Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden ad popup / virtumundo help?


  • This topic is locked This topic is locked
9 replies to this topic

#1 C4121S

C4121S

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 04 December 2008 - 03:35 AM

Hello and thankyou! the problem i have are tons of trojans and pop up problems, HIDDEN pop ups. I have to manually ctrl+alt+del and end process on firefox/iexplorer as a whole! I can't go through a good 5 minutes without several hidden pop ups popping up and slowing down the system. especially when the hidden popups have videos that create sound and its just annoying!
Here are the txts

Log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-12-04 00:27:52
Microsoft Windows XP Professional Service Pack 2
System drive C: has 565 MB (1%) free of 38 GB
Total RAM: 3070 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at AM 12:27:59, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\ESTsoft\ALYac\ALYac.aye
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Program Files\trend micro\Chris.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: {4852fd14-d8da-063b-af24-0de80da2d4d8} - {8d4d2ad0-8ed0-42fa-b360-ad8d41df2584} - C:\WINDOWS\system32\jskqak.dll
O2 - BHO: (no name) - {9a5739fa-61cb-4f3a-a59f-cffcfcf48120} - C:\WINDOWS\system32\sazayida.dll
O2 - BHO: Rmn plugin - {ABADC07C-9990-405a-AA24-2C209B50AE79} - smbmngr.dll (file missing)
O2 - BHO: (no name) - {C5EE8D3E-0064-42D8-9E78-643313960258} - C:\WINDOWS\system32\fccyaYOf.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jirokuwawo] Rundll32.exe "C:\WINDOWS\system32\wadedilu.dll",s
O4 - HKLM\..\Run: [54c27ef3] rundll32.exe "C:\WINDOWS\system32\fvcmnjcl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Chris\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntksdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\setakonu.dll jskqak.dll
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 3659 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d4d2ad0-8ed0-42fa-b360-ad8d41df2584}]
C:\WINDOWS\system32\jskqak.dll [2008-12-03 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a5739fa-61cb-4f3a-a59f-cffcfcf48120}]
C:\WINDOWS\system32\sazayida.dll [2008-09-03 64565]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABADC07C-9990-405a-AA24-2C209B50AE79}]
Rmn plugin - C:\WINDOWS\system32\smbmngr.dll [2008-12-02 48640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5EE8D3E-0064-42D8-9E78-643313960258}]
C:\WINDOWS\system32\fccyaYOf.dll [2008-11-24 318464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-02-22 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"jirokuwawo"=C:\WINDOWS\system32\wadedilu.dll [2008-09-03 64565]
"54c27ef3"=C:\WINDOWS\system32\fvcmnjcl.dll [2008-12-03 72704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]
"BlazeServoTool"=C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe []
"Google Update"=C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 133104]
"Twain"=C:\Documents and Settings\Chris\Application Data\Twain\Twain.exe [2008-11-30 61440]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54c27ef3]
C:\WINDOWS\system32\haawcelh.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALYac]
C:\Program Files\ESTsoft\ALYac\AYUpdate.exe [2008-01-11 79304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM57f14d6f]
C:\WINDOWS\system32\umtptnge.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-02-20 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2008-02-20 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Java Update]
C:\Documents and Settings\Chris\Local Settings\Application Data\JavaRuntime.00.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-14 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
F:\steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-12-05 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-02-22 3537968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2007-12-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"npkcmsvc"=2
"Bonjour Service"=2
"IDriverT"=3
"aawservice"=2
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"ose"=3
"nSvcLog"=2
"nSvcIp"=2
"LVSrvLauncher"=2
"LVPrcSrv"=2
"LVCOMSer"=2
"iPod Service"=3
"idsvc"=3
"ForcewareWebInterface"=2
"ForceWare Intelligent Application Manager (IAM)"=2
"FLEXnet Licensing Service"=3
"ekrn"=2
"EhttpSrv"=3
"CTAudSvcService"=2
"Brother XP spl Service"=2
"ATI Smart"=2
"Ati HotKey Poller"=2
"Apple Mobile Device"=2
"ALYac_PZSrv"=2

C:\Documents and Settings\Chris\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\scntksdl.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\WINDOWS\system32\setakonu.dll jskqak.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-25 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCE97A72-640B-4DED-923F-8196FC01F76B}"=C:\WINDOWS\system32\awtqqnno.dll []
"{73259091-9574-4ED8-A40F-7F65AFC28634}"=C:\WINDOWS\system32\awtrQGaa.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fccyaYOf
"notification packages"=scecli
C:\WINDOWS\system32\setakonu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\RB\Binaries\RainbowSixVegas2_SADS.exe"="F:\RB\Binaries\RainbowSixVegas2_SADS.exe:*:Enabled:RainbowSixVegas2_SADS"
"F:\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="F:\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="F:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Chris\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\Documents and Settings\Chris\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\steam\steamapps\josh_hwang\counter-strike\hl.exe"="F:\steam\steamapps\josh_hwang\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"F:\steam\steamapps\jonhwang214\counter-strike\hl.exe"="F:\steam\steamapps\jonhwang214\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS3"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859e3e99-b357-11dd-a103-001731cee391}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-04 00:27:52 ----D---- C:\rsit
2008-12-04 00:27:52 ----D---- C:\Program Files\trend micro
2008-12-03 20:15:26 ----SH---- C:\WINDOWS\system32\lcjnmcvf.ini
2008-12-03 20:15:24 ----A---- C:\WINDOWS\system32\fvcmnjcl.dll
2008-12-03 20:12:28 ----A---- C:\WINDOWS\system32\jskqak.dll
2008-12-03 20:12:25 ----A---- C:\WINDOWS\system32\mrwkwheo.dll
2008-12-02 23:01:49 ----A---- C:\WINDOWS\gmer.ini
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer.exe
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer.dll
2008-12-02 20:12:26 ----A---- C:\WINDOWS\system32\yjkefn.dll
2008-12-02 20:12:24 ----A---- C:\WINDOWS\system32\qfwgxbpm.dll
2008-12-02 20:09:41 ----SH---- C:\WINDOWS\system32\gtkgthys.ini
2008-12-02 20:09:38 ----N---- C:\WINDOWS\system32\syhtgktg.dll
2008-12-02 16:52:14 ----A---- C:\WINDOWS\system32\smbmngr.dll
2008-12-01 20:12:29 ----SH---- C:\WINDOWS\system32\wcyxrhxs.ini
2008-12-01 20:12:28 ----A---- C:\WINDOWS\system32\sxhrxycw.dll
2008-12-01 20:09:29 ----A---- C:\WINDOWS\system32\fiorej.dll
2008-12-01 20:09:28 ----A---- C:\WINDOWS\system32\lwqtrchi.dll
2008-11-30 20:28:17 ----SHD---- C:\WINDOWS\Q2hyaXM
2008-11-30 20:28:13 ----D---- C:\Program Files\InetGet2
2008-11-30 20:23:05 ----D---- C:\Documents and Settings\Chris\Application Data\SpeedRunner
2008-11-30 20:18:06 ----D---- C:\Documents and Settings\Chris\Application Data\Twain
2008-11-30 20:10:41 ----A---- C:\WINDOWS\system32\yonqmp.dll
2008-11-30 20:10:40 ----A---- C:\WINDOWS\system32\yrdkbewm.dll
2008-11-30 20:08:39 ----SH---- C:\WINDOWS\system32\mvyqcqvo.ini
2008-11-30 20:08:34 ----N---- C:\WINDOWS\system32\ovqcqyvm.dll
2008-11-30 20:08:09 ----D---- C:\Program Files\Mjcore
2008-11-28 18:58:49 ----SH---- C:\WINDOWS\system32\coxemjib.ini
2008-11-28 18:58:48 ----A---- C:\WINDOWS\system32\bijmexoc.dll
2008-11-28 18:55:49 ----A---- C:\WINDOWS\system32\npgped.dll
2008-11-28 18:55:48 ----A---- C:\WINDOWS\system32\xtppmnjy.dll
2008-11-27 18:56:14 ----SH---- C:\WINDOWS\system32\apiklacr.ini
2008-11-27 18:53:15 ----A---- C:\WINDOWS\system32\ivmrhj.dll
2008-11-27 18:53:13 ----A---- C:\WINDOWS\system32\qdbmopac.dll
2008-11-27 01:50:58 ----D---- C:\Program Files\Hijackthis
2008-11-26 18:56:30 ----SH---- C:\WINDOWS\system32\ndbthasm.ini
2008-11-26 18:53:30 ----A---- C:\WINDOWS\system32\enygmu.dll
2008-11-26 18:53:29 ----A---- C:\WINDOWS\system32\rrqhykgi.dll
2008-11-26 17:29:55 ----A---- C:\WINDOWS\system32\a.exe
2008-11-25 18:53:12 ----A---- C:\WINDOWS\system32\mgfuzx.dll
2008-11-25 18:53:11 ----A---- C:\WINDOWS\system32\drphjcgg.dll
2008-11-25 18:53:08 ----SH---- C:\WINDOWS\system32\gimqmggo.ini
2008-11-24 18:53:43 ----A---- C:\WINDOWS\system32\lvvgoe.dll
2008-11-24 18:53:42 ----A---- C:\WINDOWS\system32\hbpfgalc.dll
2008-11-24 18:51:29 ----SH---- C:\WINDOWS\system32\jmwihjnl.ini
2008-11-24 18:50:39 ----ASH---- C:\WINDOWS\system32\fOYayccf.ini2
2008-11-24 18:50:39 ----ASH---- C:\WINDOWS\system32\fOYayccf.ini
2008-11-24 18:50:31 ----A---- C:\WINDOWS\system32\fccyaYOf.dll
2008-11-24 18:45:50 ----A---- C:\WINDOWS\system32\g36.exe
2008-11-24 18:45:45 ----D---- C:\Program Files\webHancer
2008-11-24 18:45:42 ----D---- C:\Documents and Settings\Chris\Application Data\gadcom
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\vba
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\PIX
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\mp2
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\IO2
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\FND
2008-11-24 18:45:34 ----D---- C:\Temp
2008-11-24 18:45:26 ----N---- C:\WINDOWS\system32\_pz_awtrQGaa.dll
2008-11-24 18:45:24 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-11-18 16:23:24 ----D---- C:\Documents and Settings\All Users\Application Data\pI3_lic_file
2008-11-18 16:21:42 ----D---- C:\Program Files\particleIllusion_3
2008-11-18 16:16:50 ----D---- C:\Program Files\CycoreFX HD Files
2008-11-18 16:16:50 ----A---- C:\WINDOWS\unvise32.exe
2008-11-18 16:09:19 ----A---- C:\WINDOWS\system32\Engine3D021206.dll
2008-11-17 17:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-11-17 17:07:24 ----D---- C:\Program Files\Adobe Media Player
2008-11-17 17:04:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-17 16:56:01 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-08 16:15:56 ----D---- C:\Documents and Settings\Chris\Application Data\dvdcss
2008-11-08 16:15:31 ----D---- C:\Documents and Settings\Chris\Application Data\vlc
2008-11-08 16:14:38 ----D---- C:\Program Files\VideoLAN
2008-11-05 12:41:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

======List of files/folders modified in the last 1 months======

2008-12-04 00:27:52 ----RD---- C:\Program Files
2008-12-04 00:27:48 ----D---- C:\WINDOWS\Prefetch
2008-12-04 00:25:55 ----D---- C:\WINDOWS\Temp
2008-12-04 00:23:11 ----D---- C:\Program Files\Mozilla Firefox
2008-12-04 00:22:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 20:15:32 ----D---- C:\WINDOWS\system32
2008-12-03 20:10:08 ----A---- C:\WINDOWS\system32\5fe1ba8d-.txt
2008-12-03 19:02:41 ----D---- C:\Program Files\Image-Line
2008-12-03 18:59:26 ----D---- C:\Program Files\Vstplugins
2008-12-03 16:17:51 ----D---- C:\WINDOWS
2008-12-03 14:40:30 ----ASH---- C:\WINDOWS\system32\serevoyi.dll
2008-12-02 23:01:46 ----D---- C:\WINDOWS\system32\drivers
2008-12-01 17:36:41 ----D---- C:\Documents and Settings\Chris\Application Data\LimeWire
2008-12-01 15:52:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 01:17:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 22:03:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-30 20:06:52 ----D---- C:\WINDOWS\system32\Macromed
2008-11-28 03:02:04 ----HD---- C:\WINDOWS\inf
2008-11-27 20:23:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-27 18:19:09 ----SHD---- C:\WINDOWS\Installer
2008-11-24 21:59:19 ----D---- C:\Program Files\Common Files
2008-11-22 18:08:44 ----D---- C:\Documents and Settings\Chris\Application Data\Azureus
2008-11-19 13:16:48 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2008-11-18 16:12:31 ----D---- C:\Program Files\Adobe
2008-11-18 13:28:45 ----D---- C:\Program Files\Common Files\Adobe
2008-11-17 21:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 17:06:25 ----RSD---- C:\WINDOWS\Fonts
2008-11-16 02:47:26 ----D---- C:\Documents and Settings\Chris\Application Data\U3
2008-11-15 16:05:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 17:55:59 ----D---- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-11-12 17:55:51 ----SD---- C:\WINDOWS\Tasks
2008-11-12 01:20:22 ----A---- C:\WINDOWS\BRPP2KA.INI
2008-11-11 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-11 13:33:00 ----SHD---- C:\WINDOWS\CSC
2008-11-05 21:08:00 ----SH---- C:\boot.ini
2008-11-05 21:08:00 ----A---- C:\WINDOWS\win.ini
2008-11-05 21:08:00 ----A---- C:\WINDOWS\system.ini
2008-11-05 20:58:31 ----SD---- C:\Documents and Settings\Chris\Application Data\Microsoft
2008-11-05 20:52:08 ----D---- C:\WINDOWS\system32\DirectX
2008-11-05 20:52:06 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-03 12160]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-21 109568]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-25 2863616]
R3 AYDrvNT_ALYAC;AYDrvNT_ALYAC; \??\C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys []
R3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2008-02-25 170520]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-02-25 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-02-25 524312]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2008-02-25 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2008-02-25 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-02-25 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-02-25 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-02-25 92696]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-21 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-21 18944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-02-25 127000]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2008-02-25 98328]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-02-25 346856]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-02 85969]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\DRIVERS\npf.sys [2007-06-29 42512]
S3 npkcrypt;npkcrypt; C:\WINDOWS\system32\drivers\npkcrypt.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-01 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc22C.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALYac_PZSrv;ALYac_PZSrv; C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye [2008-11-24 792008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-17 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-25 520192]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S4 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2003-08-28 57344]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-03-30 143360]
S4 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-07 20543]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-03-30 131131]
S4 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-03-30 65599]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


info
info.txt logfile of random's system information tool 1.04 2008-12-04 00:28:01

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->C:\Program Files\Common Files\Adobe\Installers\2a31ae7a5c43ff52d8577782dd34e04\Setup.exe --uninstall=1
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AlphaStar v.1.0.02-->"C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\AlphaPlugins\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Brother HL-2700CN-->"C:\Program Files\Brother\BRHL2700\IsUninst.exe" -f"C:\Program Files\Brother\BRHL2700\DeIsL1.isu" -cbruninst.dll
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
CycoreFX HD 1.6 for After Effects-->C:\WINDOWS\unvise32.exe C:\WINDOWS\CycoreFX HD-1.6-for-After Effects-Uninstall.log
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
ffdshow [rev 1953] [2008-05-04]-->"C:\Program Files\ffdshow\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{108921F0-2DDB-3C3D-A02D-CC18285F514C}
GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam-->MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}
Logitech® Camera 드라이버-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic Bullet Editors 2.0 Vegas-->C:\WINDOWS\unvise32.exe c:\program files\sony\vegas pro 8.0\video plug-ins\Magic Bullet Editors 2.0 Vegas\mbeditorsvegas.log
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
particleIllusion 3.0.2-->"C:\Program Files\particleIllusion_3\uninstall\unins000.exe"
particleIllusion 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\particleIllusion_3\Uninst.isu"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photomatix Pro version 2.5-->"C:\Program Files\Photomatix\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sony DVD Architect Pro 4.5-->MsiExec.exe /X{042961FE-BE09-48AB-81FB-C0D4093043A1}
Sony Vegas Pro 8.0-->MsiExec.exe /X{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}
SPORE-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Total Recorder 6.1-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Trapcode Starglow-->C:\WINDOWS\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS3\SUPPORT FILES\PLUG-INS\TRAPCODE\trapcodeStarglow.log
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Water 1.04. for Adobe After Effects-->"C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\Panopticum\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
알약-->"C:\Program Files\ESTsoft\ALYac\uninst00.aye"
알툴즈 업데이트-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

AV: 알약 (outdated)
FW: ActiveArmor Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------





thankyou very much!!

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 05 December 2008 - 02:04 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Post me these logs in your next reply..

1. SDFix
2. ComboFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 C4121S

C4121S
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 06 December 2008 - 09:13 PM

Hello, sorry for the late reply, i was out of town. here you go.

Report.txt

SDFix: Version 1.240
Run by Chris on 12/06/2008 Sat at PM 05:42

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Temp\1cb\syscheck.log - Deleted
C:\DOCUME~1\Chris\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\bb1.dat - Deleted
C:\WINDOWS\system32\cookie1.dat - Deleted
C:\WINDOWS\system32\tb.dr - Deleted



Folder C:\Temp\1cb - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 17:53:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{991F6968-3041-9BA9-148E-021C5C0D3603}]
"oacnonoicdogkjeofmlnhhcibekbnh"=hex:6a,61,6a,65,67,6d,65,6c,62,64,6f,6c,65,63,6e,68,6a,67,64,6d,00,..
"nainenegjomhcacbpiejoedabkmb"=hex:6a,61,6a,65,67,6d,65,6c,62,64,6f,6c,65,63,6e,68,6a,67,64,6d,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\ijji\\ENGLISH\\u_gbound.exe"="C:\\ijji\\ENGLISH\\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\\RB\\Binaries\\RainbowSixVegas2_SADS.exe"="F:\\RB\\Binaries\\RainbowSixVegas2_SADS.exe:*:Enabled:RainbowSixVegas2_SADS"
"F:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="F:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="F:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Chris\\Desktop\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\Chris\\Desktop\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\\steam\\steamapps\\josh_hwang\\counter-strike\\hl.exe"="F:\\steam\\steamapps\\josh_hwang\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\steam\\steamapps\\jonhwang214\\counter-strike\\hl.exe"="F:\\steam\\steamapps\\jonhwang214\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"="C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe:*:Enabled:Adobe After Effects CS3"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"="C:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
"C:\\WINDOWS\\system32\\ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe:*:Enabled:ctfmon"
"C:\\WINDOWS\\system32\\conime.exe"="C:\\WINDOWS\\system32\\conime.exe:*:Enabled:conime"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Sat 22 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 29 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\003bb8bbe9f41a593f54050bf67fed75\BIT2751.tmp"
Wed 29 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ed1b59d1a09d907b309130a93a4867a\BIT274C.tmp"
Wed 29 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\200656e0652add58e280cffc567cd95a\BIT2945.tmp"
Wed 29 Oct 2008 392,077 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\220507fe332a535e96ebf90e0c1540ed\BIT293B.tmp"
Wed 29 Oct 2008 10,089,488 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5b34e1df94075cd8ea6839a668366d9e\BIT274E.tmp"
Wed 29 Oct 2008 360,170 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\62a6bda40fd43c85b80eb1e5d4b6041b\BIT293F.tmp"
Wed 29 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6efcd3506d8bb09b521fd2ab4ee258bc\BIT274B.tmp"
Wed 29 Oct 2008 1,102,516 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9526baba4c0a42975f8fabcda9ca8dc3\BIT2750.tmp"
Wed 29 Oct 2008 266,011 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aad67b3b930dfc282c11a72d16b66b51\BIT293D.tmp"
Wed 29 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b0bbf9bad2a96231d750c48395570f92\BIT274D.tmp"
Wed 29 Oct 2008 333,343 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bca312370051ccd4dd4044e1a21a357e\BIT293C.tmp"
Wed 29 Oct 2008 1,617,424 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c212d67be1f86f86c36e82bc3c8d87df\BIT2752.tmp"
Tue 18 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Mon 25 Feb 2008 3,489,792 A..H. --- "C:\Documents and Settings\Chris\Application Data\U3\temp\Launchpad Removal.exe"

Finished!










Log.txt

ComboFix 08-12-06.04 - Chris 2008-12-06 17:59:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2586 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris\Application Data\inst.exe
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\windows\Install.txt
c:\windows\system32\DJQqrBeg.ini
c:\windows\system32\DJQqrBeg.ini2
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ehPWyyay.ini
c:\windows\system32\ehPWyyay.ini2
c:\windows\system32\hbpfgalc.dll
c:\windows\system32\launcher.exe
c:\windows\system32\lvvgoe.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_NPF
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 17:38 . 2008-12-06 17:38 <DIR> d-------- c:\windows\ERUNT
2008-12-06 17:26 . 2008-12-06 17:57 <DIR> d-------- C:\SDFix
2008-12-04 23:48 . 2008-12-04 23:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-04 23:47 . 2008-12-04 23:47 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-04 23:34 . 2008-12-04 23:34 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-04 23:34 . 2004-08-03 17:07 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-04 23:30 . 2008-12-06 17:27 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-04 23:26 . 2008-06-13 05:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-04 23:26 . 2008-06-13 05:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-04 23:19 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-04 23:19 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-04 23:19 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-04 23:02 . 2008-12-04 23:02 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2008-12-04 23:02 . 2008-12-04 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 19:42 . 2008-12-04 21:42 <DIR> d-------- c:\documents and settings\Chris\Download
2008-12-04 19:29 . 2008-12-06 17:19 512 --a------ c:\windows\randseed.rnd
2008-12-04 19:28 . 2008-12-04 19:28 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-04 19:27 . 2008-12-04 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2008-12-04 19:27 . 2004-09-22 20:00 108,256 --a------ c:\windows\system32\drivers\naiavf5x.sys
2008-12-04 19:27 . 2004-09-22 20:00 58,048 --a------ c:\windows\system32\drivers\mvstdi5x.sys
2008-12-04 19:26 . 2008-12-04 19:28 <DIR> d-------- c:\program files\Network Associates
2008-12-04 19:26 . 2008-12-04 19:27 <DIR> d-------- c:\program files\Common Files\Network Associates
2008-12-04 19:25 . 2008-12-04 19:25 <DIR> d-------- c:\documents and settings\Chris\Application Data\Logs
2008-12-04 00:27 . 2008-12-04 00:28 <DIR> d-------- C:\rsit
2008-12-04 00:27 . 2008-12-04 00:27 <DIR> d-------- c:\program files\trend micro
2008-12-03 20:15 . 2008-12-04 15:24 1,437,571 ---hs---- c:\windows\system32\lcjnmcvf.ini
2008-12-02 23:01 . 2008-12-02 23:06 250 --a------ c:\windows\gmer.ini
2008-12-02 20:09 . 2008-12-03 20:10 1,437,562 ---hs---- c:\windows\system32\gtkgthys.ini
2008-12-02 16:52 . 2008-12-02 16:52 1 --a------ c:\windows\system32\edl.dat
2008-11-30 20:28 . 2008-12-04 00:26 <DIR> d--hs---- c:\windows\Q2hyaXM
2008-11-30 20:18 . 2008-12-04 23:14 <DIR> d-------- c:\documents and settings\Chris\Application Data\Twain
2008-11-30 20:08 . 2008-12-01 20:09 1,381,274 ---hs---- c:\windows\system32\mvyqcqvo.ini
2008-11-27 18:56 . 2008-11-28 18:56 1,691,740 ---hs---- c:\windows\system32\apiklacr.ini
2008-11-26 18:56 . 2008-11-26 18:56 1,648,820 ---hs---- c:\windows\system32\ndbthasm.ini
2008-11-25 18:53 . 2008-11-26 18:53 1,648,820 ---hs---- c:\windows\system32\gimqmggo.ini
2008-11-24 18:51 . 2008-11-25 18:52 1,648,820 ---hs---- c:\windows\system32\jmwihjnl.ini
2008-11-24 18:45 . 2008-11-24 19:05 <DIR> d-------- c:\windows\system32\vba
2008-11-24 18:45 . 2008-11-24 18:45 <DIR> d-------- c:\windows\system32\PIX
2008-11-24 18:45 . 2008-11-24 22:42 <DIR> d-------- c:\windows\system32\mp2
2008-11-24 18:45 . 2008-11-24 18:45 <DIR> d-------- c:\windows\system32\IO2
2008-11-24 18:45 . 2008-11-24 18:45 <DIR> d-------- c:\windows\system32\FND
2008-11-24 18:45 . 2008-12-06 17:59 <DIR> d-------- C:\Temp
2008-11-24 18:45 . 2008-11-24 18:45 153,483 --a------ c:\windows\system32\g36.exe
2008-11-24 18:45 . 2008-11-24 18:45 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-24 18:45 . 2008-11-24 18:45 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-24 18:45 . 2008-11-24 18:45 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-18 16:23 . 2008-11-18 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\pI3_lic_file
2008-11-18 16:21 . 2008-11-18 16:23 <DIR> d-------- c:\program files\particleIllusion_3
2008-11-18 16:16 . 2008-11-18 16:16 <DIR> d-------- c:\program files\CycoreFX HD Files
2008-11-18 16:16 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-11-18 16:09 . 2006-12-02 15:32 167,936 --a------ c:\windows\system32\Engine3D021206.dll
2008-11-17 17:12 . 2008-11-17 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-11-17 17:07 . 2008-11-17 17:07 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-17 17:04 . 2008-11-17 17:04 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-17 16:56 . 2008-11-17 16:56 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-08 16:15 . 2008-11-08 16:57 <DIR> d-------- c:\documents and settings\Chris\Application Data\vlc
2008-11-08 16:15 . 2008-12-01 23:58 <DIR> d-------- c:\documents and settings\Chris\Application Data\dvdcss
2008-11-08 16:14 . 2008-11-08 16:14 <DIR> d-------- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 01:30 --------- d-----w c:\program files\Google
2008-12-07 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-05 03:25 --------- d-----w c:\documents and settings\Chris\Application Data\U3
2008-12-04 03:02 --------- d-----w c:\program files\Image-Line
2008-12-04 02:59 --------- d-----w c:\program files\Vstplugins
2008-12-02 01:36 --------- d-----w c:\documents and settings\Chris\Application Data\LimeWire
2008-11-28 04:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 02:08 --------- d-----w c:\documents and settings\Chris\Application Data\Azureus
2008-11-18 21:28 --------- d-----w c:\program files\Common Files\Adobe
2008-11-16 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-03 06:43 --------- d-----w c:\program files\Photomatix
2008-11-03 05:26 --------- d-----w c:\program files\EphPod
2008-10-30 00:03 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-29 23:59 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-29 23:54 --------- d-----w c:\program files\Windows Live
2008-10-27 03:15 --------- d-----w c:\program files\DivX
2008-10-25 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-24 21:39 --------- d-----w c:\program files\ESET
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 02:15 --------- d-----w c:\program files\Common Files\LogiShrd
2008-10-22 02:12 --------- d-----w c:\program files\Logitech
2008-10-22 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-10-22 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-16 03:44 --------- d-----w c:\documents and settings\Chris\Application Data\TmpRecentIcons
2008-10-14 23:00 --------- d-----w c:\documents and settings\Chris\Application Data\CoreFTP
2008-10-13 22:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 22:24 --------- d-----w c:\program files\Corel
2008-10-13 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-10-13 22:18 47,360 ----a-w c:\documents and settings\Chris\Application Data\pcouffin.sys
2008-10-13 22:18 --------- d-----w c:\program files\VSO
2008-10-13 22:18 --------- d-----w c:\documents and settings\Chris\Application Data\Vso
2008-10-13 02:44 --------- d-----w c:\program files\Sony Setup
2008-05-08 21:14 22,328 ----a-w c:\documents and settings\Chris\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= kwrklm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-06 12:50 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALYac]
--a------ 2008-01-11 17:36 79304 c:\program files\ESTsoft\ALYac\AYUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 17:07 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-12 17:55 133104 c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 13:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 17:07 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 12:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-05-17 09:52 505368 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 09:53 780312 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2004-08-06 03:50 139320 c:\program files\Network Associates\Common Framework\UpdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-03 17:07 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
--a------ 2003-10-07 09:48 147514 c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 17:07 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 17:07 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 15:50 233472 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 22:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2004-09-22 20:00 94208 c:\program files\Network Associates\VirusScan\shstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 02:42 144784 c:\program files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2006-12-05 19:49 114688 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-02-22 20:42 3537968 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2008-02-20 20:58 19456 c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2008-02-20 20:58 19968 c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"npkcmsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"IDriverT"=3 (0x3)
"aawservice"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"ose"=3 (0x3)
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"ForcewareWebInterface"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"CTAudSvcService"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ALYac_PZSrv"=2 (0x2)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\conime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-12-04 58048]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;\??\c:\program files\ESTsoft\ALYac\AYDrvSP.sys [2008-12-04 23288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859e3e99-b357-11dd-a103-001731cee391}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 17:55]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-54c27ef3 - c:\windows\system32\haawcelh.dll
MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe
MSConfigStartUp-BM57f14d6f - c:\windows\system32\umtptnge.dll
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-Java Update - c:\documents and settings\Chris\Local Settings\Application Data\JavaRuntime.00.exe
MSConfigStartUp-Steam - f:\steam\Steam.exe


.
------- Supplementary Scan -------
.
uStart Page = about:Blank
mStart Page = about:Blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FireFox -: Profile - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\l43wsjhw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 18:02:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\explorer.exe [268] 0x88B72748

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNt.aye"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-06 18:07:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 02:07:12

Pre-Run: 1,889,804,288 bytes free
Post-Run: 2,315,608,064 bytes free

311 --- E O F --- 2008-12-05 07:52:18












there you go!



and here is a fresh hijack log!

Hijack
Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-12-06 18:12:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (6%) free of 38 GB
Total RAM: 3070 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at PM 6:12:16, on 12/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Program Files\trend micro\Chris.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: kwrklm.dll
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 1547 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-02-22 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALYac]
C:\Program Files\ESTsoft\ALYac\AYUpdate.exe [2008-01-11 79304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-02-20 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2008-02-20 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-14 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-12-05 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-02-22 3537968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2007-12-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"npkcmsvc"=2
"Bonjour Service"=2
"IDriverT"=3
"aawservice"=2
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"ose"=3
"nSvcLog"=2
"nSvcIp"=2
"LVSrvLauncher"=2
"LVPrcSrv"=2
"LVCOMSer"=2
"iPod Service"=3
"idsvc"=3
"ForcewareWebInterface"=2
"ForceWare Intelligent Application Manager (IAM)"=2
"FLEXnet Licensing Service"=3
"ekrn"=2
"EhttpSrv"=3
"CTAudSvcService"=2
"Brother XP spl Service"=2
"ATI Smart"=2
"Ati HotKey Poller"=2
"Apple Mobile Device"=2
"ALYac_PZSrv"=2
"McTaskManager"=2
"McShield"=2
"McAfeeFramework"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" kwrklm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-25 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS3"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
"C:\WINDOWS\system32\conime.exe"="C:\WINDOWS\system32\conime.exe:*:Enabled:conime"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859e3e99-b357-11dd-a103-001731cee391}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-06 18:07:32 ----D---- C:\WINDOWS\temp
2008-12-06 18:07:29 ----A---- C:\ComboFix.txt
2008-12-06 17:58:57 ----A---- C:\WINDOWS\zip.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\VFIND.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\SWSC.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\SWREG.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\sed.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\grep.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\fdsv.exe
2008-12-06 17:58:54 ----D---- C:\WINDOWS\ERDNT
2008-12-06 17:58:54 ----D---- C:\Qoobox
2008-12-06 17:38:05 ----D---- C:\WINDOWS\ERUNT
2008-12-06 17:26:12 ----D---- C:\SDFix
2008-12-04 23:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 23:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-04 23:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-04 23:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 23:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-04 23:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 23:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-04 23:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-04 23:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 23:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 23:48:45 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-04 23:47:09 ----D---- C:\Program Files\MSXML 6.0
2008-12-04 23:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-12-04 23:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-04 23:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 23:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-04 23:45:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-04 23:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-04 23:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-04 23:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-04 23:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-04 23:35:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 23:35:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 23:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-04 23:34:50 ----D---- C:\Program Files\MSXML 4.0
2008-12-04 23:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-04 23:34:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-04 23:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-04 23:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-04 23:30:45 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-04 23:19:29 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-04 23:19:29 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-04 23:19:29 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-04 23:02:39 ----D---- C:\Documents and Settings\Chris\Application Data\Malwarebytes
2008-12-04 23:02:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 22:21:18 ----D---- C:\Documents and Settings\Chris\Application Data\Google
2008-12-04 22:20:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-04 19:28:09 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-12-04 19:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\Network Associates
2008-12-04 19:26:28 ----D---- C:\Program Files\Network Associates
2008-12-04 19:26:28 ----D---- C:\Program Files\Common Files\Network Associates
2008-12-04 19:25:18 ----D---- C:\Documents and Settings\Chris\Application Data\Logs
2008-12-04 00:27:52 ----D---- C:\rsit
2008-12-04 00:27:52 ----D---- C:\Program Files\trend micro
2008-12-03 20:15:26 ----SH---- C:\WINDOWS\system32\lcjnmcvf.ini
2008-12-02 23:01:49 ----A---- C:\WINDOWS\gmer.ini
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer.exe
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer.dll
2008-12-02 20:09:41 ----SH---- C:\WINDOWS\system32\gtkgthys.ini
2008-11-30 20:28:17 ----SHD---- C:\WINDOWS\Q2hyaXM
2008-11-30 20:18:06 ----D---- C:\Documents and Settings\Chris\Application Data\Twain
2008-11-30 20:08:39 ----SH---- C:\WINDOWS\system32\mvyqcqvo.ini
2008-11-27 18:56:14 ----SH---- C:\WINDOWS\system32\apiklacr.ini
2008-11-27 01:50:58 ----D---- C:\Program Files\Hijackthis
2008-11-26 18:56:30 ----SH---- C:\WINDOWS\system32\ndbthasm.ini
2008-11-25 18:53:08 ----SH---- C:\WINDOWS\system32\gimqmggo.ini
2008-11-24 18:51:29 ----SH---- C:\WINDOWS\system32\jmwihjnl.ini
2008-11-24 18:45:50 ----A---- C:\WINDOWS\system32\g36.exe
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\vba
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\PIX
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\mp2
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\IO2
2008-11-24 18:45:38 ----D---- C:\WINDOWS\system32\FND
2008-11-24 18:45:34 ----D---- C:\Temp
2008-11-18 16:23:24 ----D---- C:\Documents and Settings\All Users\Application Data\pI3_lic_file
2008-11-18 16:21:42 ----D---- C:\Program Files\particleIllusion_3
2008-11-18 16:16:50 ----D---- C:\Program Files\CycoreFX HD Files
2008-11-18 16:16:50 ----A---- C:\WINDOWS\unvise32.exe
2008-11-18 16:09:19 ----A---- C:\WINDOWS\system32\Engine3D021206.dll
2008-11-17 17:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-11-17 17:07:24 ----D---- C:\Program Files\Adobe Media Player
2008-11-17 17:04:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-17 16:56:01 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-08 16:15:56 ----D---- C:\Documents and Settings\Chris\Application Data\dvdcss
2008-11-08 16:15:31 ----D---- C:\Documents and Settings\Chris\Application Data\vlc
2008-11-08 16:14:38 ----D---- C:\Program Files\VideoLAN

======List of files/folders modified in the last 1 months======

2008-12-06 18:07:54 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 18:07:33 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 18:07:33 ----D---- C:\WINDOWS\system32
2008-12-06 18:07:32 ----D---- C:\WINDOWS
2008-12-06 18:03:24 ----A---- C:\WINDOWS\system.ini
2008-12-06 18:01:08 ----D---- C:\WINDOWS\system32\config
2008-12-06 18:00:08 ----D---- C:\WINDOWS\AppPatch
2008-12-06 18:00:08 ----D---- C:\Program Files\Common Files
2008-12-06 17:59:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 17:42:27 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 17:30:41 ----D---- C:\Program Files\Google
2008-12-06 17:29:07 ----SH---- C:\boot.ini
2008-12-06 17:29:07 ----A---- C:\WINDOWS\win.ini
2008-12-06 17:27:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 17:27:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 17:27:35 ----HD---- C:\WINDOWS\inf
2008-12-06 17:18:36 ----SHD---- C:\WINDOWS\Installer
2008-12-06 17:17:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-06 17:15:53 ----RD---- C:\Program Files
2008-12-06 17:15:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-06 17:12:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 23:51:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-04 23:51:51 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 23:51:45 ----D---- C:\Program Files\Messenger
2008-12-04 23:48:02 ----D---- C:\WINDOWS\system32\Restore
2008-12-04 23:41:41 ----RSD---- C:\WINDOWS\assembly
2008-12-04 23:39:53 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 23:39:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 23:37:04 ----D---- C:\WINDOWS\WinSxS
2008-12-04 23:35:18 ----D---- C:\Program Files\Internet Explorer
2008-12-04 23:30:45 ----D---- C:\WINDOWS\Debug
2008-12-04 23:19:14 ----D---- C:\WINDOWS\Help
2008-12-04 23:01:28 ----A---- C:\WINDOWS\system32\5fe1ba8d-.txt
2008-12-04 22:25:14 ----SHD---- C:\WINDOWS\CSC
2008-12-04 19:37:28 ----D---- C:\WINDOWS\Prefetch
2008-12-04 19:25:56 ----D---- C:\Documents and Settings\Chris\Application Data\U3
2008-12-04 17:04:22 ----D---- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-12-04 00:22:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 19:02:41 ----D---- C:\Program Files\Image-Line
2008-12-03 18:59:26 ----D---- C:\Program Files\Vstplugins
2008-12-01 17:36:41 ----D---- C:\Documents and Settings\Chris\Application Data\LimeWire
2008-11-30 20:06:52 ----D---- C:\WINDOWS\system32\Macromed
2008-11-27 20:23:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-22 18:08:44 ----D---- C:\Documents and Settings\Chris\Application Data\Azureus
2008-11-19 13:16:48 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2008-11-18 16:12:31 ----D---- C:\Program Files\Adobe
2008-11-18 13:28:45 ----D---- C:\Program Files\Common Files\Adobe
2008-11-17 21:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-15 16:05:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 17:55:51 ----SD---- C:\WINDOWS\Tasks
2008-11-12 01:20:22 ----A---- C:\WINDOWS\BRPP2KA.INI
2008-11-11 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-03 12160]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 58048]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-21 109568]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-25 2863616]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2008-02-25 170520]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-02-25 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-02-25 524312]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2008-02-25 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2008-02-25 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-02-25 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-02-25 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-02-25 92696]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-21 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-21 18944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-02-25 127000]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 AYDrvNT_ALYAC;AYDrvNT_ALYAC; \??\C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys []
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC; \??\C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2008-02-25 98328]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-02-25 346856]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-02 85969]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-09-22 108256]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 npkcrypt;npkcrypt; C:\WINDOWS\system32\drivers\npkcrypt.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-01 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 ALYac_PZSrv;ALYac_PZSrv; C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye [2008-11-24 792008]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-25 520192]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S4 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2003-08-28 57344]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-17 655624]
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-03-30 143360]
S4 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-07 20543]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S4 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-03-30 131131]
S4 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-03-30 65599]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 December 2008 - 12:01 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\lcjnmcvf.ini
c:\windows\system32\gtkgthys.ini
c:\windows\system32\edl.dat
c:\windows\system32\mvyqcqvo.ini
c:\windows\system32\apiklacr.ini
c:\windows\system32\ndbthasm.ini
c:\windows\system32\gimqmggo.ini
c:\windows\system32\jmwihjnl.ini
c:\windows\system32\g36.exe

Folder::
c:\windows\Q2hyaXM
c:\documents and settings\Chris\Application Data\Twain
c:\windows\system32\vba
c:\windows\system32\PIX
c:\windows\system32\mp2
c:\windows\system32\IO2
c:\windows\system32\FND

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 C4121S

C4121S
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 07 December 2008 - 02:15 PM

ComboFix.txt

ComboFix 08-12-06.06 - Chris 2008-12-07 11:01:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2578 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\apiklacr.ini
c:\windows\system32\edl.dat
c:\windows\system32\g36.exe
c:\windows\system32\gimqmggo.ini
c:\windows\system32\gtkgthys.ini
c:\windows\system32\jmwihjnl.ini
c:\windows\system32\lcjnmcvf.ini
c:\windows\system32\mvyqcqvo.ini
c:\windows\system32\ndbthasm.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris\Application Data\Twain
c:\windows\Q2hyaXM
c:\windows\system32\apiklacr.ini
c:\windows\system32\edl.dat
c:\windows\system32\FND
c:\windows\system32\g36.exe
c:\windows\system32\gimqmggo.ini
c:\windows\system32\gtkgthys.ini
c:\windows\system32\IO2
c:\windows\system32\IO2\FES9U13.exe
c:\windows\system32\jmwihjnl.ini
c:\windows\system32\lcjnmcvf.ini
c:\windows\system32\mp2
c:\windows\system32\mvyqcqvo.ini
c:\windows\system32\ndbthasm.ini
c:\windows\system32\PIX
c:\windows\system32\PIX\gMD9018.exe
c:\windows\system32\vba

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 17:38 . 2008-12-06 17:38 <DIR> d-------- c:\windows\ERUNT
2008-12-06 17:26 . 2008-12-06 17:57 <DIR> d-------- C:\SDFix
2008-12-04 23:48 . 2008-12-04 23:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-04 23:47 . 2008-12-04 23:47 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-04 23:34 . 2008-12-04 23:34 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-04 23:34 . 2004-08-03 17:07 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-04 23:30 . 2008-12-06 17:27 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-04 23:26 . 2008-06-13 05:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-04 23:26 . 2008-06-13 05:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-04 23:19 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-04 23:19 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-04 23:19 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-04 23:02 . 2008-12-04 23:02 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2008-12-04 23:02 . 2008-12-04 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 19:42 . 2008-12-04 21:42 <DIR> d-------- c:\documents and settings\Chris\Download
2008-12-04 19:29 . 2008-12-06 17:19 512 --a------ c:\windows\randseed.rnd
2008-12-04 19:28 . 2008-12-04 19:28 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-04 19:27 . 2008-12-04 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2008-12-04 19:27 . 2004-09-22 20:00 108,256 --a------ c:\windows\system32\drivers\naiavf5x.sys
2008-12-04 19:27 . 2004-09-22 20:00 58,048 --a------ c:\windows\system32\drivers\mvstdi5x.sys
2008-12-04 19:26 . 2008-12-04 19:28 <DIR> d-------- c:\program files\Network Associates
2008-12-04 19:26 . 2008-12-04 19:27 <DIR> d-------- c:\program files\Common Files\Network Associates
2008-12-04 19:25 . 2008-12-04 19:25 <DIR> d-------- c:\documents and settings\Chris\Application Data\Logs
2008-12-04 00:27 . 2008-12-04 00:28 <DIR> d-------- C:\rsit
2008-12-04 00:27 . 2008-12-06 18:12 <DIR> d-------- c:\program files\trend micro
2008-12-02 23:01 . 2008-12-02 23:06 250 --a------ c:\windows\gmer.ini
2008-11-24 18:45 . 2008-12-06 17:59 <DIR> d-------- C:\Temp
2008-11-24 18:45 . 2008-11-24 18:45 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-24 18:45 . 2008-11-24 18:45 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-24 18:45 . 2008-11-24 18:45 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-18 16:23 . 2008-11-18 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\pI3_lic_file
2008-11-18 16:21 . 2008-11-18 16:23 <DIR> d-------- c:\program files\particleIllusion_3
2008-11-18 16:16 . 2008-11-18 16:16 <DIR> d-------- c:\program files\CycoreFX HD Files
2008-11-18 16:16 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-11-18 16:09 . 2006-12-02 15:32 167,936 --a------ c:\windows\system32\Engine3D021206.dll
2008-11-17 17:12 . 2008-11-17 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-11-17 17:07 . 2008-11-17 17:07 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-17 17:04 . 2008-11-17 17:04 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-17 16:56 . 2008-11-17 16:56 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-08 16:15 . 2008-11-08 16:57 <DIR> d-------- c:\documents and settings\Chris\Application Data\vlc
2008-11-08 16:15 . 2008-12-01 23:58 <DIR> d-------- c:\documents and settings\Chris\Application Data\dvdcss
2008-11-08 16:14 . 2008-11-08 16:14 <DIR> d-------- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 18:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 09:02 --------- d-----w c:\program files\ESTsoft
2008-12-07 01:30 --------- d-----w c:\program files\Google
2008-12-07 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-05 03:25 --------- d-----w c:\documents and settings\Chris\Application Data\U3
2008-12-04 03:02 --------- d-----w c:\program files\Image-Line
2008-12-04 02:59 --------- d-----w c:\program files\Vstplugins
2008-12-02 01:36 --------- d-----w c:\documents and settings\Chris\Application Data\LimeWire
2008-11-23 02:08 --------- d-----w c:\documents and settings\Chris\Application Data\Azureus
2008-11-18 21:28 --------- d-----w c:\program files\Common Files\Adobe
2008-11-16 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-03 06:43 --------- d-----w c:\program files\Photomatix
2008-11-03 05:26 --------- d-----w c:\program files\EphPod
2008-10-30 00:03 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-29 23:59 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-29 23:54 --------- d-----w c:\program files\Windows Live
2008-10-27 03:15 --------- d-----w c:\program files\DivX
2008-10-25 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-24 21:39 --------- d-----w c:\program files\ESET
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 02:15 --------- d-----w c:\program files\Common Files\LogiShrd
2008-10-22 02:12 --------- d-----w c:\program files\Logitech
2008-10-22 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-10-22 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-16 03:44 --------- d-----w c:\documents and settings\Chris\Application Data\TmpRecentIcons
2008-10-14 23:00 --------- d-----w c:\documents and settings\Chris\Application Data\CoreFTP
2008-10-13 22:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 22:24 --------- d-----w c:\program files\Corel
2008-10-13 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-10-13 22:18 47,360 ----a-w c:\documents and settings\Chris\Application Data\pcouffin.sys
2008-10-13 22:18 --------- d-----w c:\program files\VSO
2008-10-13 22:18 --------- d-----w c:\documents and settings\Chris\Application Data\Vso
2008-10-13 02:44 --------- d-----w c:\program files\Sony Setup
2008-05-08 21:14 22,328 ----a-w c:\documents and settings\Chris\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_18.06.42.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-05 07:52:14 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-12-07 08:00:58 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-12-05 07:52:14 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-07 08:00:58 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-12-05 07:52:14 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-12-07 08:00:58 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-12-05 07:52:14 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-07 08:00:58 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-12-05 07:52:14 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-07 08:00:58 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-12-05 07:52:14 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-07 08:00:58 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-12-05 07:52:14 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-07 08:00:58 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-12-05 07:52:14 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-07 08:00:58 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-12-05 07:52:14 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-07 08:00:58 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-12-05 07:52:14 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-12-07 08:00:58 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-12-05 07:52:14 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-07 08:00:58 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-12-05 07:52:14 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-07 08:00:58 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-12-05 07:52:14 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-07 08:00:58 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-06 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-06 12:50 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 17:07 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-12 17:55 133104 c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 13:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 17:07 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 12:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-05-17 09:52 505368 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 09:53 780312 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2004-08-06 03:50 139320 c:\program files\Network Associates\Common Framework\UpdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-03 17:07 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
--a------ 2003-10-07 09:48 147514 c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 17:07 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 17:07 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 15:50 233472 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 22:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2004-09-22 20:00 94208 c:\program files\Network Associates\VirusScan\shstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 02:42 144784 c:\program files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2006-12-05 19:49 114688 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-02-22 20:42 3537968 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2008-02-20 20:58 19456 c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2008-02-20 20:58 19968 c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"npkcmsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"IDriverT"=3 (0x3)
"aawservice"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"ose"=3 (0x3)
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"ForcewareWebInterface"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"CTAudSvcService"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ALYac_PZSrv"=2 (0x2)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\conime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-12-04 58048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859e3e99-b357-11dd-a103-001731cee391}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-07 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 17:55]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ALYac - c:\program files\ESTsoft\ALYac\AYUpdate.exe


.
------- Supplementary Scan -------
.
uStart Page = about:Blank
mStart Page = about:Blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FireFox -: Profile - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\l43wsjhw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 11:06:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-07 11:11:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 19:11:39
ComboFix2.txt 2008-12-07 02:07:29

Pre-Run: 2,235,482,112 bytes free
Post-Run: 2,221,748,224 bytes free

315 --- E O F --- 2008-12-07 09:13:00




HiJackthis Log
Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-12-07 11:13:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (6%) free of 38 GB
Total RAM: 3070 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at AM 11:13:31, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Program Files\trend micro\Chris.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 1852 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-02-22 352256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-02-20 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2008-02-20 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-14 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-12-05 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-02-22 3537968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2007-12-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"npkcmsvc"=2
"Bonjour Service"=2
"IDriverT"=3
"aawservice"=2
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"ose"=3
"nSvcLog"=2
"nSvcIp"=2
"LVSrvLauncher"=2
"LVPrcSrv"=2
"LVCOMSer"=2
"iPod Service"=3
"idsvc"=3
"ForcewareWebInterface"=2
"ForceWare Intelligent Application Manager (IAM)"=2
"FLEXnet Licensing Service"=3
"ekrn"=2
"EhttpSrv"=3
"CTAudSvcService"=2
"Brother XP spl Service"=2
"ATI Smart"=2
"Ati HotKey Poller"=2
"Apple Mobile Device"=2
"ALYac_PZSrv"=2
"McTaskManager"=2
"McShield"=2
"McAfeeFramework"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-25 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS3"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
"C:\WINDOWS\system32\conime.exe"="C:\WINDOWS\system32\conime.exe:*:Enabled:conime"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859e3e99-b357-11dd-a103-001731cee391}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-07 11:11:58 ----D---- C:\WINDOWS\temp
2008-12-07 11:11:56 ----A---- C:\ComboFix.txt
2008-12-07 11:04:37 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-12-06 17:58:57 ----A---- C:\WINDOWS\zip.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\VFIND.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\SWSC.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\SWREG.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\sed.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\grep.exe
2008-12-06 17:58:57 ----A---- C:\WINDOWS\fdsv.exe
2008-12-06 17:58:54 ----D---- C:\WINDOWS\ERDNT
2008-12-06 17:58:54 ----D---- C:\Qoobox
2008-12-06 17:38:05 ----D---- C:\WINDOWS\ERUNT
2008-12-06 17:26:12 ----D---- C:\SDFix
2008-12-04 23:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 23:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-04 23:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-04 23:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 23:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-04 23:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 23:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-04 23:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-04 23:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 23:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 23:48:45 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-04 23:47:09 ----D---- C:\Program Files\MSXML 6.0
2008-12-04 23:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-12-04 23:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-04 23:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 23:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-04 23:45:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-04 23:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-04 23:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-04 23:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-04 23:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-04 23:35:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 23:35:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 23:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-04 23:34:50 ----D---- C:\Program Files\MSXML 4.0
2008-12-04 23:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-04 23:34:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-04 23:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-04 23:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-04 23:30:45 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-04 23:19:29 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-04 23:19:29 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-04 23:19:29 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-04 23:02:39 ----D---- C:\Documents and Settings\Chris\Application Data\Malwarebytes
2008-12-04 23:02:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 22:21:18 ----D---- C:\Documents and Settings\Chris\Application Data\Google
2008-12-04 22:20:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-04 19:28:09 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-12-04 19:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\Network Associates
2008-12-04 19:26:28 ----D---- C:\Program Files\Network Associates
2008-12-04 19:26:28 ----D---- C:\Program Files\Common Files\Network Associates
2008-12-04 19:25:18 ----D---- C:\Documents and Settings\Chris\Application Data\Logs
2008-12-04 00:27:52 ----D---- C:\rsit
2008-12-04 00:27:52 ----D---- C:\Program Files\trend micro
2008-12-02 23:01:49 ----A---- C:\WINDOWS\gmer.ini
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer.exe
2008-12-02 23:01:46 ----A---- C:\WINDOWS\gmer.dll
2008-11-27 01:50:58 ----D---- C:\Program Files\Hijackthis
2008-11-24 18:45:34 ----D---- C:\Temp
2008-11-18 16:23:24 ----D---- C:\Documents and Settings\All Users\Application Data\pI3_lic_file
2008-11-18 16:21:42 ----D---- C:\Program Files\particleIllusion_3
2008-11-18 16:16:50 ----D---- C:\Program Files\CycoreFX HD Files
2008-11-18 16:16:50 ----A---- C:\WINDOWS\unvise32.exe
2008-11-18 16:09:19 ----A---- C:\WINDOWS\system32\Engine3D021206.dll
2008-11-17 17:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-11-17 17:07:24 ----D---- C:\Program Files\Adobe Media Player
2008-11-17 17:04:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-17 16:56:01 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-08 16:15:56 ----D---- C:\Documents and Settings\Chris\Application Data\dvdcss
2008-11-08 16:15:31 ----D---- C:\Documents and Settings\Chris\Application Data\vlc
2008-11-08 16:14:38 ----D---- C:\Program Files\VideoLAN

======List of files/folders modified in the last 1 months======

2008-12-07 11:12:36 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 11:11:59 ----D---- C:\WINDOWS\system32\drivers
2008-12-07 11:11:59 ----D---- C:\WINDOWS\system32
2008-12-07 11:11:59 ----D---- C:\WINDOWS\Prefetch
2008-12-07 11:11:58 ----D---- C:\WINDOWS
2008-12-07 11:06:30 ----A---- C:\WINDOWS\system.ini
2008-12-07 11:03:10 ----D---- C:\WINDOWS\AppPatch
2008-12-07 11:03:10 ----D---- C:\Program Files\Common Files
2008-12-07 11:00:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 10:54:51 ----HD---- C:\WINDOWS\inf
2008-12-07 10:50:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-07 01:14:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-07 01:14:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 01:02:50 ----D---- C:\Program Files\ESTsoft
2008-12-07 00:01:01 ----SHD---- C:\WINDOWS\Installer
2008-12-06 18:01:08 ----D---- C:\WINDOWS\system32\config
2008-12-06 17:42:27 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 17:30:41 ----D---- C:\Program Files\Google
2008-12-06 17:29:07 ----SH---- C:\boot.ini
2008-12-06 17:29:07 ----A---- C:\WINDOWS\win.ini
2008-12-06 17:27:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 17:17:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-06 17:15:53 ----RD---- C:\Program Files
2008-12-06 17:15:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-06 17:12:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 23:51:51 ----A---- C:\WINDOWS\imsins.BAK
2008-12-04 23:51:45 ----D---- C:\Program Files\Messenger
2008-12-04 23:48:02 ----D---- C:\WINDOWS\system32\Restore
2008-12-04 23:41:41 ----RSD---- C:\WINDOWS\assembly
2008-12-04 23:39:53 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 23:39:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 23:37:04 ----D---- C:\WINDOWS\WinSxS
2008-12-04 23:35:18 ----D---- C:\Program Files\Internet Explorer
2008-12-04 23:30:45 ----D---- C:\WINDOWS\Debug
2008-12-04 23:19:14 ----D---- C:\WINDOWS\Help
2008-12-04 23:01:28 ----A---- C:\WINDOWS\system32\5fe1ba8d-.txt
2008-12-04 22:25:14 ----SHD---- C:\WINDOWS\CSC
2008-12-04 19:25:56 ----D---- C:\Documents and Settings\Chris\Application Data\U3
2008-12-04 17:04:22 ----D---- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-12-04 00:22:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 19:02:41 ----D---- C:\Program Files\Image-Line
2008-12-03 18:59:26 ----D---- C:\Program Files\Vstplugins
2008-12-01 17:36:41 ----D---- C:\Documents and Settings\Chris\Application Data\LimeWire
2008-11-30 20:06:52 ----D---- C:\WINDOWS\system32\Macromed
2008-11-22 18:08:44 ----D---- C:\Documents and Settings\Chris\Application Data\Azureus
2008-11-19 13:16:48 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2008-11-18 16:12:31 ----D---- C:\Program Files\Adobe
2008-11-18 13:28:45 ----D---- C:\Program Files\Common Files\Adobe
2008-11-17 21:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-15 16:05:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 17:55:51 ----SD---- C:\WINDOWS\Tasks
2008-11-12 01:20:22 ----A---- C:\WINDOWS\BRPP2KA.INI
2008-11-11 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-03 12160]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 58048]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-21 109568]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-25 2863616]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2008-02-25 170520]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-02-25 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-02-25 524312]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2008-02-25 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2008-02-25 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-02-25 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-02-25 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-02-25 92696]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-21 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-21 18944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-02-25 127000]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2008-02-25 98328]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-02-25 346856]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-02 85969]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-09-22 108256]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 npkcrypt;npkcrypt; C:\WINDOWS\system32\drivers\npkcrypt.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-01 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-25 520192]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S4 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2003-08-28 57344]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-17 655624]
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-03-30 143360]
S4 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-07 20543]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S4 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-03-30 131131]
S4 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-03-30 65599]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


thankss

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 December 2008 - 08:55 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Post me Malwarebytes' log and tell me, how is the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 C4121S

C4121S
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 10 December 2008 - 05:26 AM

its running SO much better thank you!!!!


im scanning the malware but it shut down enexpectedly. so scanning again :thumbsup:

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 10 December 2008 - 05:59 AM

Ok.. waiting for your log :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 C4121S

C4121S
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 11 December 2008 - 03:02 AM

Heres the log!

Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 2

12/11/2008 12:01:51 AM
mbam-log-2008-12-11 (00-01-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 111459
Time elapsed: 1 hour(s), 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Chris\My Documents\programs\SonyK\keygen.exe (Backdoor.SDBot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\IO2\FES9U13.exe.vir (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\PIX\gMD9018.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.



did not know that keygen was a backdoor!

Edited by C4121S, 11 December 2008 - 03:04 AM.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 11 December 2008 - 06:59 AM

Keygens, cracks, warez always contains backdoor.. Don't try your luck with them.. You might ended up reformatting your machine, seriously...


Looks good to me.. Lets do some cleanup..


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes
Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keygens, cracks, warez always contains backdoor.. Don't try your luck with them.. You might ended up reformatting your machine, seriously...


Looks good to me.. Lets do some cleanup..


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes
Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users