Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've got many hard-to-solve infections. Help Please


  • This topic is locked This topic is locked
43 replies to this topic

#1 DJohn

DJohn

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 15 October 2008 - 11:23 AM

For some time now, I am looking for every possible way to get my malware off my computer, but every time I try to do something for this, it only gets worse... I've completed your malware removal guidance as best as I could, but I couldn't finish it. Here are the reasons, and what is happening to my computer at this moment:

1. I can't access most of the malware-removal and anti-virus sites, even this one, I have two computer at home conected together so I am writing from the "secure" one.

2. My results in google are always just redirecting links to business pages and some of them seem really filled up with viruses.

3. I can't update my antivirus. Some time before i just thought there was a problem about it so I tryed to reinstall it. First of all, reinstall and uninstall options were not avalible(blocked by malvare?) so I tryed to uninstall it myself, but some of the files in the anti-virus folder were system protected and I just couldn't get rid of them - thus - for computer it means anti-virus is installed and when I downloaded kaspersky-full online security to get rid of all the viruses + malware it just says I can't install it because it's incompatible with my previous anti-virus. So I decided to download AVG 8 free, because I couldn't just let my computer unprotected. But AVG test can't find anything at all AND can't get updates as well - the blocked sites problem. In fact, I can't update any malware-removal software(Ad-Aware, Spybot...)

4. I can't get to the Safe Mode on my widows XP(I Tryed to resolve this by reinstalling Windows, I can say I got further to safe mode than before, but still can't access it), therefore I can't remove the system-threating malware.

5. I even get a different(lot worse) startup sound... It sounds weird and scarry...

6. I wanted to reslove this more easily - just by some of the files on my hardisk I want and just format C:\ to get rid of all the malware and viruses, trojans etc... But I can't open any of my disc-burning programs(nero, alchohol 120%) - some bug appears...

Now, as I said before, I have been trying to resolve this problem and so - I got something that might help you with helping me and might fasten the process.

HIJACKTHIS log before I removed most of the infected files:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:12, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Starter] C:\WINDOWS\system32\STARTER.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programy\YouTube Video Converter\upod_link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programy\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programy\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programy\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6012 bytes

Today's log(after most of malware got removed)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:31, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Programy\Avast4\ashServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Starter] C:\WINDOWS\system32\STARTER.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programy\YouTube Video Converter\upod_link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programy\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programy\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programy\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KHGCCI - Unknown owner - C:\DOCUME~1\MBI\LOCALS~1\Temp\KHGCCI.exe (file missing)
O23 - Service: KPKXTQY - Unknown owner - C:\DOCUME~1\MBI\LOCALS~1\Temp\KPKXTQY.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6983 bytes

SMITFRAUDFIX today's repport (I got one from yesterday if you need it)

SmitFraudFix v2.356

Scan done at 17:05:19.09, Wed 10/15/2008
Run from C:\Documents and Settings\MBI\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Programy\Avast4\ashServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MBI\Desktop\RootkitRevealer.exe
C:\Documents and Settings\MBI\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\tdssservers.dat detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssadw.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssinit.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssl.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdsslog.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\tdssmain.dll detected, use a Rootkit scanner
C:\WINDOWS\system32\drivers\tdssserv.sys detected, use a Rootkit scanner

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MBI


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MBI\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MBI\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBD5DE83-4275-4184-9A94-328B78CA0972}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBD5DE83-4275-4184-9A94-328B78CA0972}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBD5DE83-4275-4184-9A94-328B78CA0972}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DBD5DE83-4275-4184-9A94-328B78CA0972}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


I got a screen from my task manager - some of the tasks look real suspicious. The screen is in attachments.



(This is before the system was cleaned a bit and if I click to remove some of the system tasks (svchost) I get a non windows-looking message my system is shutting down in 59,58,57(counts off until it reaches 0 when it shuts itself off) even though windows never let you shut off the system tasks...

Now I see it might be a bit of a problem but I believe I can still save this computer ^^.... Thanks for further advices and help.

Attached Files


Edited by DJohn, 15 October 2008 - 12:25 PM.


BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:02 PM

Posted 25 October 2008 - 01:25 PM

Hi DJohn
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.

Please do the following from the infected computer.


When the tool completes a log will open.
Please post the contents of that log.

Thanks
maranatha

Edited by harrythook, 02 November 2008 - 06:45 AM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 25 October 2008 - 05:22 PM

Hello, thanks for helping me with this problem ;). I am delighted ^^.

Let's get to the computer. You asked me to download this program, so I did and just as I expected, something went wrong and I couldn't get the log file. Instead, while opening the program, I got this blue window just as you get when you open Combofix or SmitFraudFix, afterwards I recieved a message in notepad: [content pasted below]

TDSSserv not found

I wonder what could have happened but there's nothing I can do about it(I tryed to open the program both ways - through "run" option on the download screen and through downloading the program and running it manually - none of the above worked)

Also, I need to mention that by the time I was waiting for some help I was also reading through many pages on this forum how to get rid of most of them, and so I got some of these infections off my computer(there was like 400+ in fact, most in cookies, the rest in windows folder) so in order to speed up the process I'll give you some more info about what have changed and what still need to be done bellow.

1. I managed to get the safe mode running.

2. Virus(trojan, in fact) that have restricted my access to the internet is gone(successfully found and deleted by MBAM)

3. Google no more redirects me to any unwanted pages.

4. Antivirus-Remowal tool got me rid of the rest of antivirus and a new one was successfully instaled and updated just as the rest of malware-removal programs.


And now, things that still need to be done:

1. I am still getting this ears-killing sond on the startup.

2. I still can't use my disc-burning programs.

3. My java is not working well, even after reinstalling it. I can use it, but after it's been used I have to shut it off through Task Manager because it takes about 90% of processor usage.

4. [NEW ONE] My computer is running really slow and it seems I am unable to do anything about it :thumbsup:.

5. [NEW ONE] I can't access my photograps folder on my desktop, when I open the folder, it freezes and I have to shut it off via Task Manager. If there's something I can do about it please help me with it.(I don't have them backed up :))


Here is the new HJT log(might help you helping me ;)):



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:34, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\AMCAP.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\AMCAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programy\YouTube Video Converter\upod_link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BAGNP - Unknown owner - C:\DOCUME~1\MBI\LOCALS~1\Temp\BAGNP.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 6602 bytes

Edited by DJohn, 25 October 2008 - 09:12 PM.


#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:02 PM

Posted 25 October 2008 - 10:02 PM

Hi
TDSSserv not found That was the message I was hoping for.

This may or may not be a malware problem, Lets see a log that looks deeper into the system.
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool.
  • At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
  • If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of the logs here in your next reply.
Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#5 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 25 October 2008 - 10:22 PM

[Sorry, this post has been made by a mistake so I deleted its content. Please delete the whole post since I am not authorised to.]

Edited by DJohn, 26 October 2008 - 08:28 AM.


#6 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 25 October 2008 - 10:22 PM

Hello, thanks for being so quick. Here is the content:

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by MBI at 2008-10-26 03:19:59
Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (27%) free of 74 GB
Total RAM: 1279 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:20:39, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\AMCAP.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\AMCAP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\MBI\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MBI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programy\YouTube Video Converter\upod_link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BAGNP - Unknown owner - C:\DOCUME~1\MBI\LOCALS~1\Temp\BAGNP.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 6754 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-05 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe [2007-06-11 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Documents and Settings\MBI\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WebEye\WebEye.exe"="C:\Program Files\WebEye\WebEye.exe:*:Enabled:SocketAPI"
"C:\Games\SwiftSwitch\SwiftSwitch.exe"="C:\Games\SwiftSwitch\SwiftSwitch.exe:*:Enabled:Utility for RuneScape"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Counter-Strike\hl.exe"="C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike\hlds.exe"="C:\Program Files\Counter-Strike\hlds.exe:*:Enabled:HLDS Launcher"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Games\FlatOut2\FlatOut2.exe"="C:\Games\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87733064-5686-11dd-8744-000c768ee581}]
shell\AutoRun\command - RavMon.exe
shell\explore\command - RavMon.exe -e
shell\open\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69c9872-185b-11dd-b80d-806d6172696f}]
shell\AutoRun\command - F:\Launch.exe


======List of files/folders created in the last 3 months======

2008-10-26 03:19:59 ----D---- C:\rsit
2008-10-24 14:25:39 ----D---- C:\WINDOWS\LastGood
2008-10-23 15:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-23 15:07:26 ----D---- C:\Program Files\Security Task Manager
2008-10-20 20:46:41 ----D---- C:\PictureProject
2008-10-20 12:55:38 ----A---- C:\ComboFix.txt
2008-10-20 12:45:37 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-19 18:01:08 ----D---- C:\Program Files\Microsoft Games
2008-10-18 21:56:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-18 17:26:53 ----HDC---- C:\WINDOWS\ie8
2008-10-18 17:13:15 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-18 16:32:06 ----D---- C:\WINDOWS\temp
2008-10-18 15:53:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-18 15:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2008-10-18 15:17:38 ----D---- C:\cmdcons
2008-10-18 15:16:00 ----A---- C:\WINDOWS\zip.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\VFIND.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWSC.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\SWREG.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\sed.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\grep.exe
2008-10-18 15:16:00 ----A---- C:\WINDOWS\fdsv.exe
2008-10-18 15:15:48 ----D---- C:\WINDOWS\ERDNT
2008-10-18 15:15:48 ----D---- C:\Qoobox
2008-10-18 14:53:57 ----SHD---- C:\WINDOWS\CSC
2008-10-18 01:12:15 ----D---- C:\Documents and Settings\MBI\Application Data\Malwarebytes
2008-10-18 01:12:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 01:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 10:31:44 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-10-16 10:31:40 ----D---- C:\Program Files\Sygate
2008-10-15 16:04:52 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2008-10-15 12:13:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 12:13:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 01:28:24 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-15 01:27:39 ----D---- C:\MRT
2008-10-14 22:30:36 ----A---- C:\RootkitReveal.txt
2008-10-08 15:22:11 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-08 15:22:11 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-08 15:22:11 ----A---- C:\WINDOWS\system32\java.exe
2008-10-07 19:26:06 ----N---- C:\WINDOWS\avrack.ini
2008-10-07 19:03:37 ----A---- C:\WINDOWS\SBWIN.INI
2008-10-07 19:03:31 ----A---- C:\WINDOWS\system32\MFCUIA32.DLL
2008-10-07 19:03:31 ----A---- C:\WINDOWS\system32\MFCANS32.DLL
2008-10-07 19:03:31 ----A---- C:\WINDOWS\CTRES.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\system32\CTWFLT32.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\system32\CTL3D.DLL
2008-10-07 19:03:30 ----A---- C:\WINDOWS\CTCCW.DLL
2008-10-07 19:03:19 ----A---- C:\WINDOWS\uninst.exe
2008-10-07 19:01:30 ----D---- C:\Program Files\Creative
2008-10-07 18:27:12 ----A---- C:\directx_9c_redist.exe
2008-10-07 18:25:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-07 18:25:41 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-07 17:04:10 ----D---- C:\WINDOWS\Prefetch
2008-10-07 16:42:35 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-07 16:18:21 ----A---- C:\WINDOWS\pnplog.txt
2008-10-07 16:11:58 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-07 16:11:58 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-07 16:11:29 ----RA---- C:\WINDOWS\SET213.tmp
2008-10-07 16:11:24 ----RA---- C:\WINDOWS\SET207.tmp
2008-10-07 16:11:21 ----RA---- C:\WINDOWS\SET204.tmp
2008-10-07 15:41:32 ----A---- C:\Boot.bak
2008-10-07 15:41:05 ----D---- C:\$WIN_NT$.~BT
2008-10-07 15:41:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-07 15:06:09 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-07 15:05:53 ----A---- C:\rapport.txt
2008-10-07 14:54:44 ----D---- C:\Program Files\Trend Micro
2008-10-06 21:16:15 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-06 20:30:02 ----D---- C:\SDFix
2008-10-06 19:58:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-06 11:25:44 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-06 11:25:14 ----A---- C:\kis8.0.0.454en.exe
2008-10-06 10:47:37 ----D---- C:\Program Files\Alwil Software
2008-09-29 01:45:21 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-29 01:45:21 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-29 01:45:19 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-29 01:45:18 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-29 01:45:18 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-29 01:45:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-29 01:45:14 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-29 01:45:14 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-29 01:45:12 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-29 01:45:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-29 01:45:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-29 01:45:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-29 01:45:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-29 01:45:04 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-29 01:45:03 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-29 01:45:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-29 01:45:00 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-29 01:45:00 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-29 01:44:57 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-29 01:44:53 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-29 01:44:47 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-29 01:44:38 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-29 01:43:28 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-29 01:43:04 ----D---- C:\WINDOWS\Logs
2008-09-29 00:52:29 ----D---- C:\WINDOWS\nvidia icons
2008-09-29 00:50:07 ----D---- C:\NVIDIA
2008-09-29 00:11:51 ----A---- C:\WINDOWS\setuplog.txt
2008-09-29 00:10:03 ----D---- C:\WINDOWS\system32\scripting
2008-09-29 00:10:03 ----D---- C:\WINDOWS\l2schemas
2008-09-29 00:10:02 ----D---- C:\WINDOWS\system32\en
2008-09-29 00:10:01 ----D---- C:\WINDOWS\system32\bits
2008-09-29 00:05:07 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-24 19:26:46 ----D---- C:\Program Files\Alex Buturuga
2008-09-10 05:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-05 16:50:26 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-05 16:50:18 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 16:50:13 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-05 16:50:13 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-05 16:49:43 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-05 16:49:43 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-05 16:49:27 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-05 16:49:24 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-05 16:49:22 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slserv.exe
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slgen.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-09-05 16:49:22 ----A---- C:\WINDOWS\slrundll.exe
2008-09-05 16:49:13 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-05 16:49:08 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-09-05 16:49:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-05 16:49:03 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-05 16:49:01 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-05 16:48:59 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-05 16:48:55 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-05 16:48:50 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-05 16:48:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-05 16:48:30 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-05 16:48:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-05 16:48:24 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-05 16:47:49 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-05 16:47:48 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-05 16:47:25 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-05 16:47:23 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-05 16:47:21 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-05 16:47:20 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-05 16:46:50 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-09-05 16:46:50 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-09-05 16:46:46 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-05 16:46:36 ----A---- C:\WINDOWS\003034_.tmp
2008-09-05 16:46:35 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-05 16:46:33 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-05 16:46:33 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-05 16:46:32 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-05 16:46:29 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-05 16:46:28 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-05 16:46:28 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-05 16:46:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-05 16:46:23 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-05 16:46:14 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-05 16:46:14 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-05 16:46:13 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-05 16:46:13 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-05 16:46:12 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-09-05 16:46:12 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-05 16:46:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-05 16:46:05 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-22 02:05:00 ----N---- C:\WINDOWS\system32\PrivacIE.dll
2008-08-12 22:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-12 22:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-12 22:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-12 22:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-12 22:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-05 16:55:38 ----A---- C:\WINDOWS\system32\msdbg2.dll

======List of files/folders modified in the last 3 months======

2008-10-26 03:20:39 ----D---- C:\Documents and Settings\MBI\Application Data\Skype
2008-10-26 03:19:53 ----HD---- C:\WINDOWS\inf
2008-10-26 03:07:24 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 23:02:38 ----D---- C:\Documents and Settings\MBI\Application Data\skypePM
2008-10-25 10:03:49 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 19:52:30 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-24 16:13:51 ----AC---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2008-10-24 15:51:24 ----D---- C:\WINDOWS\security
2008-10-24 14:25:39 ----D---- C:\WINDOWS
2008-10-24 14:23:26 ----D---- C:\Documents and Settings\MBI\Application Data\OpenOffice.org2
2008-10-24 00:18:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-23 15:07:26 ----RD---- C:\Program Files
2008-10-21 20:04:21 ----D---- C:\Program Files\SwiftKit
2008-10-20 12:55:45 ----D---- C:\WINDOWS\system32
2008-10-20 12:51:26 ----A---- C:\WINDOWS\system.ini
2008-10-20 12:49:37 ----D---- C:\WINDOWS\system32\drivers
2008-10-20 12:49:35 ----D---- C:\WINDOWS\AppPatch
2008-10-20 12:49:35 ----D---- C:\Program Files\Common Files
2008-10-20 12:33:08 ----SHD---- C:\System Volume Information
2008-10-20 12:33:08 ----D---- C:\WINDOWS\system32\Restore
2008-10-19 18:02:14 ----RSD---- C:\WINDOWS\Fonts
2008-10-18 22:05:42 ----D---- C:\Lio King
2008-10-18 22:04:24 ----D---- C:\INSTALL
2008-10-18 21:45:21 ----SD---- C:\Documents and Settings\MBI\Application Data\Microsoft
2008-10-18 21:44:40 ----SHD---- C:\WINDOWS\Installer
2008-10-18 21:44:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 18:27:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-18 18:27:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-18 18:27:18 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-18 17:31:32 ----D---- C:\WINDOWS\system32\en-US
2008-10-18 17:31:30 ----D---- C:\WINDOWS\Media
2008-10-18 17:31:30 ----D---- C:\WINDOWS\Help
2008-10-18 17:31:30 ----D---- C:\Program Files\Internet Explorer
2008-10-18 17:29:18 ----A---- C:\WINDOWS\imsins.BAK
2008-10-18 17:06:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 16:17:16 ----D---- C:\WINDOWS\system32\config
2008-10-18 15:56:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-18 15:17:57 ----RASH---- C:\boot.ini
2008-10-18 14:56:35 ----D---- C:\Programy
2008-10-18 14:54:07 ----D---- C:\Documents and Settings
2008-10-18 00:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-18 00:00:10 ----D---- C:\Program Files\SwiftSwitch
2008-10-17 23:58:35 ----D---- C:\Program Files\Java
2008-10-14 10:50:17 ----AC---- C:\WINDOWS\CDSEDB01.INI
2008-10-08 15:22:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 19:39:00 ----D---- C:\WINDOWS\Minidump
2008-10-07 19:26:25 ----D---- C:\WINDOWS\system
2008-10-07 19:26:08 ----D---- C:\Program Files\AvRack
2008-10-07 18:43:53 ----AC---- C:\WINDOWS\RtlRack.ini
2008-10-07 18:37:50 ----AC---- C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt
2008-10-07 18:37:34 ----D---- C:\Program Files\Codec Pack - All In 1
2008-10-07 18:37:05 ----A---- C:\WINDOWS\iun6002.exe
2008-10-07 18:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-07 18:25:15 ----D---- C:\Program Files\Windows Media Player
2008-10-07 17:06:48 ----D---- C:\WINDOWS\system32\Setup
2008-10-07 17:06:32 ----D---- C:\WINDOWS\system32\usmt
2008-10-07 17:06:14 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-07 17:06:02 ----D---- C:\WINDOWS\mui
2008-10-07 17:06:02 ----D---- C:\WINDOWS\ehome
2008-10-07 17:06:00 ----D---- C:\WINDOWS\ime
2008-10-07 17:05:56 ----D---- C:\WINDOWS\Registration
2008-10-07 17:05:41 ----D---- C:\WINDOWS\PeerNet
2008-10-07 17:05:22 ----D---- C:\WINDOWS\system32\npp
2008-10-07 17:05:11 ----D---- C:\WINDOWS\msagent
2008-10-07 17:00:49 ----D---- C:\WINDOWS\twain_32
2008-10-07 16:59:33 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 16:58:44 ----D---- C:\WINDOWS\system32\1033
2008-10-07 16:57:16 ----D---- C:\WINDOWS\Driver Cache
2008-10-07 16:57:15 ----D---- C:\WINDOWS\WinSxS
2008-10-07 16:52:29 ----D---- C:\WINDOWS\system32\oobe
2008-10-07 16:52:29 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-07 16:52:25 ----D---- C:\WINDOWS\nview
2008-10-07 16:49:24 ----D---- C:\Program Files\Movie Maker
2008-10-07 16:49:09 ----D---- C:\Program Files\Outlook Express
2008-10-07 16:49:08 ----D---- C:\Program Files\Common Files\System
2008-10-07 16:48:39 ----D---- C:\WINDOWS\srchasst
2008-10-07 16:48:11 ----D---- C:\Program Files\NetMeeting
2008-10-07 16:43:29 ----D---- C:\WINDOWS\system32\ias
2008-10-07 16:42:42 ----AC---- C:\WINDOWS\ODBCINST.INI
2008-10-07 16:42:40 ----RD---- C:\WINDOWS\Web
2008-10-07 16:42:24 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-07 16:40:02 ----D---- C:\WINDOWS\system32\Com
2008-10-07 16:39:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-07 16:38:49 ----D---- C:\Program Files\Windows NT
2008-10-07 16:11:42 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-07 11:19:42 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-06 21:16:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-06 21:06:35 ----RD---- C:\Downloads
2008-10-06 20:05:15 ----A---- C:\WINDOWS\DUMP4cd7.tmp
2008-10-06 20:00:35 ----A---- C:\WINDOWS\DUMP5b2f.tmp
2008-10-06 19:59:18 ----A---- C:\WINDOWS\DUMP5ad2.tmp
2008-10-06 10:30:51 ----D---- C:\Program Files\ICQToolbar
2008-09-30 17:02:18 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-30 17:02:08 ----D---- C:\Program Files\Google
2008-09-29 20:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-29 11:03:06 ----D---- C:\Games
2008-09-29 01:45:24 ----D---- C:\WINDOWS\system32\DirectX
2008-09-29 00:51:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-29 00:23:43 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-09-29 00:16:36 ----D---- C:\Program Files\Messenger
2008-09-29 00:10:26 ----D---- C:\WINDOWS\network diagnostic
2008-09-25 23:15:55 ----D---- C:\Program Files\ICQ6
2008-09-25 13:50:27 ----D---- C:\Program Files\Counter-Strike
2008-09-15 07:11:50 ----D---- C:\download
2008-09-13 08:29:15 ----D---- C:\Documents and Settings\MBI\Application Data\ICQ
2008-09-05 16:17:49 ----D---- C:\WINDOWS\Debug
2008-08-22 02:15:56 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 02:14:40 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 02:10:34 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-08-22 02:09:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-22 02:08:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-08-22 02:08:22 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-22 02:08:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-22 02:08:06 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08:00 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07:58 ----A---- C:\WINDOWS\system32\url.dll
2008-08-22 02:07:50 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-22 02:07:50 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-22 02:07:08 ----A---- C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-22 02:06:44 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-22 02:06:40 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-22 02:06:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:06:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-22 02:06:30 ----A---- C:\WINDOWS\system32\jscript.dll
2008-08-22 02:06:30 ----A---- C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 02:06:24 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 02:06:20 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-22 02:06:16 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-22 02:06:16 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-22 02:06:02 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-22 02:05:48 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-22 02:05:34 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-22 02:05:24 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-22 02:05:22 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2008-08-22 02:05:22 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-22 02:05:20 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-22 02:05:16 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-22 02:05:14 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-22 02:05:14 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:05:10 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-22 02:05:08 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-22 02:05:00 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:04:54 ----A---- C:\WINDOWS\system32\mshta.exe
2008-08-22 01:58:12 ----A---- C:\WINDOWS\system32\ieui.dll
2008-08-22 01:57:56 ----A---- C:\WINDOWS\system32\msls31.dll
2008-08-22 01:42:22 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-12 22:03:52 ----D---- C:\WINDOWS\ie7updates
2008-08-09 16:27:50 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-05-16 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-05-16 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 ensqio;ensqio; C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB PCI128; C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-05 460864]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 StarWindServiceAE;StarWind AE Service; C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 BAGNP;BAGNP; C:\DOCUME~1\MBI\LOCALS~1\Temp\BAGNP.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 KHGCCI;KHGCCI; C:\DOCUME~1\MBI\LOCALS~1\Temp\KHGCCI.exe []
S4 KPKXTQY;KPKXTQY; C:\DOCUME~1\MBI\LOCALS~1\Temp\KPKXTQY.exe []
S4 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.04 2008-10-26 03:21:13

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\Uninst.isu"
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
All Media Fixer 8.7-->"C:\Programy\All Media Fixer\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVIConverter 3.0-->C:\Program Files\AVIConverter\uninst.exe
Back4Win-->C:\Programy\back4win\unins000.exe
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang CZ-->MsiExec.exe /I{FFFE7261-2318-4227-B827-E9E05E16DFE5}
CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW® Graphics Suite X4 - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW® Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW® Graphics Suite X4-->c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
Counter-Strike 1.6 v32-->C:\Program Files\Counter-Strike\Uninstal.exe
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9
Direct MP3 Joiner 2.4-->"C:\Program Files\Direct MP3 Joiner\unins000.exe"
Disney Interactive Global Compatibility Update June 2003-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FL Studio v7.0-->"C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
FlatOut2-->MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}
Free Download Manager Archive Pack-->"C:\WINDOWS\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InetDataMeter 2.4.6.332 Beta, 2006-->"C:\Programy\InetDataMeter\unins000.exe"
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Converter 3-->C:\Progray\Xilisoft\MP4 Converter 3\Uninstall.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
OpenSSL 0.9.6m-->C:\OpenSSL\unins000.exe
PCGeniusCD-->C:\Program Files\DEAMM\PcGeniusCD\SYSTEM\AUTORUN_.EXE /UNINSTAL
PhotoRescue Pro 4.5.2-->C:\Programy\PhotoRescue Pro\uninst.exe
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recover My Files-->"C:\Programy\Recover My Files\unins000.exe"
ScreenShots (pouze odebrat)-->"C:\Programy\ScreenShots\uninstall.exe"
Security Task Manager 1.7g-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sound Blaster PCI128-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Creative\CTSND\DeIsL1.isu"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SwiftKit-->C:\Program Files\SwiftKit\Uninstall.exe
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
TalkTalk Assist & Go-->MsiExec.exe /X{D084B1A9-153B-409D-AEBF-C40FCEF925EA}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Uninstall 4.26-->"C:\Programy\Total Uninstall 4\unins000.exe"
TRUST MI-2500X OPTICAL MOUSE-->C:\Programy\MI-2500X OPTICAL MOUSE\uninst00.exe
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
USB PC Camera Plus-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0009 -removeonly
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Vtune 5.1-->"C:\Program Files\Vtune\unins000.exe"
WebEye-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03B20126-F3C2-11D5-A6D2-00C026001DCA}\Setup.exe" -l0x9
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR-->C:\Programy\WinRAR\uninstall.exe
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Xilisoft YouTube Video Converter-->C:\Programy\YouTube Video Converter\Uninstall.exe
ZBOT para Cs1.6-->"C:\Program Files\Valve\cstrike\unins000.exe"

=====HijackThis Backups=====

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O23 - Service: KPKXTQY - Unknown owner - C:\DOCUME~1\MBI\LOCALS~1\Temp\KPKXTQY.exe (file missing)
O23 - Service: KHGCCI - Unknown owner - C:\DOCUME~1\MBI\LOCALS~1\Temp\KHGCCI.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081025-1]
FW: Sygate Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"OPENSSL_CONF"=C:\OpenSSL\bin\openssl.cnf

-----------------EOF-----------------


I hope this helps ;).

Edited by DJohn, 25 October 2008 - 10:23 PM.


#7 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:02 PM

Posted 26 October 2008 - 12:37 PM

Hi
OK give me some time to go over your logs and I'll get back to you ASAP.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#8 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 26 October 2008 - 12:42 PM

You've got as much time as you need ;). Good luck analysing. ^^

#9 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:02 PM

Posted 27 October 2008 - 07:04 AM

Hi DJohn

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,


Now about your sound problem.

Click Start> control panel
Open "Sounds and Audio Devices" then click "sounds" tab.
Under "Program events" hilight "start windows"
Default setting is "Windows XP Startup.wav"
You can change it.
Apply & OK out.


Please do the following.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click on Tools, then click on the Resident Icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
Click on the "System Startup" icon in the List
Uncheck the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]


Please backup your registry using ERUNT before proceeding to any of the steps.

Download ERUNT from Derfisch or Aumha and save it to your desktop.

Use the setup program to install ERUNT on your computer
Click ERUNT.Setup.exe to install ERUNT and backup your registry.
Uncheck the "Create NTREGOPT desktop icon” box.
In the window that comes up to Create an ERUNT entry to the Start up folder select No.

By Default the backup location is C:\windows\erunt\ (current date)
Click OK to continue with the registry backup.
If the folder does not exist then let ERUNT create the folder for you by clicking Yes
You should see a progress bar when ERUNT is backing up the Windows Registry.
After ERUNT has completed the Windows Registry backup. Click OK to exit ERUNT

Open “Notepad” Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as"
In the "Save In" box at the top click the down arrow and select DeskTop

In the “File name” type in: fix.reg
In the “Save As Type” select: All Files
Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87733064-5686-11dd-8744-000c768ee581}]


Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

http://www.techsupportforum.com/sectools/s...Disinfector.exe

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Hold down the Shift key and insert your flash drive. (USB thumb drives)
It is important to hold the shift key while plugging in flash drive so the virus does not run and re-infect system.Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Your desktop will vanish for a while, and then reappear. This is normal.
Wait until the program has finished scanning, then please exit the program.
Repeat this step if you have more than one flash drives.


Now please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now lets get a on line scan.

Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.
  • The program will launch and then begin downloading the latest definition files:
  • Under Scan on the left side.Click on My Computer
  • This will start the program and scan your system.
  • Click the “Scan Report” On the left side.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
  • Save the text file to your desktop.
  • Copy and paste that information in your next post.
Please post the Kaspersky results.


Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#10 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 28 October 2008 - 01:54 PM

Hello maranatha, I've done everything you said, but the kaspersky test is running for 11 HOURS and still has 20% to do... So far, it found 2 infected files, and it's checing program files folder at the moment(where in fact, I don't think he's going to find anything)... Is there any way to speed up the process?(I haven't been using my computer while the scan was running)

Thanks

DJohn

Edited by DJohn, 28 October 2008 - 01:56 PM.


#11 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 28 October 2008 - 02:35 PM

Hello, I am sorry to tell you, but my mother wanted to check her email, and by and accident windows IE had a bug, which had shut him down. Therefore I don't have the log you asked for, and honestly, I can't waste another 12 hours doing a scan. Only option I see here is that the two infections I have mentioned before were found about 3 hours after scan had started and so - maybe if I stop scan as soon as it finds them I can get you at least these two in the log.

Thanks For reply


DJohn

#12 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:02 PM

Posted 28 October 2008 - 08:12 PM

Hi
DJohn
Did you disable your anti virus program before doing the scan?

Lets see if Panda will run faster.

Make sure you run ATF Cleaner before doing the scan and disable your AV.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Thanks
maranatha

Edited by maranatha, 28 October 2008 - 08:14 PM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#13 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 29 October 2008 - 10:58 AM

Antivirus and firewall were switched off while KOS was running.

I'll do everything you said above, but just to mention, I've ran KOS again(this time it has worked for 10 hours and had 50% of the scan done when I stopped it). Here is the repport of the infected file(other one is a file that is used by malware removal software, I don't remeber which one):

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 28, 2008 21:05:53
Records in database: 1354767
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
E:\
F:\

Scan statistics:
Files scanned: 23970
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 16:14:06


File name / Threat name / Threats count
C:\Documents and Settings\MBI\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.etc 1
//NOTE this is not a virus. I think you arleady have figured that out
C:\Documents and Settings\MBI\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The scan was stopped by the user.

Edited by DJohn, 29 October 2008 - 11:00 AM.


#14 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:02 PM

Posted 30 October 2008 - 10:32 PM

Hi DJohn
Those two files are not a threat, they are part of smitfraudfix that you ran.

I'm in contact with a teacher to see what we can do about getting a full scan or going from here.

I will get back to you ASAP.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#15 DJohn

DJohn
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Motherwell
  • Local time:06:02 AM

Posted 31 October 2008 - 03:03 AM

Hello maranatha.

I've done the scan you asked for. Honestly, there is still a couple of viruses out there. Here is the repport:



;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-31 07:49:30
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 081030-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@yadro[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@toplist[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@bs.serving-sys[3].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@adtech[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\MBI\Cookies\mbi@questionmarket[2].txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\MBI\Desktop\Flash_Disinfector.exe[C:\Documents and Settings\MBI\Desktop\Flash_Disinfector.exe][nircmd.exe]
02377451 Adware/SaveNow Adware No 0 No No C:\INSTALL\Kodeky\BS Player\bsplayer224[2].954_clip.exe[AdVantageSetup.exe]
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\MBI\Desktop\SmitfraudFix.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\MBI\Desktop\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\MRT\SDFix.exe[C:\MRT\SDFix.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\MRT\SDFix.exe[C:\MRT\SDFix.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{D0DA1893-D1C0-4815-BF20-7B298C7551AE}\RP1\A0000001.exe[32788R22FWJFW\catchme.cfexe]
03857888 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Counter-Strike\platform\Friends\friendsUI.dll
03901991 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Counter-Strike\platform\Admin\AdminServer.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\MBI\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe]
No C:\Programy\SwiftSwitch\swiftswitch(install).exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176383 HIGH MS07-058
170907 HIGH MS07-046
170904 HIGH MS07-043
164915 HIGH MS07-035
164911 HIGH MS07-031
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141034 HIGH MS06-076
141033 MEDIUM MS06-075
137571 HIGH MS06-070
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
117384 MEDIUM MS06-018
114666 HIGH MS06-015
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93394 HIGH MS05-050
93454 MEDIUM MS05-049
;===================================================================================================================================================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users