2008 - 02:06 AM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:21 PM

Posted 04 October 2008 - 03:21 AM

  • Please delete the file(s) and folder(s) in bold. One of them is a rogue antispyware software you have mistakenly used. The other two are downloaded infected stuff from the p2p sites:

    C:\Users\Kevin\Desktop\Spyware Removal Tools
    C:\Downloads\Girlicious - Girlicious (2008)\00 - Girlicious - Girlicious (2008).m3u.exe
    C:\Users\Kevin\Documents\Kevin Stuff\Files\Audio Record Wizard 3.99 Inc Crack - Mast3r-\Crack\ARWizard3.exe

  • Go to Program and Features on Control Panel and Uninstall Audio Record Wizard v3.99. Don't install this again as the Crack is a trojan dropper.

  • Please download ATF Cleaner by Atribune & save it to your desktop. Running this cleans also the Java cache.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • The following tools are not malicious by themselves. They are made to help system administrators and technicians but they might be used for malicious purposes in the hand of wrong persons. It is up to you if you need them or want to get rid of them.

    C:\Users\Kevin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AutoShutdown.gadget\core\gadget.js
    D:\NEW PROGRAMS\BLMInstall277.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
    D:\NEW PROGRAMS\DRIVERS\AutoShutdown.gadget

  • Remove AntispywareBot from the program list:
    • Open HijackThis.
    • Click Open the Misc Tools section.
    • Click Open Uninstall Manager.
    • Find and Select this item: AntispywareBot.
    • After you have selected the item click Delete this entry.
    • Then close HijackThis.
    More information with a screenshot, can be found here.

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 update 7 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • I see on your logs there are broken services from iolo System Mechanic on your computer. They look leftovers from an incomplete uninstall as I don't see the application on your program list. Tell me if you are using this software. The use of this type of software is not recommended as it might damage your system. But if you want to keep it you have to reinstall it. If you have uninstalled it let me know then we remove the leftovers.

  • Please run RSIT and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

  • Tell me how is your computer running, and if the boot problem is resolved.


#11 blueskyz888

blueskyz888
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 04 October 2008 - 06:39 AM

hi,
im currently not using iolo system mechanic..ive previously uninstalled it a while ago
after uninstalling the outdated java i rebooted the computer and it doesn't reboot at start-up anymore :thumbsup:.. hope it stays that way and i thank you

heres the RSIT log
Logfile of random's system information tool 1.04 (written by random/random)
Run by Kevin at 2008-10-04 21:38:18
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 4 GB (3%) free of 131 GB
Total RAM: 2044 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:35 PM, on 4/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kevin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9408 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Kevin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-19 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"JMB36X IDE Setup"=C:\Windows\JM\JMInsIDE.exe [2006-10-30 36864]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-19 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dde5457-39af-11dc-abf2-001a9261c473}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-04 21:28:52 ----D---- C:\Program Files\Sun
2008-10-04 21:28:20 ----A---- C:\Windows\system32\javaws.exe
2008-10-04 21:28:20 ----A---- C:\Windows\system32\javaw.exe
2008-10-04 21:28:20 ----A---- C:\Windows\system32\java.exe
2008-10-04 21:17:19 ----D---- C:\Program Files\Common Files\Java
2008-10-04 18:21:10 ----D---- C:\Program Files\Electronic Piano 2.5
2008-10-04 18:12:45 ----D---- C:\Program Files\weblin
2008-10-04 18:11:35 ----D---- C:\Users\Kevin\AppData\Roaming\zweitgeist
2008-10-04 04:10:03 ----A---- C:\Export.txt
2008-10-04 03:58:45 ----D---- C:\Windows\temp
2008-10-04 03:58:43 ----A---- C:\ComboFix.txt
2008-10-04 02:07:17 ----ASH---- C:\Windows\system32\LUxwFfhk.ini2
2008-10-04 02:07:17 ----ASH---- C:\Windows\system32\LUxwFfhk.ini
2008-10-03 19:00:14 ----D---- C:\Windows\erdnt
2008-10-03 18:49:29 ----D---- C:\QooBox
2008-10-03 18:49:26 ----A---- C:\Windows\zip.exe
2008-10-03 18:49:26 ----A---- C:\Windows\VFind.exe
2008-10-03 18:49:26 ----A---- C:\Windows\swxcacls.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWSC.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWREG.exe
2008-10-03 18:49:26 ----A---- C:\Windows\sed.exe
2008-10-03 18:49:26 ----A---- C:\Windows\Nircmd.exe
2008-10-03 18:49:26 ----A---- C:\Windows\grep.exe
2008-10-03 18:49:26 ----A---- C:\Windows\fdsv.exe
2008-10-03 13:43:58 ----D---- C:\rsit
2008-09-30 15:28:01 ----D---- C:\ProgramData\is-B3BRR
2008-09-30 15:02:10 ----D---- C:\ProgramData\is-3BVED
2008-09-30 12:48:33 ----D---- C:\ProgramData\is-VQVAO
2008-09-16 18:57:33 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:16:38 ----D---- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-09-15 21:16:12 ----D---- C:\ProgramData\Malwarebytes
2008-09-15 21:16:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 17:42:31 ----D---- C:\ProgramData\PC Tools
2008-09-14 20:34:49 ----D---- C:\ProgramData\Lavasoft
2008-09-14 19:26:32 ----A---- C:\Windows\wininit.ini
2008-09-14 19:05:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-14 19:05:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-14 18:52:22 ----D---- C:\Program Files\Trend Micro
2008-09-14 17:22:16 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-12 00:19:13 ----D---- C:\Program Files\CE Remote Tools
2008-09-10 17:35:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 17:35:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 17:26:58 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\cdd.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\vxblock.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxwave.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxmas.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxafs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\px.dll
2008-09-07 18:23:12 ----D---- C:\Users\Kevin\AppData\Roaming\Winamp
2008-09-07 18:23:12 ----D---- C:\Program Files\Winamp
2008-09-07 15:40:24 ----A---- C:\sat79.tmp

======List of files/folders modified in the last 1 months======

2008-10-04 21:38:30 ----D---- C:\Windows\Prefetch
2008-10-04 21:29:29 ----SHD---- C:\Windows\Installer
2008-10-04 21:28:52 ----RD---- C:\Program Files
2008-10-04 21:28:20 ----D---- C:\Windows\System32
2008-10-04 21:28:19 ----D---- C:\Program Files\Java
2008-10-04 21:25:53 ----SHD---- C:\System Volume Information
2008-10-04 21:17:19 ----D---- C:\Program Files\Common Files
2008-10-04 20:18:43 ----A---- C:\Windows\NeroDigital.ini
2008-10-04 19:45:10 ----D---- C:\Downloads
2008-10-04 18:04:33 ----D---- C:\Users\Kevin\AppData\Roaming\Download Manager
2008-10-04 16:06:15 ----D---- C:\Users\Kevin\AppData\Roaming\mIRC
2008-10-04 16:02:26 ----D---- C:\Program Files\mIRC
2008-10-04 12:45:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-04 12:44:59 ----D---- C:\Windows\inf
2008-10-04 10:00:10 ----A---- C:\Windows\CSTBox.INI
2008-10-04 09:59:46 ----D---- C:\Users\Kevin\AppData\Roaming\Canon
2008-10-04 03:58:47 ----D---- C:\Windows\system32\drivers
2008-10-04 03:58:45 ----D---- C:\Windows
2008-10-04 03:49:26 ----A---- C:\Windows\system.ini
2008-10-04 03:02:19 ----D---- C:\Windows\system32\config
2008-10-04 02:58:06 ----D---- C:\Windows\AppPatch
2008-10-04 02:13:13 ----D---- C:\Windows\system32\catroot2
2008-10-04 01:56:12 ----D---- C:\Users\Kevin\AppData\Roaming\Hamachi
2008-10-04 01:31:39 ----D---- C:\Users\Kevin\AppData\Roaming\Adobe
2008-10-03 18:45:49 ----D---- C:\Program Files\LimeWire
2008-10-03 18:44:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-03 18:36:39 ----AD---- C:\ProgramData\TEMP
2008-10-02 23:59:18 ----SD---- C:\Windows\Downloaded Program Files
2008-10-02 23:59:13 ----D---- C:\Windows\system32\Macromed
2008-10-02 19:51:49 ----D---- C:\Program Files\SystemRequirementsLab
2008-09-30 15:28:01 ----HD---- C:\ProgramData
2008-09-28 23:26:00 ----D---- C:\Windows\Debug
2008-09-28 23:15:23 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-28 21:46:05 ----D---- C:\Program Files\Mozilla Firefox
2008-09-22 17:38:16 ----D---- C:\Program Files\PeerGuardian2
2008-09-16 18:48:29 ----D---- C:\Program Files\ASUS
2008-09-16 18:48:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-16 17:39:45 ----D---- C:\Program Files\BitComet
2008-09-15 01:14:22 ----D---- C:\Windows\system32\Tasks
2008-09-14 21:08:49 ----D---- C:\Program Files\Internet Explorer
2008-09-14 20:07:03 ----D---- C:\Program Files\iTunes
2008-09-14 19:33:48 ----D---- C:\Users\Kevin\AppData\Roaming\LimeWire
2008-09-14 19:26:46 ----D---- C:\Windows\Tasks
2008-09-12 18:38:21 ----D---- C:\Windows\winsxs
2008-09-12 00:23:21 ----D---- C:\ProgramData\Microsoft Help
2008-09-12 00:23:18 ----D---- C:\Windows\Microsoft.NET
2008-09-12 00:19:37 ----RSD---- C:\Windows\assembly
2008-09-12 00:15:39 ----D---- C:\Windows\system32\catroot
2008-09-07 11:55:54 ----A---- C:\ProgramData\BMbf236268.txt
2008-09-07 10:11:24 ----A---- C:\ProgramData\pskt.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080926.001\IDSvix86.sys [2008-09-12 270384]
R1 is-B3BRRdrv;is-B3BRRdrv; C:\Windows\system32\DRIVERS\53722587.sys [2008-07-08 148496]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-01-16 316928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2007-11-23 25280]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081003.003\NAVENG.SYS [2008-09-17 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081003.003\NAVEX15.SYS [2008-09-17 873552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-05-31 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 a0d1owsk;a0d1owsk; C:\Windows\system32\drivers\a0d1owsk.sys []
S3 a440pk5k;a440pk5k; C:\Windows\system32\drivers\a440pk5k.sys []
S3 Bcim;Bandwidth Controller kernel component; C:\Windows\system32\DRIVERS\bcim.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\GatheringRO\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Sandra.sys [2007-08-10 21920]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 stinbus;NEC WMC USB_T1 Composite Device driver (WDM); C:\Windows\system32\DRIVERS\stinbus.sys [2006-03-16 58352]
S3 stinmdfl;NEC WMC USB_T1 Modem Filter; C:\Windows\system32\DRIVERS\stinmdfl.sys [2004-09-29 6000]
S3 stinmdm;NEC WMC USB_T1 Port Drivers; C:\Windows\system32\DRIVERS\stinmdm.sys [2004-09-29 85632]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-18 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 XDva028;XDva028; \??\C:\Windows\system32\XDva028.sys []
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2006-11-02 514560]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-02-17 52352]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-02-06 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-03 654848]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe [2007-08-15 1441968]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-17 1251720]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-04-24 354560]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:21 PM

Posted 04 October 2008 - 06:58 AM

That is of course good news.
  • Go to start > Run copy/paste: The following lines one by one in the run box and click OK after each line.

    sc delete ioloFileInfoList
    sc delete ioloSystemService


  • Run the computer for a couple of hours. Reboot a few times in between. After that post me a RSIT log and tell how it went.


#13 blueskyz888

blueskyz888
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 04 October 2008 - 07:25 AM

done.
ill get back to you in an hour or so

cheers,

#14 blueskyz888

blueskyz888
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 04 October 2008 - 09:15 AM

hey, ive rebooted my computer as well as shutting it down. looks like the rebooting issue is gone. All the apprehension when it hit the start up screen gave me that adrenaline rush lol. thank you once again

rsit log after removal of iolo system mechanic broken services

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kevin at 2008-10-05 00:13:59
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 3 GB (3%) free of 131 GB
Total RAM: 2044 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:15 AM, on 5/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Users\Kevin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9275 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Kevin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-19 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"JMB36X IDE Setup"=C:\Windows\JM\JMInsIDE.exe [2006-10-30 36864]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-19 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dde5457-39af-11dc-abf2-001a9261c473}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-04 21:28:52 ----D---- C:\Program Files\Sun
2008-10-04 21:28:20 ----A---- C:\Windows\system32\javaws.exe
2008-10-04 21:28:20 ----A---- C:\Windows\system32\javaw.exe
2008-10-04 21:28:20 ----A---- C:\Windows\system32\java.exe
2008-10-04 21:17:19 ----D---- C:\Program Files\Common Files\Java
2008-10-04 18:21:10 ----D---- C:\Program Files\Electronic Piano 2.5
2008-10-04 18:12:45 ----D---- C:\Program Files\weblin
2008-10-04 18:11:35 ----D---- C:\Users\Kevin\AppData\Roaming\zweitgeist
2008-10-04 04:10:03 ----A---- C:\Export.txt
2008-10-04 03:58:45 ----D---- C:\Windows\temp
2008-10-04 03:58:43 ----A---- C:\ComboFix.txt
2008-10-04 02:07:17 ----ASH---- C:\Windows\system32\LUxwFfhk.ini2
2008-10-04 02:07:17 ----ASH---- C:\Windows\system32\LUxwFfhk.ini
2008-10-03 19:00:14 ----D---- C:\Windows\erdnt
2008-10-03 18:49:29 ----D---- C:\QooBox
2008-10-03 18:49:26 ----A---- C:\Windows\zip.exe
2008-10-03 18:49:26 ----A---- C:\Windows\VFind.exe
2008-10-03 18:49:26 ----A---- C:\Windows\swxcacls.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWSC.exe
2008-10-03 18:49:26 ----A---- C:\Windows\SWREG.exe
2008-10-03 18:49:26 ----A---- C:\Windows\sed.exe
2008-10-03 18:49:26 ----A---- C:\Windows\Nircmd.exe
2008-10-03 18:49:26 ----A---- C:\Windows\grep.exe
2008-10-03 18:49:26 ----A---- C:\Windows\fdsv.exe
2008-10-03 13:43:58 ----D---- C:\rsit
2008-09-30 15:28:01 ----D---- C:\ProgramData\is-B3BRR
2008-09-30 15:02:10 ----D---- C:\ProgramData\is-3BVED
2008-09-30 12:48:33 ----D---- C:\ProgramData\is-VQVAO
2008-09-16 18:57:33 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:16:38 ----D---- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-09-15 21:16:12 ----D---- C:\ProgramData\Malwarebytes
2008-09-15 21:16:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 17:42:31 ----D---- C:\ProgramData\PC Tools
2008-09-14 20:34:49 ----D---- C:\ProgramData\Lavasoft
2008-09-14 19:26:32 ----A---- C:\Windows\wininit.ini
2008-09-14 19:05:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-14 19:05:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-14 18:52:22 ----D---- C:\Program Files\Trend Micro
2008-09-14 17:22:16 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 17:21:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-12 00:19:13 ----D---- C:\Program Files\CE Remote Tools
2008-09-10 17:35:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 17:35:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 17:26:58 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:16:50 ----A---- C:\Windows\system32\cdd.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\vxblock.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxwave.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxmas.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-07 18:23:14 ----N---- C:\Windows\system32\pxafs.dll
2008-09-07 18:23:14 ----N---- C:\Windows\system32\px.dll
2008-09-07 18:23:12 ----D---- C:\Users\Kevin\AppData\Roaming\Winamp
2008-09-07 18:23:12 ----D---- C:\Program Files\Winamp
2008-09-07 15:40:24 ----A---- C:\sat79.tmp

======List of files/folders modified in the last 1 months======

2008-10-05 00:11:51 ----D---- C:\Windows\Prefetch
2008-10-04 21:58:16 ----RD---- C:\Program Files
2008-10-04 21:58:16 ----D---- C:\Windows
2008-10-04 21:57:21 ----D---- C:\Downloads
2008-10-04 21:29:29 ----SHD---- C:\Windows\Installer
2008-10-04 21:28:20 ----D---- C:\Windows\System32
2008-10-04 21:28:19 ----D---- C:\Program Files\Java
2008-10-04 21:25:53 ----SHD---- C:\System Volume Information
2008-10-04 21:17:19 ----D---- C:\Program Files\Common Files
2008-10-04 20:18:43 ----A---- C:\Windows\NeroDigital.ini
2008-10-04 18:04:33 ----D---- C:\Users\Kevin\AppData\Roaming\Download Manager
2008-10-04 16:06:15 ----D---- C:\Users\Kevin\AppData\Roaming\mIRC
2008-10-04 16:02:26 ----D---- C:\Program Files\mIRC
2008-10-04 12:45:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-04 12:44:59 ----D---- C:\Windows\inf
2008-10-04 10:00:10 ----A---- C:\Windows\CSTBox.INI
2008-10-04 09:59:46 ----D---- C:\Users\Kevin\AppData\Roaming\Canon
2008-10-04 03:58:47 ----D---- C:\Windows\system32\drivers
2008-10-04 03:49:26 ----A---- C:\Windows\system.ini
2008-10-04 03:02:19 ----D---- C:\Windows\system32\config
2008-10-04 02:58:06 ----D---- C:\Windows\AppPatch
2008-10-04 02:13:13 ----D---- C:\Windows\system32\catroot2
2008-10-04 01:56:12 ----D---- C:\Users\Kevin\AppData\Roaming\Hamachi
2008-10-04 01:31:39 ----D---- C:\Users\Kevin\AppData\Roaming\Adobe
2008-10-03 18:45:49 ----D---- C:\Program Files\LimeWire
2008-10-03 18:44:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-03 18:36:39 ----AD---- C:\ProgramData\TEMP
2008-10-02 23:59:18 ----SD---- C:\Windows\Downloaded Program Files
2008-10-02 23:59:13 ----D---- C:\Windows\system32\Macromed
2008-10-02 19:51:49 ----D---- C:\Program Files\SystemRequirementsLab
2008-09-30 15:28:01 ----HD---- C:\ProgramData
2008-09-28 23:26:00 ----D---- C:\Windows\Debug
2008-09-28 23:15:23 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-28 21:46:05 ----D---- C:\Program Files\Mozilla Firefox
2008-09-22 17:38:16 ----D---- C:\Program Files\PeerGuardian2
2008-09-16 18:48:29 ----D---- C:\Program Files\ASUS
2008-09-16 18:48:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-16 17:39:45 ----D---- C:\Program Files\BitComet
2008-09-15 01:14:22 ----D---- C:\Windows\system32\Tasks
2008-09-14 21:08:49 ----D---- C:\Program Files\Internet Explorer
2008-09-14 20:07:03 ----D---- C:\Program Files\iTunes
2008-09-14 19:33:48 ----D---- C:\Users\Kevin\AppData\Roaming\LimeWire
2008-09-14 19:26:46 ----D---- C:\Windows\Tasks
2008-09-12 18:38:21 ----D---- C:\Windows\winsxs
2008-09-12 00:23:21 ----D---- C:\ProgramData\Microsoft Help
2008-09-12 00:23:18 ----D---- C:\Windows\Microsoft.NET
2008-09-12 00:19:37 ----RSD---- C:\Windows\assembly
2008-09-12 00:15:39 ----D---- C:\Windows\system32\catroot
2008-09-07 11:55:54 ----A---- C:\ProgramData\BMbf236268.txt
2008-09-07 10:11:24 ----A---- C:\ProgramData\pskt.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080926.001\IDSvix86.sys [2008-09-12 270384]
R1 is-B3BRRdrv;is-B3BRRdrv; C:\Windows\system32\DRIVERS\53722587.sys [2008-07-08 148496]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-01-16 316928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2007-11-23 25280]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081003.003\NAVENG.SYS [2008-09-17 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081003.003\NAVEX15.SYS [2008-09-17 873552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-05-31 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 a1xaazr3;a1xaazr3; C:\Windows\system32\drivers\a1xaazr3.sys []
S3 amu7fawh;amu7fawh; C:\Windows\system32\drivers\amu7fawh.sys []
S3 Bcim;Bandwidth Controller kernel component; C:\Windows\system32\DRIVERS\bcim.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\GatheringRO\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Sandra.sys [2007-08-10 21920]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 stinbus;NEC WMC USB_T1 Composite Device driver (WDM); C:\Windows\system32\DRIVERS\stinbus.sys [2006-03-16 58352]
S3 stinmdfl;NEC WMC USB_T1 Modem Filter; C:\Windows\system32\DRIVERS\stinmdfl.sys [2004-09-29 6000]
S3 stinmdm;NEC WMC USB_T1 Port Drivers; C:\Windows\system32\DRIVERS\stinmdm.sys [2004-09-29 85632]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-18 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 XDva028;XDva028; \??\C:\Windows\system32\XDva028.sys []
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2006-11-02 514560]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-02-17 52352]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-02-06 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-17 1251720]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-03 654848]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe [2007-08-15 1441968]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-04-24 354560]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------

oh btw, i was looking through the programs and features /uninstall or change a program list, i notice Antispywarebot still remains there. do i just remove it ?

Edited by blueskyz888, 04 October 2008 - 09:20 AM.


#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:21 PM

Posted 04 October 2008 - 09:57 AM

Its again good news again.

As I understand after you used Hijackthis uninstall removal tool the item is still there. You might try it but not be able to remove the item from programs and features /uninstall. Let's try this:

Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
Copy and paste the text in code box into it.

REGEDIT4 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntispywareBot]
  • Save the file to the desktop as regfix.reg
  • Make sure the Save as type field says All files.
  • Locate regfix.reg on the desktop and double-click on it and confirm.
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
  • You get another window popup saying that regfix.reg successfully added to the registry.
Note: You have to turn off any registry protector software you have in order the changes to be taken place.


Please reboot and check if the entry is gone. Let me know the result.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users