Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help please on this hjt log.


  • This topic is locked This topic is locked
46 replies to this topic

#1 martyn

martyn

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 27 November 2008 - 03:37 PM

Had something dropped onto my pc yesterday, looked like it was twext.exe.
Ran SDfix as recommended in the 'am i infected' forum and now posting these logs just to be sure i'm ok. Mod. Edit: Thread referenced is here: http://www.bleepingcomputer.com/forums/t/182233/help-please-twextexe/ ~ OB


Logfile of random's system information tool 1.04 (written by random/random)
Run by martynh at 2008-11-27 20:30:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 115 GB (48%) free of 238 GB
Total RAM: 511 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31, on 2008-11-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\martynh\Local Settings\Temporary Internet Files\Content.IE5\RUKCALW1\RSIT[1].exe
C:\Program Files\trend micro\martynh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.simalert.org/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [KNOfflineSystray] "C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AffiliateWindow Alerts] C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86ec78af64674fcfa3e1de6abd5fea0c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86ec78af64674fcfa3e1de6abd5fea0c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://80.36.101.7:8056/VatDec.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://81.137.208.77:1024/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22aecd425a27c769b823/...ip/RdxIE601.cab
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://ecc.documentum.com/eRoomSetup/client.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://pih-cam2.plus.net/activex/AMC.cab
O16 - DPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} (SAXFileEE FileUpload ActiveX Control) - https://fileservice.emc.com/XFile/SAXFileEE.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://64.161.38.75/telnet/msrdp2.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://86.129.41.152/activex/AxisCamControl.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/plugin/h263ctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.205.96.237:6500/activex/AMC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emclive.webex.com/client/T24L/event/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://hive2.hsbc.co.uk/dana-cached/setup/...perSetupSP1.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF73C2E8-1E65-44E3-8DF5-C694853E0F61}: Domain = martyns.home
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Servers Alive (salive) - Woodstone bvba - C:\PROGRA~1\Salive\serversalive.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 14611 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\9AED011FBFB6B7FB.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\checkdom.job
C:\WINDOWS\tasks\Collect.job
C:\WINDOWS\tasks\ftpit.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Process Data.job
C:\WINDOWS\tasks\Update SA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5FBD9F23-AEF9-48EA-A6BD-AFC2A5315DBD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-29 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"bcmwltry"=C:\WINDOWS\system32\bcmwltry.exe [2003-07-25 462848]
"OneTouch Monitor"=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [2002-02-22 90112]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-10-05 866584]
"WinVNC"=C:\Program Files\TightVNC\WinVNC.exe [2003-08-01 474624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"Vivotek ST3402"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-03-06 77824]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]
"tbbMeter"=C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe [2008-11-09 448016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Bandwidth Monitor Pro"=C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe [2004-02-10 187904]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-01-25 1032376]
"KNOfflineSystray"=C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe [2006-10-03 53248]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-29 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
"AffiliateWindow Alerts"=C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe [2005-02-25 476672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\martynh\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-10-05 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe"="C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe:*:Enabled:PRTG_Traffic_Grapher_Webserver"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\SetupWizard\stInstall.exe"="D:\SetupWizard\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\kdx\KHost.exe"="C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager"
"C:\Program Files\KService\KService.exe"="C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service"
"C:\speedtouch\upgradeST.exe"="C:\speedtouch\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Downloads\utorrent.exe"="C:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb30eae-63ec-11d8-acba-0030bd637e5f}]
shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L


======List of files/folders created in the last 1 months======

30828-09-03 21:17:44 ----A---- C:\WINDOWS\setuplog.txt
2008-11-27 20:30:38 ----D---- C:\Program Files\trend micro
2008-11-27 20:30:17 ----D---- C:\rsit
2008-11-27 18:33:19 ----A---- C:\WINDOWS\system32\results.txt
2008-11-27 10:20:50 ----D---- C:\Documents and Settings\martynh\Application Data\WinRAR
2008-11-27 00:16:45 ----A---- C:\rtsdnif.exe
2008-11-27 00:16:45 ----A---- C:\editreg.exe
2008-11-27 00:16:45 ----A---- C:\dnif.exe
2008-11-27 00:16:45 ----A---- C:\attrib.exe
2008-11-26 23:07:25 ----D---- C:\WINDOWS\ERUNT
2008-11-26 23:04:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 21:24:28 ----D---- C:\SDFix
2008-11-26 16:26:48 ----D---- C:\ComboFix
2008-11-26 16:26:43 ----A---- C:\WINDOWS\system32\CF8919.exe
2008-11-26 15:54:46 ----A---- C:\WINDOWS\SWREG.exe
2008-11-26 15:54:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\zip.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\VFIND.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\sed.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\grep.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\fdsv.exe
2008-11-26 15:54:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-26 15:54:44 ----A---- C:\WINDOWS\SWSC.exe
2008-11-26 15:54:13 ----D---- C:\WINDOWS\ERDNT
2008-11-26 15:54:13 ----D---- C:\Qoobox
2008-11-26 15:54:00 ----A---- C:\WINDOWS\system32\CF2436.exe
2008-11-26 12:06:33 ----A---- C:\p.txt
2008-11-26 11:49:50 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2008-11-25 12:27:06 ----D---- C:\Documents and Settings\All Users\Application Data\Epitiro
2008-11-25 12:27:05 ----D---- C:\Program Files\isposure
2008-11-25 12:26:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-25 12:25:26 ----D---- C:\Program Files\thinkbroadband.com
2008-11-24 13:05:58 ----A---- C:\DANPAC.TXT
2008-11-21 12:49:52 ----A---- C:\euro.txt
2008-11-18 11:04:57 ----RA---- C:\WINDOWS\system32\msls2.dll
2008-11-13 01:11:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 01:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 01:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

30828-09-03 21:34:13 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-27 20:30:48 ----D---- C:\WINDOWS\Temp
2008-11-27 20:30:38 ----RD---- C:\Program Files
2008-11-27 20:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-11-27 18:35:50 ----D---- C:\WINDOWS
2008-11-27 18:33:19 ----D---- C:\WINDOWS\system32
2008-11-27 18:30:59 ----D---- C:\Downloads
2008-11-27 18:10:07 ----D---- C:\WINDOWS\Prefetch
2008-11-27 10:01:46 ----SD---- C:\WINDOWS\Tasks
2008-11-27 09:59:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 09:58:18 ----D---- C:\backups
2008-11-26 23:18:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-26 16:26:46 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 15:57:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 12:47:29 ----ASHD---- C:\3000
2008-11-26 11:12:57 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-25 19:05:30 ----D---- C:\CutePrinter
2008-11-25 12:27:17 ----SHD---- C:\WINDOWS\Installer
2008-11-25 12:27:10 ----SHD---- C:\Config.Msi
2008-11-25 12:26:13 ----RSD---- C:\WINDOWS\assembly
2008-11-25 12:26:12 ----D---- C:\Program Files\Common Files
2008-11-24 18:32:03 ----D---- C:\Program Files\FlashGet
2008-11-19 23:58:40 ----A---- C:\salive.txt
2008-11-19 18:41:36 ----A---- C:\g.vbs
2008-11-18 11:04:37 ----HD---- C:\WINDOWS\inf
2008-11-18 11:04:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-18 11:01:05 ----D---- C:\Program Files\Microsoft Works
2008-11-17 17:08:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-13 01:10:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 01:10:00 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 01:07:32 ----D---- C:\WINDOWS\WinSxS
2008-11-10 13:55:20 ----D---- C:\tradedoubler
2008-11-04 18:44:43 ----D---- C:\WINDOWS\Help
2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-01 20:34:11 ----D---- C:\Program Files\NavNT
2008-11-01 19:35:22 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-01 18:48:58 ----D---- C:\Documents and Settings
2008-10-29 17:44:03 ----A---- C:\wialog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_550_11711.SYS []
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 Crypto;Crypto; C:\WINDOWS\system32\drivers\Crypto.sys [2000-07-10 217088]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 IPSECDRV;SafeNet IPSec Plugin; \??\C:\WINDOWS\System32\Drivers\IPSECDRV.sys []
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\NavNT\NAVAPEL.SYS []
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 23200]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-01-11 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 BCM43XX;BCM 802.11g Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
R3 catchme;catchme; \??\C:\DOCUME~1\martynh\LOCALS~1\Temp\catchme.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\System32\DRIVERS\dne2000.sys [2002-02-27 128380]
R3 DniVap;SafeNet WAN Miniport (VA); C:\WINDOWS\System32\DRIVERS\vap.sys [2002-02-27 36188]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-01-02 26240]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081119.017\NAVENG.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081119.017\NAVEX15.sys []
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-03-10 26112]
R3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-06-07 39488]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vdiskbus;Virtual Disk Bus; C:\WINDOWS\system32\DRIVERS\vdiskbus.sys [2002-02-20 34123]
S2 Ca533av;Polaroid Digital Cam Video; C:\WINDOWS\System32\Drivers\Ca533av.sys []
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter; C:\WINDOWS\System32\DRIVERS\bkusbxp.sys [2003-04-09 101099]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM); C:\WINDOWS\System32\DRIVERS\webc3vid.sys [2001-11-07 166504]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-01-12 70001]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\NSNDIS5.SYS []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PEEK5;PEEK5 Protocol Driver; \??\C:\ac\AIRCRA~1.1\win32\PEEK5.SYS []
S3 PSSdk21;PSSdk21; \??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv []
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-01-03 22768]
S3 UsbSf; Driver Service; C:\WINDOWS\system32\DRIVERS\UsbSf.sys [2006-04-15 17145]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-09-06 9600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2001-09-24 32768]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
R2 IPSECMON;SafeNet Monitor Service; C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe [2002-03-28 24630]
R2 IREIKE;SafeNet IKE Service; C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe [2002-03-28 213042]
R2 isposure_svc;IsposureAgent; C:\Program Files\isposure\IsposureAgent.exe [2008-10-23 712704]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-01-25 3072184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher; C:\Program Files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-10-05 13592]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2003-08-01 474624]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2001-09-24 454656]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 PRTG4Service;PRTG 4 Service - Paessler Router Traffic Grapher; C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe [2005-07-26 4864280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-07-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-05-07 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 salive;Servers Alive; C:\PROGRA~1\Salive\serversalive.exe [2004-05-15 457216]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 XZ;XZ; C:\DOCUME~1\martynh\LOCALS~1\Temp\XZ.exe []

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-11-27 20:31:32

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD-->MsiExec.exe /I {68D88FD1-C7BA-4BC9-B6A6-9685FAECD7EE}
ActivePerl 5.8.8 Build 819-->MsiExec.exe /I{8C8C2500-3756-4CFF-8CAD-E840A36AAB84}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Administrative Tools-->C:\PROGRA~1\G-LOCK~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\G-LOCK~1\ADVANC~1\INSTALL.LOG
Advanced Log Analyzer 1.5-->"C:\Program Files\Advanced Log Analyzer\unins000.exe"
AffiliateWindow Alerts (remove only)-->C:\Program Files\AffiliateWindow Alerts\Uninstall.exe
Ahead ImageDrive-->C:\WINDOWS\UNIDRV.exe /UNINSTALL
Ahead Nero - Burning Rom-->C:\WINDOWS\UNNERO.exe /UNINSTALL
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AnyTV 2.05-->"C:\Program Files\FDRLab\AnyTV\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Avanquest update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 -removeonly
Avi2Dvd 0.4.4 beta-->C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVOne - RM to AVI DVD VCD SVCD Converter (d)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E94DDE5-1712-48F6-B815-7F9A76F2287C}\Setup.exe"
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
AXIS Media Control-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
Bandwidth Monitor Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Bandwidth Monitor Pro\uninstal.log
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Belkin 11Mbps Wireless USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9CFF910-6B4D-434A-85E8-F8A385140174}\Setup.exe"
Belkin Wireless Setup utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A0BBC906-9A33-4C79-A26A-758ED3503769} /l1033 REMOVE
Bryce® 5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Corel\Bryce 5\Uninst.isu"
ByteSphere OidView 2.7-->C:\PROGRA~1\OidView\UNWISE.EXE C:\PROGRA~1\OidView\INSTALL.LOG
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Citrix Program Neighborhood-->C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
CLARiiONPG Procedure Generator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F49A0F20-F1EC-11D4-A7AE-00B0D03A5FE6}\Setup.exe" anything
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD Trial 3.0.2.5-->"C:\Program Files\CloneDVD\unins000.exe"
CloneDVD-->"C:\Program Files\Elaborate Bytes\CloneDVD\CloneDVD-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Creative Video Blaster WebCam 3 USB/WebCam Plus Driver-->C:\WINDOWS\ctdrvins.exe -uninstall usb\vid_05a9&pid_a511 -plugin webc3pin.dll -pluginres webc3pin.crl
CutePDF Printer Setup-->C:\WINDOWS\System32\UnCutePP.exe
DivxToDVD 1.99.19-->"C:\Program Files\vso\DivxToDVD\unins001.exe"
Easy Video Capture 1.30-->"C:\Program Files\Easy Video Capture\unins000.exe"
eRoom 7-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\eRoom 7\Uninst.isu" -c"C:\Program Files\eRoom 7\eRClientUninstall.dll"
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Freez Screen Video Capture v1.2-->"C:\Program Files\Smallvideosoft\Freez\unins000.exe"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe"
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
isposure (installed by tbbMeter)-->MsiExec.exe /X{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_09-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142090}
JLC's Internet TV-->"C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Juniper Networks Secure Application Manager-->C:\Program Files\Juniper Networks\Secure Application Manager\UninstallSAM.exe
KJ Pro-->"C:\Program Files\Kjpro\uninstall.exe" C:\PROGRA~1\Kjpro\install.log
K-Lite Codec Pack 2.82 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KnowledgeNet Offline-->"C:\Program Files\KnowledgeNet Offline\UninstallerData\Uninstall Offline.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Log Parser 2.2-->MsiExec.exe /I{4AC23178-EEBC-4BAF-8CC0-AB15C8897AC9}
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft FrontPage 2002-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\80\Tools\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\80\Tools\sqlsun.dll" -msql.mif
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{A4512736-8D63-4298-9271-5329931FA46B}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Tool Web Package:Diruse.exe-->MsiExec.exe /X{8D1AA5F7-CF6B-40F1-A783-2E19E384E1B0}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
mIRC-->"C:\Myriad\mirc.exe" -uninstall
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3+G Toolz-->MsiExec.exe /I{F50A4470-7A45-4A5A-97F8-806990B736C2}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySQL Server 4.1-->MsiExec.exe /I{FF2705ED-8734-417D-A854-4EA3F679CCC5}
MySQL Tools for 5.0-->MsiExec.exe /I{01A91670-7CB3-443D-8955-116689A121AA}
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Map Manager-->MsiExec.exe /I{48DAC839-8673-4BDC-A1AF-96035EF4481D}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696}
Norton AntiVirus Corporate Edition-->MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
Norton Ghost-->MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
OneTouch Version 3.0-->C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
Paint.NET v3.35-->MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PRTG Traffic Grapher V4-->"C:\Program Files\PRTG Traffic Grapher 4\unins000.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Remote Recover-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FB3B212-8137-4EA1-8A04-47D1C63DF8B8}\Setup.exe"
SafeNet SoftRemoteLT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\SafeNet\SoftRemoteLT\Setup\Setup.exe" -l0x9
ScanSoft PaperPort Viewer 7.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort Viewer\Uninst.isu"
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Servers Alive v4.1-->C:\PROGRA~1\Salive\UNWISE.EXE C:\PROGRA~1\Salive\INSTALL.LOG
sim Reader-->"C:\WINDOWS\sim Reader\uninstall.exe" "/U:C:\Program Files\sim Reader\Uninstall\uninstall.xml"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartFTP Client 2.0 Setup Files (remove only)-->"C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.0-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SoundTap-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
SWiSH v2.0-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH v2.0\uninstal.log
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
tbbMeter-->MsiExec.exe /X{3589BC55-B0AF-4434-A3A0-D5F67EA4F57D}
ThreatExpert Memory Scanner 1.0-->"C:\Program Files\ThreatExpert Memory Scanner\unins000.exe"
TightVNC 1.2.9-->"C:\Program Files\TightVNC\unins000.exe"
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
TVUPlayer 2.2.0-->C:\Program Files\TVUPlayer\uninst.exe
UK-Info 2003-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20DB61B2-FBF0-4503-9D40-EC8F3AB8BB67}\setup.exe" -l0x9
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoEdit Converter Gold-->"C:\Program Files\VideoEdit Converter Gold\unins000.exe"
Virtual Earth 3D (Beta)-->MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}
VisionGS PE-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\VisionGS PE\UnInst.log" "/APPNAME=VisionGS PE"
Vivotek ST3402-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{34BC92E4-6310-4EEB-887F-559EB1AA1479}
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XBC 5.1-->C:\PROGRA~1\XBC\UNWISE.EXE C:\PROGRA~1\XBC\INSTALL.LOG
XML Converter Standard Edition-->"C:\Program Files\RustemSoft\XML Converter Standard Edition\Uninstall.exe" "C:\Program Files\RustemSoft\XML Converter Standard Edition\install.log"

======Hosts File======

127.0.0.1 localhost

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Perl\bin;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\Common Files\Adobe\AGL;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Edited by Orange Blossom, 27 November 2008 - 05:01 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:09 PM

Posted 05 December 2008 - 07:00 AM

Hi martyn,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please run RSIT, set the list of Files/Folders created to 3 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

  • You have (tried?) run Combofix and it might be the reason the helpers did not reply to your topic. I understand you just wanted to clean your computer as soon as possible.
    Please post the Combofix log to your reply if you find it here C:\ComboFix.txt or here: C:\Qoobox\ComboFix2.txt

  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

You might want to save this page on your favorites, so you can find it again when you return.

#3 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 08:03 AM

Hi farbar, glad you can help.

I did run combofix before visiting this site, found it as a recommendation on another site(foolish me) - can't find any logfiles called combofix.txt anywhere but did find c:\qoobox\quarantine\catchme.txt that contains


-------- 26/11/2008 - 15:54:13.33 -------------

file zipped: C:\WINDOWS\system32\twext.exe -> _twext_.exe.zip -> twext.exe ( 351232 bytes )
PE file "C:\WINDOWS\system32\twext.exe" killed successfully
File "C:\WINDOWS\system32\twext.exe" added successfully
file "C:\WINDOWS\system32\twext.exe" deleted successfully

-------- 2008-11-26 - 16:26:50.15 -------------


In terms of any updates/changes - the computer has been powered off since I posted here, i've just powered up and ran rsit (log below) and before running that I disabled windows auto-updates to make sure nothing else gets applied.

Logfile of random's system information tool 1.04 (written by random/random)
Run by martynh at 2008-12-05 12:54:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 115 GB (48%) free of 238 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55, on 2008-12-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\martynh\Desktop\RSIT.exe
C:\WINDOWS\system32\netstat.exe
C:\Program Files\trend micro\martynh.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.simalert.org/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [KNOfflineSystray] "C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AffiliateWindow Alerts] C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86ec78af64674fcfa3e1de6abd5fea0c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86ec78af64674fcfa3e1de6abd5fea0c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://80.36.101.7:8056/VatDec.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://81.137.208.77:1024/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22aecd425a27c769b823/...ip/RdxIE601.cab
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://ecc.documentum.com/eRoomSetup/client.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://pih-cam2.plus.net/activex/AMC.cab
O16 - DPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} (SAXFileEE FileUpload ActiveX Control) - https://fileservice.emc.com/XFile/SAXFileEE.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://64.161.38.75/telnet/msrdp2.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://86.129.41.152/activex/AxisCamControl.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/plugin/h263ctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.205.96.237:6500/activex/AMC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emclive.webex.com/client/T24L/event/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://hive2.hsbc.co.uk/dana-cached/setup/...perSetupSP1.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF73C2E8-1E65-44E3-8DF5-C694853E0F61}: Domain = martyns.home
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Servers Alive (salive) - Woodstone bvba - C:\PROGRA~1\Salive\serversalive.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 15214 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\9AED011FBFB6B7FB.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\checkdom.job
C:\WINDOWS\tasks\Collect.job
C:\WINDOWS\tasks\ftpit.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Process Data.job
C:\WINDOWS\tasks\Update SA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5FBD9F23-AEF9-48EA-A6BD-AFC2A5315DBD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-29 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"bcmwltry"=C:\WINDOWS\system32\bcmwltry.exe [2003-07-25 462848]
"OneTouch Monitor"=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [2002-02-22 90112]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-10-05 866584]
"WinVNC"=C:\Program Files\TightVNC\WinVNC.exe [2003-08-01 474624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"Vivotek ST3402"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-03-06 77824]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]
"tbbMeter"=C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe [2008-11-09 448016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Bandwidth Monitor Pro"=C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe [2004-02-10 187904]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-01-25 1032376]
"KNOfflineSystray"=C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe [2006-10-03 53248]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-29 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
"AffiliateWindow Alerts"=C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe [2005-02-25 476672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\martynh\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-10-05 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe"="C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe:*:Enabled:PRTG_Traffic_Grapher_Webserver"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\SetupWizard\stInstall.exe"="D:\SetupWizard\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\kdx\KHost.exe"="C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager"
"C:\Program Files\KService\KService.exe"="C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service"
"C:\speedtouch\upgradeST.exe"="C:\speedtouch\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Downloads\utorrent.exe"="C:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb30eae-63ec-11d8-acba-0030bd637e5f}]
shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L


======List of files/folders created in the last 3 months======

30828-09-03 21:17:44 ----A---- C:\WINDOWS\setuplog.txt
2008-11-27 20:30:38 ----D---- C:\Program Files\trend micro
2008-11-27 20:30:17 ----D---- C:\rsit
2008-11-27 18:33:19 ----A---- C:\WINDOWS\system32\results.txt
2008-11-27 10:20:50 ----D---- C:\Documents and Settings\martynh\Application Data\WinRAR
2008-11-27 00:16:45 ----A---- C:\rtsdnif.exe
2008-11-27 00:16:45 ----A---- C:\editreg.exe
2008-11-27 00:16:45 ----A---- C:\dnif.exe
2008-11-27 00:16:45 ----A---- C:\attrib.exe
2008-11-26 23:07:25 ----D---- C:\WINDOWS\ERUNT
2008-11-26 23:04:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 21:24:28 ----D---- C:\SDFix
2008-11-26 16:26:48 ----D---- C:\ComboFix
2008-11-26 16:26:43 ----A---- C:\WINDOWS\system32\CF8919.exe
2008-11-26 15:54:46 ----A---- C:\WINDOWS\SWREG.exe
2008-11-26 15:54:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\zip.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\VFIND.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\sed.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\grep.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\fdsv.exe
2008-11-26 15:54:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-26 15:54:44 ----A---- C:\WINDOWS\SWSC.exe
2008-11-26 15:54:13 ----D---- C:\WINDOWS\ERDNT
2008-11-26 15:54:13 ----D---- C:\Qoobox
2008-11-26 15:54:00 ----A---- C:\WINDOWS\system32\CF2436.exe
2008-11-26 12:06:33 ----A---- C:\p.txt
2008-11-26 11:49:50 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2008-11-25 12:27:06 ----D---- C:\Documents and Settings\All Users\Application Data\Epitiro
2008-11-25 12:27:05 ----D---- C:\Program Files\isposure
2008-11-25 12:26:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-25 12:25:26 ----D---- C:\Program Files\thinkbroadband.com
2008-11-24 13:05:58 ----A---- C:\DANPAC.TXT
2008-11-21 12:49:52 ----A---- C:\euro.txt
2008-11-18 11:04:57 ----RA---- C:\WINDOWS\system32\msls2.dll
2008-11-13 01:11:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 01:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 01:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-25 18:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 17:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 10:40:58 ----A---- C:\f.txt
2008-10-07 08:33:34 ----A---- C:\rbcopy.bat
2008-10-07 08:28:48 ----D---- C:\2
2008-10-07 08:27:31 ----A---- C:\ROBOCOPY.EXE
2008-10-06 19:15:29 ----D---- C:\backups
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-18 22:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-18 12:40:17 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-18 12:31:16 ----D---- C:\WINDOWS\Prefetch
2008-09-18 12:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-18 12:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-18 12:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-18 12:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-18 12:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-18 12:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-18 12:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-18 12:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-18 12:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-18 12:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-18 12:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 12:14:37 ----D---- C:\WINDOWS\system32\scripting
2008-09-18 12:14:33 ----D---- C:\WINDOWS\l2schemas
2008-09-18 12:14:31 ----D---- C:\WINDOWS\system32\en
2008-09-17 20:33:48 ----D---- C:\wii
2008-09-17 15:26:16 ----D---- C:\quiz
2008-09-17 15:02:36 ----A---- C:\quiz.txt
2008-09-17 11:57:55 ----A---- C:\cpu.vbs
2008-09-17 11:52:52 ----A---- C:\proc.vbs
2008-09-14 16:17:34 ----A---- C:\excel.vbs
2008-09-13 21:51:53 ----D---- C:\ssf
2008-09-13 00:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-13 00:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-12 21:53:07 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-12 21:52:48 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-12 21:52:48 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-12 21:52:26 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-12 21:52:18 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-12 21:52:15 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-12 21:52:14 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-12 21:52:11 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-12 21:52:11 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-12 21:52:11 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-12 21:52:00 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-12 21:51:43 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-12 21:51:43 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-12 21:51:43 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-12 21:51:38 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-12 21:51:38 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-12 21:51:10 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-12 21:51:09 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-12 21:51:09 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-12 21:51:09 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-12 21:50:57 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-12 21:50:55 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-12 21:50:54 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-12 21:50:54 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-12 21:50:54 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-12 21:50:53 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-12 21:50:13 ----A---- C:\WINDOWS\006364_.tmp
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-12 21:49:59 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-12 21:49:59 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-12 21:49:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-12 21:49:51 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-12 21:49:40 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-12 21:49:39 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-12 21:49:16 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 3 months======

30828-09-03 21:34:13 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-05 12:55:15 ----D---- C:\WINDOWS\Temp
2008-12-05 12:54:33 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-12-05 12:50:56 ----SD---- C:\WINDOWS\Tasks
2008-12-05 12:49:38 ----D---- C:\WINDOWS
2008-12-05 12:48:27 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 00:34:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 21:36:11 ----D---- C:\WINDOWS\system32
2008-11-27 20:30:38 ----RD---- C:\Program Files
2008-11-27 18:30:59 ----D---- C:\Downloads
2008-11-26 23:18:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-26 16:26:46 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 12:47:29 ----ASHD---- C:\3000
2008-11-26 11:12:57 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-25 19:05:30 ----D---- C:\CutePrinter
2008-11-25 12:27:17 ----SHD---- C:\WINDOWS\Installer
2008-11-25 12:27:10 ----SHD---- C:\Config.Msi
2008-11-25 12:26:13 ----RSD---- C:\WINDOWS\assembly
2008-11-25 12:26:12 ----D---- C:\Program Files\Common Files
2008-11-24 18:32:03 ----D---- C:\Program Files\FlashGet
2008-11-19 23:58:40 ----A---- C:\salive.txt
2008-11-19 18:41:36 ----A---- C:\g.vbs
2008-11-18 11:04:37 ----HD---- C:\WINDOWS\inf
2008-11-18 11:04:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-18 11:01:05 ----D---- C:\Program Files\Microsoft Works
2008-11-17 17:08:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-13 01:10:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 01:10:00 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 01:07:32 ----D---- C:\WINDOWS\WinSxS
2008-11-10 13:55:20 ----D---- C:\tradedoubler
2008-11-04 18:44:43 ----D---- C:\WINDOWS\Help
2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-01 20:34:11 ----D---- C:\Program Files\NavNT
2008-11-01 18:48:58 ----D---- C:\Documents and Settings
2008-10-29 17:44:03 ----A---- C:\wialog.txt
2008-10-26 12:25:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-21 16:36:41 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 21:06:44 ----D---- C:\WINDOWS\system32\wbem
2008-10-15 17:35:35 ----D---- C:\Program Files\Internet Explorer
2008-10-15 17:34:30 ----A---- C:\WINDOWS\win.ini
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 08:27:51 ----A---- C:\rc.txt
2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-30 17:32:04 ----D---- C:\john
2008-09-30 14:54:41 ----A---- C:\output.js
2008-09-26 21:01:19 ----A---- C:\WINDOWS\ukid.INI
2008-09-18 12:30:37 ----D---- C:\WINDOWS\system32\Setup
2008-09-18 12:30:37 ----D---- C:\WINDOWS\AppPatch
2008-09-18 12:30:37 ----D---- C:\Program Files\Messenger
2008-09-18 12:30:35 ----RSD---- C:\WINDOWS\Fonts
2008-09-18 12:29:55 ----D---- C:\WINDOWS\security
2008-09-18 12:15:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-18 12:15:17 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-18 12:15:16 ----D---- C:\WINDOWS\network diagnostic
2008-09-18 12:15:15 ----D---- C:\WINDOWS\ime
2008-09-18 12:14:42 ----D---- C:\WINDOWS\system32\en-US
2008-09-18 12:14:41 ----D---- C:\WINDOWS\system32\usmt
2008-09-18 12:14:30 ----D---- C:\WINDOWS\system32\bits
2008-09-18 12:14:30 ----D---- C:\WINDOWS\PeerNet
2008-09-18 12:14:30 ----D---- C:\Program Files\Movie Maker
2008-09-18 12:06:53 ----D---- C:\WINDOWS\system32\Restore
2008-09-18 12:06:52 ----D---- C:\WINDOWS\system32\npp
2008-09-18 12:06:52 ----D---- C:\WINDOWS\mui
2008-09-18 12:06:49 ----D---- C:\WINDOWS\msagent
2008-09-18 12:06:46 ----D---- C:\WINDOWS\srchasst
2008-09-18 12:06:45 ----D---- C:\Program Files\NetMeeting
2008-09-18 12:06:42 ----D---- C:\WINDOWS\system32\Com
2008-09-18 12:06:37 ----D---- C:\Program Files\Windows Media Player
2008-09-18 12:06:35 ----D---- C:\Program Files\Windows NT
2008-09-18 12:06:35 ----D---- C:\Program Files\Outlook Express
2008-09-18 12:06:28 ----D---- C:\Program Files\Common Files\System
2008-09-18 12:05:51 ----D---- C:\WINDOWS\system32\oobe
2008-09-18 12:05:47 ----D---- C:\WINDOWS\system
2008-09-18 11:59:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-18 11:59:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-18 11:51:50 ----D---- C:\WINDOWS\EHome
2008-09-18 08:19:41 ----D---- C:\WINDOWS\Minidump
2008-09-15 13:49:20 ----A---- C:\af1.txt
2008-09-15 08:58:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-15 08:57:15 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-09-12 23:19:49 ----D---- C:\Documents and Settings\martynh\Application Data\MySQL
2008-09-12 21:07:57 ----D---- C:\WINDOWS\Debug
2008-09-10 01:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_550_11711.SYS []
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 Crypto;Crypto; C:\WINDOWS\system32\drivers\Crypto.sys [2000-07-10 217088]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 IPSECDRV;SafeNet IPSec Plugin; \??\C:\WINDOWS\System32\Drivers\IPSECDRV.sys []
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\NavNT\NAVAPEL.SYS []
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 23200]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-01-11 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 BCM43XX;BCM 802.11g Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\System32\DRIVERS\dne2000.sys [2002-02-27 128380]
R3 DniVap;SafeNet WAN Miniport (VA); C:\WINDOWS\System32\DRIVERS\vap.sys [2002-02-27 36188]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-01-02 26240]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-03-10 26112]
R3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-06-07 39488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vdiskbus;Virtual Disk Bus; C:\WINDOWS\system32\DRIVERS\vdiskbus.sys [2002-02-20 34123]
S2 Ca533av;Polaroid Digital Cam Video; C:\WINDOWS\System32\Drivers\Ca533av.sys []
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter; C:\WINDOWS\System32\DRIVERS\bkusbxp.sys [2003-04-09 101099]
S3 catchme;catchme; \??\C:\DOCUME~1\martynh\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM); C:\WINDOWS\System32\DRIVERS\webc3vid.sys [2001-11-07 166504]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-01-12 70001]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081119.017\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081119.017\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\NSNDIS5.SYS []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PEEK5;PEEK5 Protocol Driver; \??\C:\ac\AIRCRA~1.1\win32\PEEK5.SYS []
S3 PSSdk21;PSSdk21; \??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv []
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-01-03 22768]
S3 UsbSf; Driver Service; C:\WINDOWS\system32\DRIVERS\UsbSf.sys [2006-04-15 17145]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-09-06 9600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2001-09-24 32768]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
R2 IPSECMON;SafeNet Monitor Service; C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe [2002-03-28 24630]
R2 IREIKE;SafeNet IKE Service; C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe [2002-03-28 213042]
R2 isposure_svc;IsposureAgent; C:\Program Files\isposure\IsposureAgent.exe [2008-10-23 712704]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-01-25 3072184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher; C:\Program Files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-10-05 13592]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2003-08-01 474624]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 PRTG4Service;PRTG 4 Service - Paessler Router Traffic Grapher; C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe [2005-07-26 4864280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-07-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-05-07 68096]
S3 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2001-09-24 454656]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 salive;Servers Alive; C:\PROGRA~1\Salive\serversalive.exe [2004-05-15 457216]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 XZ;XZ; C:\DOCUME~1\martynh\LOCALS~1\Temp\XZ.exe []

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:09 PM

Posted 05 December 2008 - 08:51 AM

Thanks for the feedback.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case utorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Open Windows Defender.
    • Click on Tools, Options.
    • Scroll down the list of options to select "Real-time Protection Options."
    • Uncheck "Use Real-Time Protection (Recommended)".
    • After you uncheck this, click on the Save button and close Windows Defender.

      Note:After all of the fixes are complete and I give you the clean sign you enable Real-time Protection again.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please copy/paste in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • Any comment or feedback about how it went.


#5 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 11:17 AM

Hi

uTorrent - installed but not used it for a very long time, only used it once as I recall, once we're tidied up it will get de-installed.

1) - Done

2) - Done, log below and just rebooting then will do remainder.

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

2008-12-05 16:14:23
mbam-log-2008-12-05 (16-14-23).txt

Scan type: Quick Scan
Objects scanned: 92858
Time elapsed: 51 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\a (Trojan.Agent) -> Delete on reboot.
C:\mysql.cmd (Trojan.Agent) -> Quarantined and deleted successfully.

#6 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 11:30 AM

Running combofix and a msg keeps popping up titled 'Windows - No Disk'

In it is says, Exception processing Message C0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
Cancel, Try Again, Continue

I've fired up task manager and in the Applications tab right clicked on the entry and done goto process and it takes me to processes tab and process csrss.exe running under User Name system

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:09 PM

Posted 05 December 2008 - 11:51 AM

Thanks for detailed feedback, it is greatly appreciated. :thumbsup:
  • The log of MBAM is from before rebooting to remove the remaining file. Did it rebooted. If not Please run it again, update it, perform a quick scan, let reboot if needed and post the log.

  • Delete your copy of Combofix from desktop and try this:

    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3

    Posted Image


    Posted Image
    --------------------------------------------------------------------

    Double click on Combo-Fix.exe & follow the prompts to install Recovery Console if you don't have it on your syste.When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



#8 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 11:54 AM

1) - I did reboot after posting the log.

After rebooting following MBAM I downloaded combofix to the desktop and ran it, that's when I got these no disk errors.

Combofix is currently on Completed Stage_8 and seems to have stopped waiting for input on this No Disk message box - am I safe to exit here or could I mess the machine up - I know CF does move files around during it's run

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:09 PM

Posted 05 December 2008 - 12:05 PM

Ok first click Cancel. Then go on with the posted procedure.

#10 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 12:29 PM

This is the first combofix output that was at the time of the no disk errors.

Now going to delete combofix, download again and save as diff name then run again.

ComboFix 08-12-04.05 - martynh 2008-12-05 16:44:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.106 [GMT 0:00]
Running from: c:\documents and settings\martynh\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.zip
C:\hs.txt
C:\setup.exe
C:\test.txt
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 14:23 . 2008-12-05 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 14:23 . 2008-12-05 14:23 <DIR> d-------- c:\documents and settings\martynh\Application Data\Malwarebytes
2008-12-05 14:23 . 2008-12-05 14:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 14:23 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 14:23 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 12:48 . 2008-12-05 17:19 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-05 12:48 . 2008-12-05 17:14 1,409 --a------ c:\windows\QTFont.for
2008-11-27 20:30 . 2008-11-27 20:31 <DIR> d-------- C:\rsit
2008-11-27 20:30 . 2008-12-05 12:55 <DIR> d-------- c:\program files\trend micro
2008-11-27 09:12 . 2008-11-27 00:06 686 --a------ C:\HOSTS
2008-11-27 00:16 . 2008-04-14 00:12 146,432 --a------ C:\editreg.exe
2008-11-27 00:16 . 2008-04-14 00:12 27,136 --a------ C:\rtsdnif.exe
2008-11-27 00:16 . 2008-04-14 00:12 12,288 --a------ C:\attrib.exe
2008-11-27 00:16 . 2002-08-29 12:00 9,216 --a------ C:\dnif.exe
2008-11-26 23:18 . 2008-11-26 23:18 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-26 23:07 . 2008-11-26 23:07 <DIR> d-------- c:\windows\ERUNT
2008-11-26 21:24 . 2008-11-27 18:24 <DIR> d-------- C:\SDFix
2008-11-26 12:05 . 2008-11-26 12:05 6,125,531 --a------ C:\v.rtf
2008-11-26 11:49 . 2008-11-27 21:42 <DIR> d-------- c:\program files\ThreatExpert Memory Scanner
2008-11-25 12:27 . 2008-12-05 17:20 <DIR> d-------- c:\program files\isposure
2008-11-25 12:27 . 2008-12-05 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Epitiro
2008-11-25 12:26 . 2008-11-25 12:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-25 12:25 . 2008-11-25 12:25 <DIR> d-------- c:\program files\thinkbroadband.com
2008-11-24 08:44 . 2008-11-24 08:44 3,243,068 --a------ C:\14_nursery_gdns_HIP.pdf
2008-11-21 20:31 . 2008-11-21 20:32 70,009 --a------ C:\marchmont.jpg
2008-11-21 16:57 . 2008-11-21 16:57 374,136 --a------ C:\1846_page3.jpg
2008-11-21 16:56 . 2008-11-21 16:56 310,488 --a------ C:\1846_page2.jpg
2008-11-21 16:55 . 2008-11-21 16:55 256,136 --a------ C:\1846_page1.jpg
2008-11-21 16:53 . 2008-11-21 16:52 419,126 --a------ C:\18462.jpg
2008-11-21 16:49 . 2008-11-21 16:48 428,172 --a------ C:\1846.jpg
2008-11-18 11:04 . 1999-09-04 21:23 91,136 -ra------ c:\windows\system32\msls2.dll
2008-11-18 10:54 . 2008-11-18 10:54 109,568 --a------ C:\grimesthorpe school.wps
2008-11-12 16:32 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 16:31 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-24 18:32 --------- d-----w c:\program files\FlashGet
2008-11-19 18:41 405 ----a-w C:\g.vbs
2008-11-18 11:01 --------- d-----w c:\program files\Microsoft Works
2008-11-01 20:34 --------- d-----w c:\program files\NavNT
2008-11-01 18:51 --------- d-----w c:\documents and settings\TEMP\Application Data\ATI
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 16:36 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 08:34 100 ----a-w C:\rbcopy.bat
2008-09-25 19:13 2,336,742 ----a-w c:\documents and settings\martynh\semi2955.zip
2008-09-17 12:19 880 ----a-w C:\cpu.vbs
2008-09-17 11:52 1,073 ----a-w C:\proc.vbs
2008-09-14 16:19 955 ----a-w C:\excel.vbs
2008-09-12 23:15 125,264,881 ----a-w C:\swapitshop.zip
2008-09-12 20:47 1,048,586 ----a-w C:\F5D7230-4v7_Uk_9.01.07.bin
2008-01-11 17:05 2,591 ----a-w c:\documents and settings\martynh\logs.bat
2007-05-16 10:12 14 ----a-w c:\documents and settings\martynh\2.bat
2001-11-19 12:14 61,440 ----a-w c:\windows\inf\i386\gl.dll
2001-10-26 15:17 245,760 ----a-w c:\windows\inf\i386\viceo.dll
2001-08-17 17:43 32,768 ----a-w c:\windows\inf\i386\Wiamicro.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-02-10 187904]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"KNOfflineSystray"="c:\program files\KnowledgeNet Offline\win32\SystemTray.exe" [2006-10-03 53248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-29 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"AffiliateWindow Alerts"="c:\program files\AffiliateWindow Alerts\affiliatewindow.exe" [2005-02-25 476672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-02-22 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-03-06 77824]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2008-11-09 448016]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]
"bcmwltry"="bcmwltry.exe" [2003-07-25 c:\windows\system32\bcmwltry.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

c:\documents and settings\martynh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-15 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-12-18 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\PRTG Traffic Grapher 4\\prtg4.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 GhPciScan;GhostPciScanner;\??\c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);\??\c:\windows\system32\Drivers\NEOFLTR_550_11711.SYS [2007-04-11 63264]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2004-06-29 217088]
R2 IPSECDRV;SafeNet IPSec Plugin;\??\c:\windows\System32\Drivers\IPSECDRV.sys [2004-06-29 112696]
R2 isposure_svc;IsposureAgent;"c:\program files\isposure\IsposureAgent.exe" -svc [2008-10-23 712704]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2005-10-09 23200]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher;c:\program files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-10-05 13592]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\DRIVERS\vap.sys [2004-01-28 36188]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\DRIVERS\vdiskbus.sys [2004-11-01 34123]
S2 Ca533av;Polaroid Digital Cam Video;c:\windows\system32\Drivers\Ca533av.sys []
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys [2003-12-14 101099]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\DRIVERS\webc3vid.sys [2004-07-31 166504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-07-11 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-07-11 8320]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\ac\AIRCRA~1.1\win32\PEEK5.SYS []
S3 salive;Servers Alive;c:\progra~1\Salive\serversalive.exe [2004-06-26 457216]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys []
S3 UsbSf; Driver Service;c:\windows\system32\DRIVERS\UsbSf.sys [2006-04-01 17145]
S4 XZ;XZ;c:\docume~1\martynh\LOCALS~1\Temp\XZ.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb30eae-63ec-11d8-acba-0030bd637e5f}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\9AED011FBFB6B7FB.job
- c:\docume~1\lisa\applic~1\mealbe~1\LiteWaitCool.exe []

2008-08-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2007-12-22 c:\windows\Tasks\checkdom.job
- c:\checkdom.vbs [2007-11-23 20:37]

2007-07-05 c:\windows\Tasks\Collect.job
- c:\mrtg-2.14.7\bin\getcurrent.pl [2006-09-11 16:13]

2007-07-05 c:\windows\Tasks\ftpit.job
- c:\mrtg-2.14.7\bin\ftpit.bat [2006-09-11 21:57]

2008-12-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11]

2007-07-05 c:\windows\Tasks\Process Data.job
- c:\perl\bin\perl.exe [2006-08-29 11:45]

2008-11-27 c:\windows\Tasks\Update SA.job
- c:\sa\ftpit.bat []

2008-12-05 c:\windows\Tasks\User_Feed_Synchronization-{5FBD9F23-AEF9-48EA-A6BD-AFC2A5315DBD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Vivotek ST3402 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.simalert.org/forum/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86ec78af64674fcfa3e1de6abd5fea0c
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86ec78af64674fcfa3e1de6abd5fea0c

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\VATDecoder.dll - O16 -: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A}
hxxp://80.36.101.7:8056/VatDec.cab

c:\windows\Downloaded Program Files\TraderMediaX.ocx - O16 -: {2A493D5F-8914-4D3E-8BF3-767F281862F4}
hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab

c:\windows\Downloaded Program Files\NetCamPlayerWeb11g.ocx - O16 -: {4A026B12-94F3-4D2F-A468-96AA55DE20A5}
hxxp://81.137.208.77:1024/img/NetCamPlayerWeb11g.ocx

c:\windows\Downloaded Program Files\accounttracking.dll - O16 -: {4E62C4DE-627D-4604-B157-4B7D6B09F02E}
hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

c:\windows\Downloaded Program Files\DriveCamEvent.dll - O16 -: {66E79B75-F711-4A88-9C6D-10BCA64F3306}
hxxp://www.drivecam.com/videos/DriveCamEvent.dll

O16 -: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://ecc.documentum.com/eRoomSetup/client.cab
c:\windows\Downloaded Program Files\ClientSetup.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://pih-cam2.plus.net/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

O16 -: {7B7929AB-E06A-4508-BE68-1CC7A6997808} - hxxps://fileservice.emc.com/XFile/SAXFileEE.cab
c:\windows\Downloaded Program Files\xfileEE.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.205.96.237:6500/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FireFox -: Profile - c:\documents and settings\martynh\Application Data\Mozilla\Firefox\Profiles\ih4wr5wd.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 17:19:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\NavLogon.dll

- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WPDShServiceObj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\SafeNet\SoftRemoteLT\IreIKE.exe
c:\windows\system32\Crypserv.exe
c:\program files\NavNT\defwatch.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\SafeNet\SoftRemoteLT\IPSecMon.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\PRTG Traffic Grapher 4\prtg4.exe
c:\program files\PRTG Traffic Grapher 4\prtg4.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\smlogsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-12-05 17:26:28 - machine was rebooted [martynh]
ComboFix-quarantined-files.txt 2008-12-05 17:26:14

Pre-Run: 121,003,732,992 bytes free
Post-Run: 121,840,824,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

296 --- E O F --- 2008-11-24 18:54:17

#11 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 12:46 PM

this is the output from the renamed combo-fix.exe - still getting the no disk errors

ComboFix 08-12-05.01 - martynh 2008-12-05 17:36:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.102 [GMT 0:00]
Running from: c:\documents and settings\martynh\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 16:25 . 2008-12-05 17:32 <DIR> d-------- C:\ComboFix
2008-12-05 14:23 . 2008-12-05 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 14:23 . 2008-12-05 14:23 <DIR> d-------- c:\documents and settings\martynh\Application Data\Malwarebytes
2008-12-05 14:23 . 2008-12-05 14:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 14:23 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 14:23 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 12:48 . 2008-12-05 17:26 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-05 12:48 . 2008-12-05 17:26 1,409 --a------ c:\windows\QTFont.for
2008-11-27 20:30 . 2008-11-27 20:31 <DIR> d-------- C:\rsit
2008-11-27 20:30 . 2008-12-05 12:55 <DIR> d-------- c:\program files\trend micro
2008-11-27 09:12 . 2008-11-27 00:06 686 --a------ C:\HOSTS
2008-11-27 00:16 . 2008-04-14 00:12 146,432 --a------ C:\editreg.exe
2008-11-27 00:16 . 2008-04-14 00:12 27,136 --a------ C:\rtsdnif.exe
2008-11-27 00:16 . 2008-04-14 00:12 12,288 --a------ C:\attrib.exe
2008-11-27 00:16 . 2002-08-29 12:00 9,216 --a------ C:\dnif.exe
2008-11-26 23:18 . 2008-11-26 23:18 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-26 23:07 . 2008-11-26 23:07 <DIR> d-------- c:\windows\ERUNT
2008-11-26 21:24 . 2008-11-27 18:24 <DIR> d-------- C:\SDFix
2008-11-26 12:05 . 2008-11-26 12:05 6,125,531 --a------ C:\v.rtf
2008-11-26 11:49 . 2008-11-27 21:42 <DIR> d-------- c:\program files\ThreatExpert Memory Scanner
2008-11-25 12:27 . 2008-12-05 17:40 <DIR> d-------- c:\program files\isposure
2008-11-25 12:27 . 2008-12-05 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Epitiro
2008-11-25 12:26 . 2008-11-25 12:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-25 12:25 . 2008-11-25 12:25 <DIR> d-------- c:\program files\thinkbroadband.com
2008-11-24 08:44 . 2008-11-24 08:44 3,243,068 --a------ C:\14_nursery_gdns_HIP.pdf
2008-11-21 20:31 . 2008-11-21 20:32 70,009 --a------ C:\marchmont.jpg
2008-11-21 16:57 . 2008-11-21 16:57 374,136 --a------ C:\1846_page3.jpg
2008-11-21 16:56 . 2008-11-21 16:56 310,488 --a------ C:\1846_page2.jpg
2008-11-21 16:55 . 2008-11-21 16:55 256,136 --a------ C:\1846_page1.jpg
2008-11-21 16:53 . 2008-11-21 16:52 419,126 --a------ C:\18462.jpg
2008-11-21 16:49 . 2008-11-21 16:48 428,172 --a------ C:\1846.jpg
2008-11-18 11:04 . 1999-09-04 21:23 91,136 -ra------ c:\windows\system32\msls2.dll
2008-11-18 10:54 . 2008-11-18 10:54 109,568 --a------ C:\grimesthorpe school.wps
2008-11-12 16:32 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 16:31 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-24 18:32 --------- d-----w c:\program files\FlashGet
2008-11-19 18:41 405 ----a-w C:\g.vbs
2008-11-18 11:01 --------- d-----w c:\program files\Microsoft Works
2008-11-01 20:34 --------- d-----w c:\program files\NavNT
2008-11-01 18:51 --------- d-----w c:\documents and settings\TEMP\Application Data\ATI
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 16:36 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 08:34 100 ----a-w C:\rbcopy.bat
2008-09-25 19:13 2,336,742 ----a-w c:\documents and settings\martynh\semi2955.zip
2008-09-17 12:19 880 ----a-w C:\cpu.vbs
2008-09-17 11:52 1,073 ----a-w C:\proc.vbs
2008-09-14 16:19 955 ----a-w C:\excel.vbs
2008-09-12 23:15 125,264,881 ----a-w C:\swapitshop.zip
2008-09-12 20:47 1,048,586 ----a-w C:\F5D7230-4v7_Uk_9.01.07.bin
2008-01-11 17:05 2,591 ----a-w c:\documents and settings\martynh\logs.bat
2007-05-16 10:12 14 ----a-w c:\documents and settings\martynh\2.bat
2001-11-19 12:14 61,440 ----a-w c:\windows\inf\i386\gl.dll
2001-10-26 15:17 245,760 ----a-w c:\windows\inf\i386\viceo.dll
2001-08-17 17:43 32,768 ----a-w c:\windows\inf\i386\Wiamicro.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-02-10 187904]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"KNOfflineSystray"="c:\program files\KnowledgeNet Offline\win32\SystemTray.exe" [2006-10-03 53248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-29 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"AffiliateWindow Alerts"="c:\program files\AffiliateWindow Alerts\affiliatewindow.exe" [2005-02-25 476672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-02-22 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-03-06 77824]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2008-11-09 448016]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]
"bcmwltry"="bcmwltry.exe" [2003-07-25 c:\windows\system32\bcmwltry.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

c:\documents and settings\martynh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-15 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-12-18 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\PRTG Traffic Grapher 4\\prtg4.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 GhPciScan;GhostPciScanner;\??\c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);\??\c:\windows\system32\Drivers\NEOFLTR_550_11711.SYS [2007-04-11 63264]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2004-06-29 217088]
R2 IPSECDRV;SafeNet IPSec Plugin;\??\c:\windows\System32\Drivers\IPSECDRV.sys [2004-06-29 112696]
R2 isposure_svc;IsposureAgent;"c:\program files\isposure\IsposureAgent.exe" -svc [2008-10-23 712704]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2005-10-09 23200]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher;c:\program files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-10-05 13592]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\DRIVERS\vap.sys [2004-01-28 36188]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\DRIVERS\vdiskbus.sys [2004-11-01 34123]
S2 Ca533av;Polaroid Digital Cam Video;c:\windows\system32\Drivers\Ca533av.sys []
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys [2003-12-14 101099]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\DRIVERS\webc3vid.sys [2004-07-31 166504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-07-11 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-07-11 8320]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\ac\AIRCRA~1.1\win32\PEEK5.SYS []
S3 salive;Servers Alive;c:\progra~1\Salive\serversalive.exe [2004-06-26 457216]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys []
S3 UsbSf; Driver Service;c:\windows\system32\DRIVERS\UsbSf.sys [2006-04-01 17145]
S4 XZ;XZ;c:\docume~1\martynh\LOCALS~1\Temp\XZ.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb30eae-63ec-11d8-acba-0030bd637e5f}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\9AED011FBFB6B7FB.job
- c:\docume~1\lisa\applic~1\mealbe~1\LiteWaitCool.exe []

2008-08-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2007-12-22 c:\windows\Tasks\checkdom.job
- c:\checkdom.vbs [2007-11-23 20:37]

2007-07-05 c:\windows\Tasks\Collect.job
- c:\mrtg-2.14.7\bin\getcurrent.pl [2006-09-11 16:13]

2007-07-05 c:\windows\Tasks\ftpit.job
- c:\mrtg-2.14.7\bin\ftpit.bat [2006-09-11 21:57]

2008-12-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11]

2007-07-05 c:\windows\Tasks\Process Data.job
- c:\perl\bin\perl.exe [2006-08-29 11:45]

2008-11-27 c:\windows\Tasks\Update SA.job
- c:\sa\ftpit.bat []

2008-12-05 c:\windows\Tasks\User_Feed_Synchronization-{5FBD9F23-AEF9-48EA-A6BD-AFC2A5315DBD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.simalert.org/forum/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86ec78af64674fcfa3e1de6abd5fea0c
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86ec78af64674fcfa3e1de6abd5fea0c

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\VATDecoder.dll - O16 -: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A}
hxxp://80.36.101.7:8056/VatDec.cab

c:\windows\Downloaded Program Files\TraderMediaX.ocx - O16 -: {2A493D5F-8914-4D3E-8BF3-767F281862F4}
hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab

c:\windows\Downloaded Program Files\NetCamPlayerWeb11g.ocx - O16 -: {4A026B12-94F3-4D2F-A468-96AA55DE20A5}
hxxp://81.137.208.77:1024/img/NetCamPlayerWeb11g.ocx

c:\windows\Downloaded Program Files\accounttracking.dll - O16 -: {4E62C4DE-627D-4604-B157-4B7D6B09F02E}
hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

c:\windows\Downloaded Program Files\DriveCamEvent.dll - O16 -: {66E79B75-F711-4A88-9C6D-10BCA64F3306}
hxxp://www.drivecam.com/videos/DriveCamEvent.dll

O16 -: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://ecc.documentum.com/eRoomSetup/client.cab
c:\windows\Downloaded Program Files\ClientSetup.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://pih-cam2.plus.net/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

O16 -: {7B7929AB-E06A-4508-BE68-1CC7A6997808} - hxxps://fileservice.emc.com/XFile/SAXFileEE.cab
c:\windows\Downloaded Program Files\xfileEE.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.205.96.237:6500/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FireFox -: Profile - c:\documents and settings\martynh\Application Data\Mozilla\Firefox\Profiles\ih4wr5wd.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 17:40:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\NavLogon.dll
.
Completion time: 2008-12-05 17:45:20
ComboFix-quarantined-files.txt 2008-12-05 17:45:10
ComboFix2.txt 2008-12-05 17:26:31

Pre-Run: 121,876,324,352 bytes free
Post-Run: 121,862,623,232 bytes free

242 --- E O F --- 2008-11-24 18:54:17

#12 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 12:57 PM

And the hijackthis logfile

Logfile of random's system information tool 1.04 (written by random/random)
Run by martynh at 2008-12-05 17:54:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 116 GB (49%) free of 238 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:54:55, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\martynh\Desktop\RSIT.exe
C:\Program Files\trend micro\martynh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.simalert.org/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [KNOfflineSystray] "C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AffiliateWindow Alerts] C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86ec78af64674fcfa3e1de6abd5fea0c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86ec78af64674fcfa3e1de6abd5fea0c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://80.36.101.7:8056/VatDec.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://81.137.208.77:1024/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://ecc.documentum.com/eRoomSetup/client.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://pih-cam2.plus.net/activex/AMC.cab
O16 - DPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} (SAXFileEE FileUpload ActiveX Control) - https://fileservice.emc.com/XFile/SAXFileEE.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://64.161.38.75/telnet/msrdp2.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://86.129.41.152/activex/AxisCamControl.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/plugin/h263ctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.205.96.237:6500/activex/AMC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emclive.webex.com/client/T24L/event/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://hive2.hsbc.co.uk/dana-cached/setup/...perSetupSP1.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF73C2E8-1E65-44E3-8DF5-C694853E0F61}: Domain = martyns.home
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Servers Alive (salive) - Woodstone bvba - C:\PROGRA~1\Salive\serversalive.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 14683 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\9AED011FBFB6B7FB.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\checkdom.job
C:\WINDOWS\tasks\Collect.job
C:\WINDOWS\tasks\ftpit.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Process Data.job
C:\WINDOWS\tasks\Update SA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5FBD9F23-AEF9-48EA-A6BD-AFC2A5315DBD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-29 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"bcmwltry"=C:\WINDOWS\system32\bcmwltry.exe [2003-07-25 462848]
"OneTouch Monitor"=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [2002-02-22 90112]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"WinVNC"=C:\Program Files\TightVNC\WinVNC.exe [2003-08-01 474624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-03-06 77824]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]
"tbbMeter"=C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe [2008-11-09 448016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Bandwidth Monitor Pro"=C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe [2004-02-10 187904]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-01-25 1032376]
"KNOfflineSystray"=C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe [2006-10-03 53248]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-29 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
"AffiliateWindow Alerts"=C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe [2005-02-25 476672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\martynh\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-10-05 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe"="C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe:*:Enabled:PRTG_Traffic_Grapher_Webserver"
"C:\WINDOWS\kdx\KHost.exe"="C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager"
"C:\Program Files\KService\KService.exe"="C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Downloads\utorrent.exe"="C:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb30eae-63ec-11d8-acba-0030bd637e5f}]
shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L


======List of files/folders created in the last 3 months======

30828-09-03 21:17:44 ----A---- C:\WINDOWS\setuplog.txt
2008-12-05 17:45:22 ----A---- C:\ComboFix.txt
2008-12-05 17:09:38 ----D---- C:\WINDOWS\temp
2008-12-05 16:34:11 ----A---- C:\Boot.bak
2008-12-05 16:34:05 ----RASHD---- C:\cmdcons
2008-12-05 16:25:37 ----D---- C:\ComboFix
2008-12-05 14:23:18 ----D---- C:\Documents and Settings\martynh\Application Data\Malwarebytes
2008-12-05 14:23:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 14:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-27 20:30:38 ----D---- C:\Program Files\trend micro
2008-11-27 20:30:17 ----D---- C:\rsit
2008-11-27 18:33:19 ----A---- C:\WINDOWS\system32\results.txt
2008-11-27 10:20:50 ----D---- C:\Documents and Settings\martynh\Application Data\WinRAR
2008-11-27 00:16:45 ----A---- C:\rtsdnif.exe
2008-11-27 00:16:45 ----A---- C:\editreg.exe
2008-11-27 00:16:45 ----A---- C:\dnif.exe
2008-11-27 00:16:45 ----A---- C:\attrib.exe
2008-11-26 23:07:25 ----D---- C:\WINDOWS\ERUNT
2008-11-26 23:04:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 21:24:28 ----D---- C:\SDFix
2008-11-26 15:54:46 ----A---- C:\WINDOWS\SWREG.exe
2008-11-26 15:54:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\zip.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\VFIND.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\sed.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\grep.exe
2008-11-26 15:54:45 ----A---- C:\WINDOWS\fdsv.exe
2008-11-26 15:54:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-26 15:54:44 ----A---- C:\WINDOWS\SWSC.exe
2008-11-26 15:54:13 ----D---- C:\WINDOWS\ERDNT
2008-11-26 15:54:13 ----D---- C:\Qoobox
2008-11-26 12:06:33 ----A---- C:\p.txt
2008-11-26 11:49:50 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2008-11-25 12:27:06 ----D---- C:\Documents and Settings\All Users\Application Data\Epitiro
2008-11-25 12:27:05 ----D---- C:\Program Files\isposure
2008-11-25 12:26:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-25 12:25:26 ----D---- C:\Program Files\thinkbroadband.com
2008-11-24 13:05:58 ----A---- C:\DANPAC.TXT
2008-11-21 12:49:52 ----A---- C:\euro.txt
2008-11-18 11:04:57 ----RA---- C:\WINDOWS\system32\msls2.dll
2008-11-13 01:11:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 01:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 01:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-25 18:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 17:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 10:40:58 ----A---- C:\f.txt
2008-10-07 08:33:34 ----A---- C:\rbcopy.bat
2008-10-07 08:28:48 ----D---- C:\2
2008-10-07 08:27:31 ----A---- C:\ROBOCOPY.EXE
2008-10-06 19:15:29 ----D---- C:\backups
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-18 22:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-18 12:40:17 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-18 12:31:16 ----D---- C:\WINDOWS\Prefetch
2008-09-18 12:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-18 12:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-18 12:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-18 12:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-18 12:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-18 12:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-18 12:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-18 12:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-18 12:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-18 12:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-18 12:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 12:14:37 ----D---- C:\WINDOWS\system32\scripting
2008-09-18 12:14:33 ----D---- C:\WINDOWS\l2schemas
2008-09-18 12:14:31 ----D---- C:\WINDOWS\system32\en
2008-09-17 20:33:48 ----D---- C:\wii
2008-09-17 15:26:16 ----D---- C:\quiz
2008-09-17 15:02:36 ----A---- C:\quiz.txt
2008-09-17 11:57:55 ----A---- C:\cpu.vbs
2008-09-17 11:52:52 ----A---- C:\proc.vbs
2008-09-14 16:17:34 ----A---- C:\excel.vbs
2008-09-13 21:51:53 ----D---- C:\ssf
2008-09-13 00:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-13 00:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-12 21:53:07 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-12 21:52:48 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-12 21:52:48 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-12 21:52:26 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-12 21:52:18 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-12 21:52:15 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-12 21:52:14 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-12 21:52:11 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-12 21:52:11 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-12 21:52:11 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-12 21:52:00 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-12 21:51:43 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-12 21:51:43 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-12 21:51:43 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-12 21:51:38 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-12 21:51:38 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-12 21:51:10 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-12 21:51:09 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-12 21:51:09 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-12 21:51:09 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-12 21:50:57 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-12 21:50:55 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-12 21:50:54 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-12 21:50:54 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-12 21:50:54 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-12 21:50:53 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-12 21:50:13 ----A---- C:\WINDOWS\006364_.tmp
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-12 21:50:09 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-12 21:50:03 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-12 21:49:59 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-12 21:49:59 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-12 21:49:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-12 21:49:51 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-12 21:49:40 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-12 21:49:39 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-12 21:49:16 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 3 months======

30828-09-03 21:34:13 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-05 17:54:21 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-12-05 17:45:26 ----D---- C:\WINDOWS\system32
2008-12-05 17:45:24 ----D---- C:\WINDOWS
2008-12-05 17:40:55 ----A---- C:\WINDOWS\system.ini
2008-12-05 17:37:54 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 17:37:53 ----D---- C:\WINDOWS\AppPatch
2008-12-05 17:37:53 ----D---- C:\Program Files\Common Files
2008-12-05 17:35:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 17:21:00 ----SD---- C:\WINDOWS\Tasks
2008-12-05 17:18:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 17:15:09 ----D---- C:\WINDOWS\system32\config
2008-12-05 16:45:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-05 16:34:11 ----RASH---- C:\boot.ini
2008-12-05 14:23:12 ----RD---- C:\Program Files
2008-11-27 18:30:59 ----D---- C:\Downloads
2008-11-26 23:18:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-26 12:47:29 ----ASHD---- C:\3000
2008-11-25 19:05:30 ----D---- C:\CutePrinter
2008-11-25 12:27:17 ----SHD---- C:\WINDOWS\Installer
2008-11-25 12:27:10 ----SHD---- C:\Config.Msi
2008-11-25 12:26:13 ----RSD---- C:\WINDOWS\assembly
2008-11-24 18:32:03 ----D---- C:\Program Files\FlashGet
2008-11-19 23:58:40 ----A---- C:\salive.txt
2008-11-19 18:41:36 ----A---- C:\g.vbs
2008-11-18 11:04:37 ----HD---- C:\WINDOWS\inf
2008-11-18 11:04:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-18 11:01:05 ----D---- C:\Program Files\Microsoft Works
2008-11-17 17:08:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-13 01:10:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 01:10:00 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 01:07:32 ----D---- C:\WINDOWS\WinSxS
2008-11-10 13:55:20 ----D---- C:\tradedoubler
2008-11-04 18:44:43 ----D---- C:\WINDOWS\Help
2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-01 20:34:11 ----D---- C:\Program Files\NavNT
2008-11-01 18:48:58 ----D---- C:\Documents and Settings
2008-10-29 17:44:03 ----A---- C:\wialog.txt
2008-10-26 12:25:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-21 16:36:41 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 21:06:44 ----D---- C:\WINDOWS\system32\wbem
2008-10-15 17:35:35 ----D---- C:\Program Files\Internet Explorer
2008-10-15 17:34:30 ----A---- C:\WINDOWS\win.ini
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 08:27:51 ----A---- C:\rc.txt
2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-30 17:32:04 ----D---- C:\john
2008-09-30 14:54:41 ----A---- C:\output.js
2008-09-26 21:01:19 ----A---- C:\WINDOWS\ukid.INI
2008-09-18 12:30:37 ----D---- C:\WINDOWS\system32\Setup
2008-09-18 12:30:37 ----D---- C:\Program Files\Messenger
2008-09-18 12:30:35 ----RSD---- C:\WINDOWS\Fonts
2008-09-18 12:29:55 ----D---- C:\WINDOWS\security
2008-09-18 12:15:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-18 12:15:17 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-18 12:15:16 ----D---- C:\WINDOWS\network diagnostic
2008-09-18 12:15:15 ----D---- C:\WINDOWS\ime
2008-09-18 12:14:42 ----D---- C:\WINDOWS\system32\en-US
2008-09-18 12:14:41 ----D---- C:\WINDOWS\system32\usmt
2008-09-18 12:14:30 ----D---- C:\WINDOWS\system32\bits
2008-09-18 12:14:30 ----D---- C:\WINDOWS\PeerNet
2008-09-18 12:14:30 ----D---- C:\Program Files\Movie Maker
2008-09-18 12:06:53 ----D---- C:\WINDOWS\system32\Restore
2008-09-18 12:06:52 ----D---- C:\WINDOWS\system32\npp
2008-09-18 12:06:52 ----D---- C:\WINDOWS\mui
2008-09-18 12:06:49 ----D---- C:\WINDOWS\msagent
2008-09-18 12:06:46 ----D---- C:\WINDOWS\srchasst
2008-09-18 12:06:45 ----D---- C:\Program Files\NetMeeting
2008-09-18 12:06:42 ----D---- C:\WINDOWS\system32\Com
2008-09-18 12:06:37 ----D---- C:\Program Files\Windows Media Player
2008-09-18 12:06:35 ----D---- C:\Program Files\Windows NT
2008-09-18 12:06:35 ----D---- C:\Program Files\Outlook Express
2008-09-18 12:06:28 ----D---- C:\Program Files\Common Files\System
2008-09-18 12:05:51 ----D---- C:\WINDOWS\system32\oobe
2008-09-18 12:05:47 ----D---- C:\WINDOWS\system
2008-09-18 11:59:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-18 11:59:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-18 11:51:50 ----D---- C:\WINDOWS\EHome
2008-09-18 08:19:41 ----D---- C:\WINDOWS\Minidump
2008-09-15 13:49:20 ----A---- C:\af1.txt
2008-09-15 08:57:15 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-09-12 23:19:49 ----D---- C:\Documents and Settings\martynh\Application Data\MySQL
2008-09-12 21:07:57 ----D---- C:\WINDOWS\Debug
2008-09-10 01:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_550_11711.SYS []
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 Crypto;Crypto; C:\WINDOWS\system32\drivers\Crypto.sys [2000-07-10 217088]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 IPSECDRV;SafeNet IPSec Plugin; \??\C:\WINDOWS\System32\Drivers\IPSECDRV.sys []
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\NavNT\NAVAPEL.SYS []
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 23200]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-01-11 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\System32\DRIVERS\dne2000.sys [2002-02-27 128380]
R3 DniVap;SafeNet WAN Miniport (VA); C:\WINDOWS\System32\DRIVERS\vap.sys [2002-02-27 36188]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-01-02 26240]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-03-10 26112]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-06-07 39488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vdiskbus;Virtual Disk Bus; C:\WINDOWS\system32\DRIVERS\vdiskbus.sys [2002-02-20 34123]
S2 Ca533av;Polaroid Digital Cam Video; C:\WINDOWS\System32\Drivers\Ca533av.sys []
S3 BCM43XX;BCM 802.11g Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter; C:\WINDOWS\System32\DRIVERS\bkusbxp.sys [2003-04-09 101099]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM); C:\WINDOWS\System32\DRIVERS\webc3vid.sys [2001-11-07 166504]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-01-12 70001]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081119.017\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081119.017\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\NSNDIS5.SYS []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PEEK5;PEEK5 Protocol Driver; \??\C:\ac\AIRCRA~1.1\win32\PEEK5.SYS []
S3 PSSdk21;PSSdk21; \??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv []
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-01-03 22768]
S3 UsbSf; Driver Service; C:\WINDOWS\system32\DRIVERS\UsbSf.sys [2006-04-15 17145]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-09-06 9600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2001-09-24 32768]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
R2 IPSECMON;SafeNet Monitor Service; C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe [2002-03-28 24630]
R2 IREIKE;SafeNet IKE Service; C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe [2002-03-28 213042]
R2 isposure_svc;IsposureAgent; C:\Program Files\isposure\IsposureAgent.exe [2008-10-23 712704]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-01-25 3072184]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PRTG4Service;PRTG 4 Service - Paessler Router Traffic Grapher; C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe [2005-07-26 4864280]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher; C:\Program Files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-10-05 13592]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2003-08-01 474624]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-07-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-05-07 68096]
S3 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2001-09-24 454656]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 salive;Servers Alive; C:\PROGRA~1\Salive\serversalive.exe [2004-05-15 457216]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 XZ;XZ; C:\DOCUME~1\martynh\LOCALS~1\Temp\XZ.exe []

-----------------EOF-----------------

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:09 PM

Posted 05 December 2008 - 01:00 PM

Thanks for both the logs. You are doing great :thumbsup:

If you can not find the following files make sure that you can view all hidden and system files. Instructions on how to do this can be found here: How to see hidden files in Windows

Please click this link--> virustotal
  • Click the browse button and navigate to the files listed below in bold, then click Send File. You will only be able to have one file scanned at a time.

    c:\checkdom.vbs
    c:\mrtg-2.14.7\bin\ftpit.bat
    C:\g.vbs
    C:\roc.vbs

  • If the file is analyzed before click Reanalyse file now button.
  • Wait until the file is analyzed. Please post back the results of the scan in your next post.


#14 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 03:20 PM

these 3 checked out ok as shown below

checkdom.vbs
ftpit.bat
g.vbs

c:\roc.vbs does not exist , did the show all files thing but it just wasn't there - scanning back through the logs i supplied there is a proc.vbs - scanned that one too just incase it was a typo and that came out ok.



Antivirus Version Last Update Result
AhnLab-V3 2008.12.6.0 2008.12.05 -
AntiVir 7.9.0.42 2008.12.05 -
Authentium 5.1.0.4 2008.12.05 -
Avast 4.8.1281.0 2008.12.04 -
AVG 8.0.0.199 2008.12.05 -
BitDefender 7.2 2008.12.05 -
CAT-QuickHeal 10.00 2008.12.05 -
ClamAV 0.94.1 2008.12.05 -
Comodo 682 2008.12.04 -
DrWeb 4.44.0.09170 2008.12.05 -
eSafe 7.0.17.0 2008.12.04 -
eTrust-Vet 31.6.6243 2008.12.04 -
Ewido 4.0 2008.12.05 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.05 -
Fortinet 3.117.0.0 2008.12.05 -
GData 19 2008.12.05 -
Ikarus T3.1.1.45.0 2008.12.05 -
K7AntiVirus 7.10.545 2008.12.05 -
Kaspersky 7.0.0.125 2008.12.05 -
McAfee 5455 2008.12.05 -
McAfee+Artemis 5455 2008.12.05 -
Microsoft 1.4205 2008.12.05 -
NOD32 3667 2008.12.05 -
Norman 5.80.02 2008.12.05 -
Panda 9.0.0.4 2008.12.05 -
PCTools 4.4.2.0 2008.12.05 -
Prevx1 V2 2008.12.05 -
Rising 21.06.43.00 2008.12.05 -
SecureWeb-Gateway 6.7.6 2008.12.05 -
Sophos 4.36.0 2008.12.05 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.05 -
TheHacker 6.3.1.2.176 2008.12.05 -
TrendMicro 8.700.0.1004 2008.12.05 -
VBA32 3.12.8.10 2008.12.05 -
ViRobot 2008.12.5.1502 2008.12.05 -
VirusBuster 4.5.11.0 2008.12.05 -

#15 martyn

martyn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 05 December 2008 - 03:38 PM

While i've been on that computer I ran netstat -b from time to time,

one entry that keeps popping up from time to time is cds245.lon.llnw.net:http

there are 2 DLL's using it , c:\windows\system32\ws2_32.dll and c:\windows\system32\winhttp.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users