Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection


  • Please log in to reply
11 replies to this topic

#1 Eilonwy05

Eilonwy05

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 07 December 2008 - 03:11 PM

Recently found that the custom autorun.inf I had created on my Playstation Portable's memory stick had been overwritten with a totally different one, which referenced an exe inside a subfolder of the "RECYCLER" directory that had never previously been on the media (and shouldn't be, as there is no recycle bin on removable media.)

I attempted to edit the incorrect autorun file with my default text editor, Notepad++, which notified me as I was typing that the file had been modified outside the editor, and prompted me to update the file to reflect these modifications. Curious, I allowed it to do so, and the file's contents were back to referencing the exe inside the RECYCLER subfolder (the subfolder was a Windows GUID which I don't recall at the moment.)

My next step was to attempt to delete the RECYCLER folder, along with the autorun.inf, which I had to set "attrib -s -h -r" in order to delete. Not 10 seconds after I had removed these they were recreated. I started looking around my system, and found a RECYCLER folder on all of my hard drives; not all of them had the autorun file but some did (I have 4 internal hard disks in my system.)

Neither Windows Task Manager nor Sysinternals Process Explorer showed anything that shouldn't be running, and booting to a copy I had previously compiled of BartPE, deleting the recycler/autorun files, then rebooting into my installed copy of Windows saw the files pop right back up.

Below are my logs from running RSIT; I would have included Kaspersky Online Scanner logs as well, but after almost 4 hours scanning and no end in sight, I really wanted to get my computer back for my own use!

Any assistance getting rid of this nuisance would be appreciated, especially now that I've found out I inadvertently spread whatever this is to my dad's computer and my best friend's system as well..... :thumbsup:

Logfile of random's system information tool 1.04 (written by random/random)
Run by scott at 2008-12-07 11:24:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 90 GB (59%) free of 153 GB
Total RAM: 3326 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:07 AM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Input Director\InputDirector.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Carrier\carrier.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Input Director\IDWinService.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\SHOUTcast\sc_serv.exe
C:\Program Files\Stickies\stickies.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\Program Files\ICQCorp\ICQCorp.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\pspvc\pspvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Winamp\winamp.exe
F:\holding-bin\RSIT.exe
C:\Program Files\trend micro\scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [InputDirector] "C:\Program Files\Input Director\InputDirector.exe" /hide
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\BitMeter\BitMeter2.exe
O4 - Global Startup: Carrier.lnk = C:\Program Files\Carrier\carrier.exe
O4 - Global Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: ICQ Corp.lnk = C:\Program Files\ICQCorp\ICQCorp.exe
O4 - Global Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: SHOUTcast DNAS (GUI).lnk = C:\Program Files\SHOUTcast\sc_serv.exe
O4 - Global Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Global Startup: VoiceOverlay.lnk = C:\Program Files\VoiceOverlay\VoiceOverlay.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{719C8A69-3C41-497B-8544-9325A0D31BB7}: NameServer = 192.168.1.1,68.94.156.1,68.94.157.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Input Director Service (InputDirector) - Unknown owner - C:\Program Files\Input Director\IDWinService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11911 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
Tunebite_WebRipPlugin Class - C:\Program Files\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2008-09-26 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2007-10-08 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\PROGRA~1\TEXTAL~1\TAForIE.dll [2007-08-25 658432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2007-04-09 19456]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2007-04-09 19968]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]
"Taskix"=C:\Program Files\Taskix\Taskix32.exe [2008-04-02 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-11-04 86016]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"=C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe [2007-07-12 179288]
"MDGetStarted.exe"=C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe [2007-06-13 139264]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-09-18 84528]
"FileZilla Server Interface"=C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2008-11-10 942080]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"OneTouch Monitor"=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [2002-09-24 86016]
"FineReader7NewsReaderPro"=C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [2003-08-05 278528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-10-15 270128]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-12 4789760]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"Vidalia"=C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe [2008-09-02 4013511]
"InputDirector"=C:\Program Files\Input Director\InputDirector.exe [2008-09-09 372736]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe [2004-08-17 143360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bitmeter2.lnk - C:\Program Files\BitMeter\BitMeter2.exe
Carrier.lnk - C:\Program Files\Carrier\carrier.exe
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
ICQ Corp.lnk - C:\Program Files\ICQCorp\ICQCorp.exe
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
SHOUTcast DNAS (GUI).lnk - C:\Program Files\SHOUTcast\sc_serv.exe
Stickies.lnk - C:\Program Files\Stickies\stickies.exe
VoiceOverlay.lnk - C:\Program Files\VoiceOverlay\VoiceOverlay.exe
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

C:\Documents and Settings\scott\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
Stickies.lnk - C:\Program Files\Stickies\stickies.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-20 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRecentDocsNetHood"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Sins of a Solar Empire\Sins of a Solar Empire.exe"="C:\Program Files\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Input Director\InputDirector.exe"="C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director"
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe"="C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper"
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"="C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Program Files\Sacred 2 - Fallen Angel\system\s2gs.exe"="C:\Program Files\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\Program Files\Sacred 2 - Fallen Angel\system\sacred2.exe"="C:\Program Files\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Input Director\InputDirector.exe"="C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director"
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe"="C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper"

======File associations======

.ini - open - "C:\Program Files\Notepad++\notepad++.exe" "%1"
.txt - open - "C:\Program Files\Notepad++\notepad++.exe" "%1"

======List of files/folders created in the last 1 months======

2708-10-22 11:02:39 ----D---- C:\Documents and Settings\scott\Application Data\Skype
2423-05-20 09:12:11 ----D---- C:\Program Files\SHOUTcast
2423-05-20 09:12:11 ----D---- C:\Program Files\ICQCorp
2008-12-07 11:24:56 ----D---- C:\rsit
2008-12-07 11:24:56 ----D---- C:\Program Files\trend micro
2008-12-06 22:36:48 ----D---- C:\MTGPics
2008-12-06 22:36:06 ----D---- C:\Program Files\Magic Workstation
2008-12-06 15:44:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 14:40:34 ----D---- C:\Program Files\HostCore Easy Installer 1.1
2008-12-06 10:28:08 ----D---- C:\Program Files\DVDFab 5
2008-12-06 10:26:32 ----D---- C:\Program Files\GT2
2008-12-05 21:50:45 ----SHD---- C:\RECYCLER
2008-12-03 20:29:44 ----A---- C:\WINDOWS\system32\Log_20081203_202944_514.txt
2008-12-03 20:29:43 ----A---- C:\WINDOWS\system32\Log_20081203_202943_F7C.txt
2008-12-03 20:29:42 ----A---- C:\WINDOWS\system32\Log_20081203_202942_113C.txt
2008-12-03 20:29:41 ----A---- C:\WINDOWS\system32\Log_20081203_202941_91C.txt
2008-12-03 20:29:40 ----A---- C:\WINDOWS\system32\Log_20081203_202940_B24.txt
2008-12-03 20:29:39 ----A---- C:\WINDOWS\system32\Log_20081203_202939_14E0.txt
2008-12-03 20:29:38 ----A---- C:\WINDOWS\system32\Log_20081203_202938_11BC.txt
2008-12-03 20:29:37 ----A---- C:\WINDOWS\system32\Log_20081203_202937_142C.txt
2008-12-03 20:29:36 ----A---- C:\WINDOWS\system32\Log_20081203_202936_874.txt
2008-12-03 20:29:35 ----A---- C:\WINDOWS\system32\Log_20081203_202935_CB4.txt
2008-12-03 20:29:34 ----A---- C:\WINDOWS\system32\Log_20081203_202934_C34.txt
2008-12-03 20:29:33 ----A---- C:\WINDOWS\system32\Log_20081203_202933_1708.txt
2008-12-03 20:29:32 ----A---- C:\WINDOWS\system32\Log_20081203_202932_1210.txt
2008-12-03 20:29:31 ----A---- C:\WINDOWS\system32\Log_20081203_202931_1694.txt
2008-12-03 20:29:30 ----A---- C:\WINDOWS\system32\Log_20081203_202930_1018.txt
2008-12-03 20:29:29 ----A---- C:\WINDOWS\system32\Log_20081203_202929_1C4.txt
2008-12-03 20:29:28 ----A---- C:\WINDOWS\system32\Log_20081203_202928_FCC.txt
2008-12-03 20:29:27 ----A---- C:\WINDOWS\system32\Log_20081203_202927_145C.txt
2008-12-03 20:29:02 ----A---- C:\WINDOWS\system32\Log_20081203_202902_33C.txt
2008-12-03 20:29:01 ----A---- C:\WINDOWS\system32\Log_20081203_202901_11E4.txt
2008-12-03 20:29:00 ----A---- C:\WINDOWS\system32\Log_20081203_202900_C48.txt
2008-12-03 20:28:59 ----A---- C:\WINDOWS\system32\Log_20081203_202859_162C.txt
2008-12-03 20:28:58 ----A---- C:\WINDOWS\system32\Log_20081203_202858_E10.txt
2008-12-03 20:28:57 ----A---- C:\WINDOWS\system32\Log_20081203_202857_C50.txt
2008-12-03 20:28:56 ----A---- C:\WINDOWS\system32\Log_20081203_202856_C70.txt
2008-12-03 20:28:55 ----A---- C:\WINDOWS\system32\Log_20081203_202855_1668.txt
2008-12-03 20:28:54 ----A---- C:\WINDOWS\system32\Log_20081203_202854_F04.txt
2008-12-03 20:28:53 ----A---- C:\WINDOWS\system32\Log_20081203_202853_EC0.txt
2008-12-03 20:28:52 ----A---- C:\WINDOWS\system32\Log_20081203_202852_848.txt
2008-12-03 20:28:51 ----A---- C:\WINDOWS\system32\Log_20081203_202851_17BC.txt
2008-12-03 20:28:50 ----A---- C:\WINDOWS\system32\Log_20081203_202850_F6C.txt
2008-12-03 20:28:49 ----A---- C:\WINDOWS\system32\Log_20081203_202849_D50.txt
2008-12-03 20:28:48 ----A---- C:\WINDOWS\system32\Log_20081203_202848_17E4.txt
2008-12-03 20:28:47 ----A---- C:\WINDOWS\system32\Log_20081203_202847_618.txt
2008-12-03 20:28:46 ----A---- C:\WINDOWS\system32\Log_20081203_202846_11E8.txt
2008-12-03 20:28:43 ----A---- C:\WINDOWS\system32\Log_20081203_202843_139C.txt
2008-12-02 17:13:33 ----D---- C:\Program Files\HTMLBookFixer
2008-12-02 14:40:42 ----D---- C:\Documents and Settings\scott\Application Data\Nvu
2008-12-02 09:54:39 ----A---- C:\wialog.txt
2008-12-02 09:37:29 ----D---- C:\Documents and Settings\scott\Application Data\ABBYY
2008-12-02 09:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\ABBYY
2008-12-02 09:35:35 ----D---- C:\Program Files\ABBYY FineReader 7.0 Professional Edition
2008-12-02 09:26:25 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-12-02 09:25:22 ----A---- C:\WINDOWS\system32\vizMicro.dll
2008-12-02 09:25:22 ----A---- C:\WINDOWS\logfile.txt
2008-12-02 09:25:21 ----D---- C:\Program Files\Visioneer OneTouch
2008-12-02 09:25:21 ----A---- C:\WINDOWS\system32\Ltwvc11n.dll
2008-12-02 09:25:21 ----A---- C:\WINDOWS\system32\Ltkrn11n.dll
2008-12-02 09:25:21 ----A---- C:\WINDOWS\system32\Ltimg11n.dll
2008-12-02 09:25:21 ----A---- C:\WINDOWS\system32\Ltfil11n.dll
2008-12-02 09:25:21 ----A---- C:\WINDOWS\system32\LTDIS11n.dll
2008-12-02 09:25:21 ----A---- C:\WINDOWS\system32\LFCMP11n.DLL
2008-12-02 09:25:21 ----A---- C:\WINDOWS\system32\Lfbmp11n.dll
2008-12-01 19:09:06 ----A---- C:\WINDOWS\system32\hppamon0.dll
2008-12-01 19:09:06 ----A---- C:\WINDOWS\system32\hppadt40.dll
2008-12-01 19:09:06 ----A---- C:\WINDOWS\system32\HPP2800V.DLL
2008-12-01 14:40:23 ----D---- C:\downloads
2008-12-01 14:40:23 ----D---- C:\Documents and Settings\scott\Application Data\FMZilla
2008-12-01 14:39:54 ----D---- C:\Program Files\Free Music Zilla
2008-12-01 14:09:04 ----D---- C:\Program Files\iPod
2008-12-01 14:09:01 ----D---- C:\Program Files\iTunes
2008-12-01 14:08:48 ----SHD---- C:\Config.Msi
2008-12-01 14:08:15 ----D---- C:\Program Files\Apple Software Update
2008-12-01 14:08:11 ----D---- C:\WINDOWS\LastGood
2008-12-01 14:07:42 ----D---- C:\Program Files\Common Files\Apple
2008-12-01 11:26:27 ----D---- C:\Python26
2008-12-01 11:16:57 ----D---- C:\Documents and Settings\scott\Application Data\Mobipocket
2008-12-01 11:14:11 ----D---- C:\Program Files\Mobipocket Reader
2008-11-30 10:33:59 ----D---- C:\Program Files\ConvertLIT GUI
2008-11-30 10:27:19 ----D---- C:\Program Files\Microsoft Reader
2008-11-30 10:27:19 ----A---- C:\WINDOWS\DASShp.dll
2008-11-29 11:53:24 ----A---- C:\ComboFix.txt
2008-11-29 11:45:04 ----A---- C:\Boot.bak
2008-11-29 11:45:00 ----RASHD---- C:\cmdcons
2008-11-29 11:43:57 ----A---- C:\WINDOWS\zip.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\VFIND.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\SWSC.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\SWREG.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\sed.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\grep.exe
2008-11-29 11:43:57 ----A---- C:\WINDOWS\fdsv.exe
2008-11-29 11:43:54 ----D---- C:\WINDOWS\ERDNT
2008-11-29 11:43:54 ----D---- C:\ComboFix
2008-11-28 16:18:19 ----D---- C:\Program Files\Common Files\SourceTec
2008-11-28 16:18:18 ----D---- C:\Program Files\Sothink SWF Decompiler
2008-11-27 14:32:40 ----A---- C:\WINDOWS\system32\Log_20081127_143240_1148.txt
2008-11-27 14:32:39 ----A---- C:\WINDOWS\system32\Log_20081127_143239_948.txt
2008-11-27 14:14:16 ----A---- C:\WINDOWS\system32\Log_20081127_141416_10D8.txt
2008-11-27 14:14:15 ----A---- C:\WINDOWS\system32\Log_20081127_141415_21C.txt
2008-11-27 14:14:14 ----A---- C:\WINDOWS\system32\Log_20081127_141414_39C.txt
2008-11-27 14:14:13 ----A---- C:\WINDOWS\system32\Log_20081127_141413_17D0.txt
2008-11-27 14:14:12 ----A---- C:\WINDOWS\system32\Log_20081127_141412_1728.txt
2008-11-27 14:14:11 ----A---- C:\WINDOWS\system32\Log_20081127_141411_1678.txt
2008-11-27 14:14:10 ----A---- C:\WINDOWS\system32\Log_20081127_141410_15D0.txt
2008-11-27 14:14:09 ----A---- C:\WINDOWS\system32\Log_20081127_141409_1520.txt
2008-11-27 14:14:08 ----A---- C:\WINDOWS\system32\Log_20081127_141408_1478.txt
2008-11-27 14:14:07 ----A---- C:\WINDOWS\system32\Log_20081127_141407_13BC.txt
2008-11-27 14:14:06 ----A---- C:\WINDOWS\system32\Log_20081127_141406_1310.txt
2008-11-27 14:14:05 ----A---- C:\WINDOWS\system32\Log_20081127_141405_1268.txt
2008-11-27 14:14:04 ----A---- C:\WINDOWS\system32\Log_20081127_141404_11B8.txt
2008-11-27 14:14:03 ----A---- C:\WINDOWS\system32\Log_20081127_141403_110C.txt
2008-11-27 14:14:01 ----A---- C:\WINDOWS\system32\Log_20081127_141401_1050.txt
2008-11-27 14:14:00 ----A---- C:\WINDOWS\system32\Log_20081127_141400_C48.txt
2008-11-27 14:13:59 ----A---- C:\WINDOWS\system32\Log_20081127_141359_97C.txt
2008-11-27 14:13:57 ----A---- C:\WINDOWS\system32\Log_20081127_141357_9A0.txt
2008-11-26 09:17:44 ----A---- C:\WINDOWS\system32\Log_20081126_091744_83C.txt
2008-11-26 09:17:43 ----A---- C:\WINDOWS\system32\Log_20081126_091743_1498.txt
2008-11-26 01:13:13 ----A---- C:\WINDOWS\system32\Log_20081126_011313_CE4.txt
2008-11-26 01:13:12 ----A---- C:\WINDOWS\system32\Log_20081126_011312_12F0.txt
2008-11-26 01:13:11 ----A---- C:\WINDOWS\system32\Log_20081126_011311_E68.txt
2008-11-26 01:13:10 ----A---- C:\WINDOWS\system32\Log_20081126_011310_17C4.txt
2008-11-26 01:13:09 ----A---- C:\WINDOWS\system32\Log_20081126_011309_BCC.txt
2008-11-26 01:13:08 ----A---- C:\WINDOWS\system32\Log_20081126_011308_E1C.txt
2008-11-26 01:13:07 ----A---- C:\WINDOWS\system32\Log_20081126_011307_110C.txt
2008-11-26 01:13:06 ----A---- C:\WINDOWS\system32\Log_20081126_011306_15E8.txt
2008-11-26 01:13:05 ----A---- C:\WINDOWS\system32\Log_20081126_011305_D14.txt
2008-11-26 01:13:04 ----A---- C:\WINDOWS\system32\Log_20081126_011304_106C.txt
2008-11-26 01:13:03 ----A---- C:\WINDOWS\system32\Log_20081126_011303_5F4.txt
2008-11-26 01:13:02 ----A---- C:\WINDOWS\system32\Log_20081126_011302_FD4.txt
2008-11-26 01:13:00 ----A---- C:\WINDOWS\system32\Log_20081126_011300_17C8.txt
2008-11-26 01:12:59 ----A---- C:\WINDOWS\system32\Log_20081126_011259_1030.txt
2008-11-26 01:12:58 ----A---- C:\WINDOWS\system32\Log_20081126_011258_F64.txt
2008-11-26 01:12:57 ----A---- C:\WINDOWS\system32\Log_20081126_011257_16CC.txt
2008-11-26 01:12:56 ----A---- C:\WINDOWS\system32\Log_20081126_011256_1420.txt
2008-11-26 01:12:54 ----A---- C:\WINDOWS\system32\Log_20081126_011254_BE4.txt
2008-11-25 23:05:02 ----D---- C:\WINDOWS\system32\CLSID
2008-11-25 16:05:44 ----D---- C:\Program Files\Rotate Videos
2008-11-24 10:24:43 ----A---- C:\WINDOWS\system32\Log_20081124_102443_1080.txt
2008-11-24 10:24:42 ----A---- C:\WINDOWS\system32\Log_20081124_102442_115C.txt
2008-11-24 10:24:40 ----A---- C:\WINDOWS\system32\Log_20081124_102440_8A4.txt
2008-11-24 10:24:39 ----A---- C:\WINDOWS\system32\Log_20081124_102439_CD4.txt
2008-11-24 10:24:38 ----A---- C:\WINDOWS\system32\Log_20081124_102438_1720.txt
2008-11-24 10:24:37 ----A---- C:\WINDOWS\system32\Log_20081124_102437_4C8.txt
2008-11-24 10:24:36 ----A---- C:\WINDOWS\system32\Log_20081124_102436_1504.txt
2008-11-24 10:24:35 ----A---- C:\WINDOWS\system32\Log_20081124_102435_7E8.txt
2008-11-24 10:24:34 ----A---- C:\WINDOWS\system32\Log_20081124_102434_1210.txt
2008-11-24 10:24:33 ----A---- C:\WINDOWS\system32\Log_20081124_102433_898.txt
2008-11-24 10:24:32 ----A---- C:\WINDOWS\system32\Log_20081124_102432_CA8.txt
2008-11-24 10:24:31 ----A---- C:\WINDOWS\system32\Log_20081124_102431_D58.txt
2008-11-24 10:24:30 ----A---- C:\WINDOWS\system32\Log_20081124_102430_278.txt
2008-11-24 10:24:28 ----A---- C:\WINDOWS\system32\Log_20081124_102428_BE4.txt
2008-11-24 10:24:27 ----A---- C:\WINDOWS\system32\Log_20081124_102427_B30.txt
2008-11-24 10:24:26 ----A---- C:\WINDOWS\system32\Log_20081124_102426_1260.txt
2008-11-24 10:24:25 ----A---- C:\WINDOWS\system32\Log_20081124_102425_1490.txt
2008-11-24 10:24:23 ----A---- C:\WINDOWS\system32\Log_20081124_102423_3B8.txt
2008-11-24 08:44:36 ----D---- C:\Program Files\DsNET Corp
2008-11-24 08:25:20 ----D---- C:\Program Files\YouTube Assistant
2008-11-23 08:35:17 ----A---- C:\WINDOWS\system32\Log_20081123_083517_11A0.txt
2008-11-23 08:35:16 ----A---- C:\WINDOWS\system32\Log_20081123_083516_AE4.txt
2008-11-23 08:35:15 ----A---- C:\WINDOWS\system32\Log_20081123_083515_1E8.txt
2008-11-23 08:35:14 ----A---- C:\WINDOWS\system32\Log_20081123_083514_8A4.txt
2008-11-23 08:35:13 ----A---- C:\WINDOWS\system32\Log_20081123_083513_B60.txt
2008-11-23 08:35:12 ----A---- C:\WINDOWS\system32\Log_20081123_083512_1314.txt
2008-11-23 08:35:11 ----A---- C:\WINDOWS\system32\Log_20081123_083511_BA4.txt
2008-11-23 08:35:10 ----A---- C:\WINDOWS\system32\Log_20081123_083510_76C.txt
2008-11-23 08:35:09 ----A---- C:\WINDOWS\system32\Log_20081123_083509_13E0.txt
2008-11-23 08:35:08 ----A---- C:\WINDOWS\system32\Log_20081123_083508_13BC.txt
2008-11-23 08:35:07 ----A---- C:\WINDOWS\system32\Log_20081123_083507_CC4.txt
2008-11-23 08:35:05 ----A---- C:\WINDOWS\system32\Log_20081123_083505_168C.txt
2008-11-23 08:35:04 ----A---- C:\WINDOWS\system32\Log_20081123_083504_4C0.txt
2008-11-23 08:35:03 ----A---- C:\WINDOWS\system32\Log_20081123_083503_220.txt
2008-11-23 08:35:02 ----A---- C:\WINDOWS\system32\Log_20081123_083502_380.txt
2008-11-23 08:35:01 ----A---- C:\WINDOWS\system32\Log_20081123_083501_8D0.txt
2008-11-23 08:35:00 ----A---- C:\WINDOWS\system32\Log_20081123_083500_F10.txt
2008-11-23 08:34:59 ----A---- C:\WINDOWS\system32\Log_20081123_083459_1260.txt
2008-11-22 11:38:23 ----D---- C:\Program Files\Creative Zone
2008-11-22 11:38:23 ----A---- C:\WINDOWS\SStylerProDemo.ini
2008-11-22 11:35:55 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-22 08:35:43 ----A---- C:\WINDOWS\system32\Log_20081122_083543_F90.txt
2008-11-22 08:35:42 ----A---- C:\WINDOWS\system32\Log_20081122_083542_1404.txt
2008-11-22 08:35:41 ----A---- C:\WINDOWS\system32\Log_20081122_083541_CA0.txt
2008-11-22 08:35:40 ----A---- C:\WINDOWS\system32\Log_20081122_083540_12CC.txt
2008-11-22 08:35:39 ----A---- C:\WINDOWS\system32\Log_20081122_083539_7F0.txt
2008-11-22 08:35:38 ----A---- C:\WINDOWS\system32\Log_20081122_083538_58C.txt
2008-11-22 08:35:37 ----A---- C:\WINDOWS\system32\Log_20081122_083537_898.txt
2008-11-22 08:35:36 ----A---- C:\WINDOWS\system32\Log_20081122_083536_15C8.txt
2008-11-22 08:35:35 ----A---- C:\WINDOWS\system32\Log_20081122_083535_1544.txt
2008-11-22 08:35:34 ----A---- C:\WINDOWS\system32\Log_20081122_083534_728.txt
2008-11-22 08:35:33 ----A---- C:\WINDOWS\system32\Log_20081122_083533_1778.txt
2008-11-22 08:35:32 ----A---- C:\WINDOWS\system32\Log_20081122_083532_CDC.txt
2008-11-22 08:35:31 ----A---- C:\WINDOWS\system32\Log_20081122_083531_C54.txt
2008-11-22 08:35:30 ----A---- C:\WINDOWS\system32\Log_20081122_083530_143C.txt
2008-11-22 08:35:29 ----A---- C:\WINDOWS\system32\Log_20081122_083529_13C8.txt
2008-11-22 08:35:27 ----A---- C:\WINDOWS\system32\Log_20081122_083527_1190.txt
2008-11-22 08:35:26 ----A---- C:\WINDOWS\system32\Log_20081122_083526_1668.txt
2008-11-22 08:35:25 ----A---- C:\WINDOWS\system32\Log_20081122_083525_1574.txt
2008-11-21 23:11:52 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-11-21 23:11:47 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-21 23:11:47 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-21 23:11:46 ----A---- C:\WINDOWS\system32\java.exe
2008-11-21 17:26:05 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-11-21 17:26:05 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-11-21 17:26:05 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-11-21 17:26:04 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-11-21 17:26:04 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-11-21 17:26:04 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-11-21 17:09:14 ----D---- C:\Program Files\Sacred 2 - Fallen Angel
2008-11-21 17:08:51 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-21 17:08:51 ----D---- C:\Program Files\AGEIA Technologies
2008-11-20 08:38:56 ----A---- C:\WINDOWS\system32\Log_20081120_083856_11F0.txt
2008-11-20 08:38:55 ----A---- C:\WINDOWS\system32\Log_20081120_083855_8A4.txt
2008-11-16 16:27:56 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #4.txt
2008-11-16 11:39:23 ----D---- C:\Program Files\CDisplay
2008-11-16 11:09:00 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-16 10:56:31 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-16 10:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-16 10:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 10:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-15 22:59:17 ----D---- C:\Program Files\iTAP6_User_Dictionary_Locker
2008-11-15 22:58:28 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-13 09:44:45 ----D---- C:\lynx_w32
2008-11-13 08:49:14 ----A---- C:\WINDOWS\system32\Log_20081113_084914_1FF8.txt
2008-11-13 08:49:13 ----A---- C:\WINDOWS\system32\Log_20081113_084913_1934.txt
2008-11-13 08:49:12 ----A---- C:\WINDOWS\system32\Log_20081113_084912_1A20.txt
2008-11-13 08:49:11 ----A---- C:\WINDOWS\system32\Log_20081113_084911_DFC.txt
2008-11-13 08:49:10 ----A---- C:\WINDOWS\system32\Log_20081113_084910_C2C.txt
2008-11-13 08:49:09 ----A---- C:\WINDOWS\system32\Log_20081113_084909_1BD8.txt
2008-11-13 08:49:08 ----A---- C:\WINDOWS\system32\Log_20081113_084908_1854.txt
2008-11-13 08:49:07 ----A---- C:\WINDOWS\system32\Log_20081113_084907_530.txt
2008-11-13 08:49:06 ----A---- C:\WINDOWS\system32\Log_20081113_084906_1880.txt
2008-11-13 08:49:05 ----A---- C:\WINDOWS\system32\Log_20081113_084905_16C0.txt
2008-11-13 08:49:05 ----A---- C:\WINDOWS\system32\Log_20081113_084905_10C.txt
2008-11-13 08:49:04 ----A---- C:\WINDOWS\system32\Log_20081113_084904_2E8.txt
2008-11-13 08:49:03 ----A---- C:\WINDOWS\system32\Log_20081113_084903_1E54.txt
2008-11-13 08:49:02 ----A---- C:\WINDOWS\system32\Log_20081113_084902_16D8.txt
2008-11-13 08:49:01 ----A---- C:\WINDOWS\system32\Log_20081113_084901_130C.txt
2008-11-13 08:49:00 ----A---- C:\WINDOWS\system32\Log_20081113_084900_1C5C.txt
2008-11-13 08:48:59 ----A---- C:\WINDOWS\system32\Log_20081113_084859_172C.txt
2008-11-13 08:48:57 ----A---- C:\WINDOWS\system32\Log_20081113_084857_1938.txt
2008-11-13 00:05:49 ----A---- C:\WINDOWS\system32\Log_20081113_000549_1174.txt
2008-11-13 00:05:47 ----A---- C:\WINDOWS\system32\Log_20081113_000547_18E8.txt
2008-11-13 00:05:46 ----A---- C:\WINDOWS\system32\Log_20081113_000546_1C1C.txt
2008-11-13 00:05:45 ----A---- C:\WINDOWS\system32\Log_20081113_000545_1374.txt
2008-11-13 00:05:44 ----A---- C:\WINDOWS\system32\Log_20081113_000544_1610.txt
2008-11-13 00:05:42 ----A---- C:\WINDOWS\system32\Log_20081113_000542_1E34.txt
2008-11-13 00:05:41 ----A---- C:\WINDOWS\system32\Log_20081113_000541_13B8.txt
2008-11-13 00:05:39 ----A---- C:\WINDOWS\system32\Log_20081113_000539_1518.txt
2008-11-12 23:39:27 ----A---- C:\WINDOWS\pspvc_path.ini
2008-11-12 23:39:20 ----D---- C:\Program Files\pspvc
2008-11-12 17:28:10 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-11-12 17:28:10 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-11-11 06:44:16 ----A---- C:\msvcrt.dll
2008-11-10 22:59:17 ----A---- C:\WINDOWS\system32\Log_20081110_225917_1480.txt
2008-11-10 22:59:16 ----A---- C:\WINDOWS\system32\Log_20081110_225916_4E8.txt
2008-11-10 22:59:15 ----A---- C:\WINDOWS\system32\Log_20081110_225915_1550.txt
2008-11-10 22:59:14 ----A---- C:\WINDOWS\system32\Log_20081110_225914_8B8.txt
2008-11-10 22:59:13 ----A---- C:\WINDOWS\system32\Log_20081110_225913_77C.txt
2008-11-10 22:59:12 ----A---- C:\WINDOWS\system32\Log_20081110_225912_BA4.txt
2008-11-10 22:59:11 ----A---- C:\WINDOWS\system32\Log_20081110_225911_1680.txt
2008-11-10 22:59:10 ----A---- C:\WINDOWS\system32\Log_20081110_225910_16B8.txt
2008-11-10 22:59:09 ----A---- C:\WINDOWS\system32\Log_20081110_225909_92C.txt
2008-11-10 22:59:08 ----A---- C:\WINDOWS\system32\Log_20081110_225908_EC8.txt
2008-11-10 22:59:07 ----A---- C:\WINDOWS\system32\Log_20081110_225907_8C4.txt
2008-11-10 22:59:06 ----A---- C:\WINDOWS\system32\Log_20081110_225906_85C.txt
2008-11-10 22:59:05 ----A---- C:\WINDOWS\system32\Log_20081110_225905_D38.txt
2008-11-10 22:59:03 ----A---- C:\WINDOWS\system32\Log_20081110_225903_D74.txt
2008-11-10 22:59:03 ----A---- C:\WINDOWS\system32\Log_20081110_225903_14D4.txt
2008-11-10 22:59:01 ----A---- C:\WINDOWS\system32\Log_20081110_225901_1420.txt
2008-11-10 22:59:00 ----A---- C:\WINDOWS\system32\Log_20081110_225900_E68.txt
2008-11-10 22:58:59 ----A---- C:\WINDOWS\system32\Log_20081110_225859_15B8.txt
2008-11-08 17:49:16 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #2.txt
2008-11-08 16:41:18 ----RA---- C:\WINDOWS\system32\vnetinst.dll
2008-11-08 16:41:15 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
2008-11-08 16:41:14 ----A---- C:\WINDOWS\system32\vmnat.exe
2008-11-08 16:41:11 ----RA---- C:\WINDOWS\system32\vmnetbridge.dll
2008-11-08 16:41:10 ----A---- C:\WINDOWS\system32\vnetlib.dll
2008-11-08 16:39:33 ----D---- C:\Program Files\VMware
2008-11-08 16:03:28 ----D---- C:\Program Files\Xbox Backup Creator
2008-11-08 16:03:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 10:42:54 ----D---- C:\Program Files\Giganews Accelerator
2008-11-08 09:21:58 ----D---- C:\Program Files\TextAloud
2008-11-08 09:10:07 ----D---- C:\Program Files\Cepstral

======List of files/folders modified in the last 1 months======

2008-12-07 11:24:57 ----D---- C:\WINDOWS\Prefetch
2008-12-07 11:24:56 ----RD---- C:\Program Files
2008-12-07 11:24:42 ----D---- C:\Documents and Settings\scott\Application Data\uTorrent
2008-12-07 11:19:40 ----D---- C:\Documents and Settings\scott\Application Data\.purple
2008-12-07 11:13:40 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 09:31:58 ----D---- C:\Documents and Settings\scott\Application Data\Hamachi
2008-12-06 22:23:18 ----D---- C:\Program Files\mIRC
2008-12-06 21:26:31 ----D---- C:\WINDOWS\Temp
2008-12-06 21:16:38 ----A---- C:\Log.txt
2008-12-06 15:44:54 ----SHD---- C:\WINDOWS\Installer
2008-12-06 15:44:51 ----D---- C:\WINDOWS\system32
2008-12-06 15:44:37 ----D---- C:\Program Files\Java
2008-12-06 15:39:14 ----D---- C:\Documents and Settings\scott\Application Data\TeraCopy
2008-12-06 14:34:16 ----D---- C:\Program Files\AviSynth 2.5
2008-12-06 10:40:36 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-12-06 10:29:39 ----D---- C:\Documents and Settings\scott\Application Data\Vso
2008-12-06 08:02:33 ----D---- C:\Documents and Settings\scott\Application Data\skypePM
2008-12-05 21:53:49 ----D---- C:\Documents and Settings\scott\Application Data\Vidalia
2008-12-02 19:27:02 ----D---- C:\Documents and Settings\scott\Application Data\AccurateRip
2008-12-02 11:56:33 ----D---- C:\Program Files\Exact Audio Copy
2008-12-02 11:25:15 ----D---- C:\Documents and Settings\scott\Application Data\OpenOffice.org2
2008-12-02 11:13:41 ----RSD---- C:\WINDOWS\assembly
2008-12-02 11:13:01 ----RSD---- C:\WINDOWS\Fonts
2008-12-02 09:26:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 09:26:27 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 09:26:23 ----HD---- C:\WINDOWS\inf
2008-12-02 09:25:23 ----D---- C:\WINDOWS\twain_32
2008-12-02 09:25:22 ----D---- C:\WINDOWS\Driver Cache
2008-12-02 09:25:22 ----D---- C:\WINDOWS
2008-12-02 09:25:21 ----D---- C:\WINDOWS\Help
2008-12-01 19:58:19 ----D---- C:\music
2008-12-01 19:07:55 ----D---- C:\Program Files\Hewlett-Packard
2008-12-01 14:08:52 ----D---- C:\Program Files\Bonjour
2008-12-01 14:08:37 ----D---- C:\Program Files\QuickTime Alternative
2008-12-01 14:08:16 ----SD---- C:\WINDOWS\Tasks
2008-12-01 14:08:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-01 14:07:42 ----D---- C:\Program Files\Common Files
2008-11-30 12:00:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 10:34:46 ----D---- C:\Temp
2008-11-30 10:27:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-30 10:27:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 11:49:07 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-11-29 11:48:46 ----A---- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-20011102}.BAK
2008-11-29 11:48:25 ----A---- C:\WINDOWS\system.ini
2008-11-29 11:45:35 ----D---- C:\WINDOWS\AppPatch
2008-11-29 11:45:04 ----RASH---- C:\boot.ini
2008-11-29 11:44:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-29 11:43:56 ----SHD---- C:\System Volume Information
2008-11-29 11:43:56 ----D---- C:\WINDOWS\system32\Restore
2008-11-29 11:10:30 ----A---- C:\WINDOWS\win.ini
2008-11-27 02:29:16 ----D---- C:\Documents and Settings\scott\Application Data\stickies
2008-11-24 12:38:29 ----D---- C:\WINDOWS\Logs
2008-11-24 12:35:38 ----D---- C:\WINDOWS\system32\DirectX
2008-11-23 08:44:36 ----D---- C:\Documents and Settings\scott\Application Data\Roxio
2008-11-21 17:25:27 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2008-11-21 17:25:27 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2008-11-16 17:07:53 ----D---- C:\Documents and Settings\scott\Application Data\gtk-2.0
2008-11-16 10:56:31 ----D---- C:\WINDOWS\system
2008-11-16 10:55:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 10:55:14 ----A---- C:\WINDOWS\imsins.BAK
2008-11-16 10:55:03 ----D---- C:\WINDOWS\WinSxS
2008-11-15 23:25:02 ----D---- C:\Program Files\FileZilla Server
2008-11-15 22:58:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-15 22:58:34 ----D---- C:\Documents and Settings\scott\Application Data\Adobe
2008-11-12 17:28:06 ----D---- C:\Program Files\Creative
2008-11-11 16:31:54 ----D---- C:\Program Files\World of Warcraft
2008-11-10 18:25:51 ----D---- C:\Program Files\Motorola
2008-11-08 18:50:23 ----D---- C:\Program Files\NewsLeecher
2008-11-08 18:49:47 ----D---- C:\Documents and Settings\scott\Application Data\VMware
2008-11-08 16:40:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-08 09:27:02 ----D---- C:\Program Files\WinRAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 B2Ether;Basilisk II Ethernet Driver; C:\WINDOWS\system32\DRIVERS\B2Ether.sys [1999-12-10 8686]
R2 cdenable;cdenable; C:\WINDOWS\System32\Drivers\cdenable.sys [1999-06-10 6112]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-09-18 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-20 3299840]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-09 25280]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
R3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
R3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
R3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-25 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-09-25 43552]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-09-18 16560]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R4 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 auauf9h1;auauf9h1; C:\WINDOWS\system32\drivers\auauf9h1.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2004-10-08 326656]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2007-11-02 6400]
S3 Motousbnet;Motorola USB Networking Driver Service; C:\WINDOWS\system32\DRIVERS\Motousbnet.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-20 573440]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Cepstral License Server;Cepstral License Server; C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [2008-06-24 57344]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2008-11-10 587776]
R2 InputDirector;Input Director Service; C:\Program Files\Input Director\IDWinService.exe [2008-09-09 32768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 MacDriveService;MacDriveService; C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R2 uvnc_service;uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2008-05-12 1386048]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-09-18 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-09-18 326192]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-09-18 399920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-08-25 191024]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-07 11:25:10

======Uninstall list======

-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64EC91CC-B140-49B8-A198-E44A2F3AE761}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64EC91CC-B140-49B8-A198-E44A2F3AE761}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1-Click YouTubeAssistant-->MsiExec.exe /I{AEC94A56-A82A-4A34-85B3-A1F1B8140546}
7-Zip 4.59 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 7.0 Professional Edition-->MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
aTube Catcher 1.0-->"C:\Program Files\DsNET Corp\aTube Catcher 1.0\unins000.exe"
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Carrier-->C:\Program Files\Carrier\carrier-uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Cepstral Callie 5.1.0-->MsiExec.exe /I{130D1E2B-5D9C-461D-BC25-AF8379444479}
Cepstral Millie 5.1.0-->MsiExec.exe /I{AE1B8D60-5E49-4566-9D1B-1CA5B0CAD099}
ClamWin Free Antivirus 0.94.1-->"C:\Program Files\ClamWin\unins000.exe"
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
ConvertLIT Graphical User Interface 2.0-->C:\Program Files\ConvertLIT GUI\uninst.exe
ConvertXtoDVD 3.0.0.9-->"C:\Program Files\ConvertXtoDVD\unins000.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Curse Client-->C:\Program Files\Curse\uninstall.exe
Driver Manager v1.02-->"C:\Program Files\Driver Manager\unins000.exe"
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVDFab Multi Setup-->C:\Program Files\DVDFab 5\Uninstall.exe
eMule Plus 1.2c-->"C:\Program Files\eMule\unins000.exe"
Exact Audio Copy 0.99pb4-->C:\Program Files\Exact Audio Copy\uninst.exe
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
FastMount-->"C:\Program Files\FastMount\unins000.exe"
File Splitter and Joiner version 2.9-->"C:\WINDOWS\unins000.exe"
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
Foxit Reader-->C:\Program Files\Foxit Reader\Uninstall.exe
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Giganews Accelerator-->MsiExec.exe /I{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}
GoldWave v5.25-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.25" "C:\Program Files\GoldWave\unstall.log"
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
GT2 0.35 uninstall-->"C:\Program Files\GT2\uninst-gt2.exe"
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HostCore Easy Installer 1.1-->C:\Program Files\HostCore Easy Installer 1.1\Uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)-->C:\WINDOWS\system32\KmRemove.exe
HTML Book Fixer-->"C:\Program Files\HTMLBookFixer\unins000.exe"
Input Director v1.2 -->"C:\Program Files\Input Director\uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTAP6 User Dictionary Locker-->msiexec /qb /x {B55D2012-5BB4-D3CE-6B51-EB6383ED11C1}
iTAP6_User_Dictionary_Locker-->MsiExec.exe /I{B55D2012-5BB4-D3CE-6B51-EB6383ED11C1}
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 4.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MacDrive 7-->MsiExec.exe /X{5BACA8C1-909F-4AA4-90EB-6CAE5241FA96}
Magic Workstation 0.94f-->"C:\Program Files\Magic Workstation\unins000.exe"
Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mirabilis ICQ Corp-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\ICQCorp\INSTALL.LOG "ICQ Corp Uninstall"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mobipocket Reader 6.2-->MsiExec.exe /I{342126E1-173C-4585-BFBE-3EBDD20E3E9E}
MotoKit 1.06-->C:\WINDOWS\iun6002.exe "C:\Program Files\MotoKit\irunin.ini"
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola PST-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything
Motorola Software Update-->MsiExec.exe /I{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MTG Full Card Scans (up to Eventide)-->"C:\MTGPics\unins000.exe"
MTG GamePack for Magic Workstation-->"C:\Program Files\Magic Workstation\unins001.exe"
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
NewsLeecher v3.95 Beta 3-->"C:\Program Files\NewsLeecher\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OneTouch Version 3.0-->C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
Privoxy 3.0.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Python 2.6-->MsiExec.exe /I{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime Alternative 2.7.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rotate Videos Beta 1-->"C:\Program Files\Rotate Videos\unins000.exe"
RSD CDMA General 5.1.8-->MsiExec.exe /I{A4342E37-6D5A-4A8A-8187-9760AB6DD0F2}
RSDLite-->MsiExec.exe /I{18A75C47-E8CB-4AD9-A07D-21ED3783F3C8}
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Salon Styler Pro Demo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Zone\Salon Styler Pro Demo\Uninst.isu"
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sins of a Solar Empire-->"C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire-->C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sothink SWF Decompiler-->"C:\Program Files\Sothink SWF Decompiler\unins000.exe"
Stickies 6.5a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.5a
Stronghold 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Tag&Rename 3.4.6-->"C:\Program Files\TagRename\unins000.exe"
TeraCopy 2.0 beta 3-->"C:\Program Files\TeraCopy\unins000.exe"
TextAloud-->"C:\Program Files\TextAloud\unins000.exe"
Tor 0.2.0.31-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
TransMac version 7.5-->"C:\Program Files\TransMac\unins000.exe"
Tunebite-->MsiExec.exe /I{E1842CA1-77D1-45B7-9FEB-ED19B9C10271}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UltraISO Premium V8.66-->"C:\Program Files\UltraISO\unins000.exe"
UltraVNC 1.0.4-->"C:\Program Files\UltraVNC\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Vidalia 0.1.9-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Wallpaper Master Pro v1.52a-->"C:\Program Files\Wallpaper Master\unins000.exe"
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinScraper Utility 1.0-->C:\Program Files\WinScraper\uninst.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xbox Backup Creator-->MsiExec.exe /X{1D187E68-A03C-4E34-BE30-75CE94710A0D}
XviD4PSP 5.0-->C:\Program Files\XviD4PSP5\Uninstall.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"GTK_BASEPATH"=C:\Program Files\Common Files\GTK\2.0
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%GTK_BASEPATH%\bin;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Cepstral\bin;C:\Program Files\QuickTime Alternative\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=4303
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
"And I laugh at myself, while the tears roll down -- 'cause it's The World I Know..."
Collective Soul - The World I Know

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:57 AM

Posted 16 December 2008 - 10:28 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Eilonwy05

Eilonwy05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 16 December 2008 - 01:01 PM

Still infected; following is the log from DDS, and attached is the zipped copy of Attach.txt -- any help would be appreciated.


DDS (Version 1.1.0) - NTFSx86
Run by scott at 9:54:22.43 on Tue 12/16/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2383 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Taskix\Taskix32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Input Director\InputDirector.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Input Director\IDWinService.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Carrier\carrier.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\SHOUTcast\sc_serv.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\CloneCD\CloneCDTray.exe
C:\Program Files\ICQCorp\ICQCorp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AA102584-3B97-47e7-B9BC-75D54C110A7D} - c:\program files\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - c:\progra~1\textal~1\TAForIE.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RcMan.exe
uRun: [Tunebite] c:\program files\tunebite\Tunebite.exe /tray
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Taskix] c:\program files\taskix\Taskix32.exe start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [CloneCDTray] "c:\program files\clonecd\CloneCDTray.exe" /s
StartupFolder: c:\docume~1\scott\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\scott\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\carrier.lnk - c:\program files\carrier\carrier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filezi~1.lnk - c:\program files\filezilla server\FileZilla Server Interface.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\icqcor~1.lnk - c:\program files\icqcorp\ICQCorp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\vidalia bundle\privoxy\privoxy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shoutc~1.lnk - c:\program files\shoutcast\sc_serv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
TCP: {719C8A69-3C41-497B-8544-9325A0D31BB7} = 192.168.1.1,68.94.156.1,68.94.157.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.sys [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R2 B2Ether;Basilisk II Ethernet Driver;c:\windows\system32\drivers\B2Ether.sys [2008-10-29 8686]
R2 cdenable;cdenable;c:\windows\system32\drivers\cdenable.sys [2008-10-29 6112]
R2 Cepstral License Server;Cepstral License Server;"c:\program files\cepstral\bin\CepstralLicSrv.exe" [2008-6-24 57344]
R2 InputDirector;Input Director Service;c:\program files\input director\IDWinService.exe [2008-9-9 32768]
R2 MacDriveService;MacDriveService;"c:\program files\mediafour\macdrive 7\MacDriveService.exe" [2007-5-1 143360]
R2 uvnc_service;uvnc_service;"c:\program files\ultravnc\WinVNC.exe" -service [2008-9-27 1386048]
R2 vmci;VMware vmci;\??\c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-11-1 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-11-1 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-11-1 23680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-11-1 42112]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys []

=============== Created Last 30 ================

2008-12-13 15:49 24 a--sh--- c:\windows\SCAE74849.tmp
2008-12-13 15:49 <DIR> --d----- c:\program files\CloneCD
2008-12-13 15:25 <DIR> --d----- c:\windows\pss
2008-12-12 18:15 <DIR> --d----- c:\docume~1\scott\applic~1\Vivox
2008-12-12 18:14 <DIR> --d----- c:\program files\SLim
2008-12-12 18:08 <DIR> --d----- c:\program files\SecondLifeFirstLookSLim
2008-12-09 16:28 260 a------- c:\windows\_delis32.ini
2008-12-07 21:09 713 a------- c:\windows\cdplayer.ini
2008-12-07 11:24 <DIR> --d----- c:\program files\trend micro
2008-12-06 22:36 <DIR> --d----- C:\MTGPics
2008-12-06 22:36 <DIR> --d----- c:\program files\Magic Workstation
2008-12-06 15:44 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-06 10:28 <DIR> --d----- c:\program files\DVDFab 5
2008-12-06 10:26 <DIR> --d----- c:\program files\GT2
2008-12-02 17:13 <DIR> --d----- c:\program files\HTMLBookFixer
2008-12-02 14:40 <DIR> --d----- c:\docume~1\scott\applic~1\Nvu
2008-12-02 09:37 <DIR> --d----- c:\docume~1\scott\applic~1\ABBYY
2008-12-02 09:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ABBYY
2008-12-02 09:35 <DIR> --d----- c:\program files\ABBYY FineReader 7.0 Professional Edition
2008-12-02 09:26 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-12-02 09:26 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-02 09:26 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-02 09:26 87,040 a------- c:\windows\system32\wiafbdrv.dll
2008-12-02 09:25 36,864 a------- c:\windows\system32\vizMicro.dll
2008-12-02 09:25 716,288 a------- c:\windows\system32\Ltwvc11n.dll
2008-12-02 09:25 391,168 a------- c:\windows\system32\Ltkrn11n.dll
2008-12-02 09:25 276,992 a------- c:\windows\system32\LFCMP11n.DLL
2008-12-02 09:25 262,144 a------- c:\windows\system32\LTDIS11n.dll
2008-12-02 09:25 127,488 a------- c:\windows\system32\Ltimg11n.dll
2008-12-02 09:25 118,272 a------- c:\windows\system32\Ltfil11n.dll
2008-12-02 09:25 36,864 a------- c:\windows\system32\Lfbmp11n.dll
2008-12-02 09:25 <DIR> --d----- c:\program files\Visioneer OneTouch
2008-12-01 19:09 208,896 a------- c:\windows\system32\HPP2800V.DLL
2008-12-01 19:09 36,864 a------- c:\windows\system32\hppadt40.dll
2008-12-01 19:09 32,768 a------- c:\windows\system32\hppamon0.dll
2008-12-01 19:09 484 a------- c:\windows\system32\HPP2800V.DAT
2008-12-01 14:40 <DIR> --d----- c:\docume~1\scott\applic~1\FMZilla
2008-12-01 14:39 <DIR> --d----- c:\program files\Free Music Zilla
2008-12-01 11:26 <DIR> --d----- C:\Python26
2008-12-01 11:16 <DIR> --d----- c:\docume~1\scott\applic~1\Mobipocket
2008-12-01 11:14 <DIR> --d----- c:\program files\Mobipocket Reader
2008-11-30 10:33 <DIR> --d----- c:\program files\ConvertLIT GUI
2008-11-30 10:27 57,436 a------- c:\windows\DASShp.dll
2008-11-30 10:27 <DIR> --d----- c:\program files\Microsoft Reader
2008-11-29 11:45 <DIR> a-dshr-- C:\cmdcons
2008-11-29 11:43 161,792 a------- c:\windows\SWREG.exe
2008-11-29 11:43 98,816 a------- c:\windows\sed.exe
2008-11-29 11:43 <DIR> --d----- C:\ComboFix
2008-11-28 16:18 <DIR> --d----- c:\program files\common files\SourceTec
2008-11-28 16:18 <DIR> --d----- c:\program files\Sothink SWF Decompiler
2008-11-25 23:05 <DIR> --d----- c:\windows\system32\CLSID
2008-11-24 08:44 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2008-11-24 08:44 <DIR> --d----- c:\program files\DsNET Corp
2008-11-24 08:25 <DIR> --d----- c:\program files\YouTube Assistant
2008-11-22 11:38 491 a------- c:\windows\SStylerProDemo.ini
2008-11-22 11:35 306,688 a------- c:\windows\IsUninst.exe
2008-11-21 23:11 <DIR> --d----- c:\program files\OpenOffice.org 2.4
2008-11-21 17:26 509,448 a------- c:\windows\system32\XAudio2_2.dll
2008-11-21 17:26 238,088 a------- c:\windows\system32\xactengine3_2.dll
2008-11-21 17:26 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2008-11-21 17:26 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2008-11-21 17:26 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2008-11-21 17:26 467,984 a------- c:\windows\system32\d3dx10_39.dll
2008-11-21 17:09 <DIR> --d----- c:\program files\Sacred 2 - Fallen Angel
2008-11-21 17:08 <DIR> --d----- c:\windows\system32\AGEIA
2008-11-16 11:39 <DIR> --d----- c:\program files\CDisplay
2008-11-16 10:56 118 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2008-11-21 17:25 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-11-21 17:25 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-11-05 21:58 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2008-11-03 20:42 720,896 a------- c:\windows\iun6002.exe
2008-11-01 15:27 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Motousbnet_01005.Wdf
2008-11-01 15:23 25,600 a------- c:\documents and settings\scott\usbsermptxp.sys
2008-11-01 15:23 22,768 a------- c:\documents and settings\scott\usbsermpt.sys
2008-11-01 13:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-11-01 13:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-11-01 13:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-11-01 13:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-11-01 13:53 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-28 14:46 2,852 a------- c:\windows\unins000.dat
2008-10-28 14:46 694,026 a------- c:\windows\unins000.exe
2008-10-25 18:22 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-10-25 18:22 47,360 a------- c:\docume~1\scott\applic~1\pcouffin.sys
2008-10-24 03:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 17:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-03 02:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-26 00:02 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-24 12:51 15,600 a------- c:\windows\gdrv.sys
2008-09-24 12:40 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-09-18 23:11 723,504 a------- c:\windows\system32\vnetlib.dll
2008-09-18 23:11 326,192 a------- c:\windows\system32\vmnetdhcp.exe
2008-09-18 23:11 399,920 a------- c:\windows\system32\vmnat.exe
2008-09-18 18:25 248,368 a------- c:\windows\system32\vmnc.dll
2008-09-18 16:49 55,856 a----r-- c:\windows\system32\vnetinst.dll
2008-09-18 16:49 50,736 a----r-- c:\windows\system32\vmnetbridge.dll
2008-03-09 05:25 236 a---h--- c:\program files\common files\dx.reg
2007-02-12 18:10 2,682,880 -------- c:\documents and settings\all users\VCREDI~3.EXE
2002-09-24 08:24 61,440 a------- c:\windows\inf\i386\onetUSD.dll
2002-08-19 07:46 36,864 a------- c:\windows\inf\i386\Vizmicro.dll
2002-05-16 09:21 286,720 a------- c:\windows\inf\i386\rtscan.dll
2002-05-16 09:20 172,032 a------- c:\windows\inf\i386\viceo.dll
2001-08-03 18:29 13,824 a------- c:\windows\inf\i386\Usbscan.sys

============= FINISH: 9:54:26.68 ===============

Attached Files


"And I laugh at myself, while the tears roll down -- 'cause it's The World I Know..."
Collective Soul - The World I Know

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:08:57 AM

Posted 16 December 2008 - 02:15 PM

hi there,

Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange.

Please also take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Step #1

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Java™ 6 Update 4, Java™ 6 Update 7

Step #2

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Step #3

Please post what you have in this folder: C:\ComboFix and the latest log therein. Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 Eilonwy05

Eilonwy05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 16 December 2008 - 03:20 PM

Steps #1 and #2 have been taken; as for Step #3, there are no files in C:\ComboFix, however in C:\Qoobox I have the following:

C:\Qoobox\Add-Remove Programs.txt
C:\Qoobox\BackEnv
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix2.txt
C:\Qoobox\ComboFix3.txt
C:\Qoobox\Quarantine
C:\Qoobox\snapshot@2008-12-16_11.50.24.79.dat
C:\Qoobox\snapshot@2008-12-16_11.50.24.79_B.dat
C:\Qoobox\Quarantine\C
C:\Qoobox\Quarantine\catchme.log
C:\Qoobox\Quarantine\Registry_backups
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

-----------------

The most recent logfile, from today when I ran ComboFix again:

ComboFix2.txt
ComboFix 08-12-15.08 - scott 2008-12-16 11:46:29.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2367 [GMT -8:00]
Running from: F:\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2008-11-16 to 2008-12-16  )))))))))))))))))))))))))))))))
.

2708-10-22 11:02 . 2008-12-16 11:43	<DIR>	d--------	c:\documents and settings\scott\Application Data\Skype
2423-05-20 09:12 . 1664-10-10 04:16	<DIR>	d--------	c:\program files\SHOUTcast
2423-05-20 09:12 . 2008-10-15 07:34	<DIR>	d--------	c:\program files\ICQCorp
2008-12-16 11:26 . 2008-12-16 11:26	73,728	--a------	c:\windows\system32\javacpl.cpl
2008-12-15 22:04 . 2008-12-15 22:04	<DIR>	d--------	c:\documents and settings\SCOTT~1.JIM\LOCALS~1
2008-12-15 22:04 . 2008-12-15 22:04	<DIR>	d--------	c:\documents and settings\SCOTT~1.JIM
2008-12-13 15:49 . 2008-12-13 15:49	<DIR>	d--------	c:\program files\CloneCD
2008-12-13 15:49 . 2008-12-13 15:50	24	--ahs----	c:\windows\SCAE74849.tmp
2008-12-12 18:15 . 2008-12-12 18:15	<DIR>	d--------	c:\documents and settings\scott\Application Data\Vivox
2008-12-12 18:14 . 2008-12-12 18:14	<DIR>	d--------	c:\program files\SLim
2008-12-12 18:08 . 2008-12-12 18:08	<DIR>	d--------	c:\program files\SecondLifeFirstLookSLim
2008-12-09 16:28 . 2008-12-09 16:28	260	--a------	c:\windows\_delis32.ini
2008-12-07 21:09 . 2008-12-11 11:09	713	--a------	c:\windows\cdplayer.ini
2008-12-07 11:24 . 2008-12-07 11:25	<DIR>	d--------	C:\rsit
2008-12-07 11:24 . 2008-12-07 11:25	<DIR>	d--------	c:\program files\trend micro
2008-12-06 22:36 . 2008-12-06 22:36	<DIR>	d--------	c:\program files\Magic Workstation
2008-12-06 22:36 . 2008-12-06 22:37	<DIR>	d--------	C:\MTGPics
2008-12-06 15:44 . 2008-12-16 11:26	410,984	--a------	c:\windows\system32\deploytk.dll
2008-12-06 10:28 . 2008-12-06 10:48	<DIR>	d--------	c:\program files\DVDFab 5
2008-12-06 10:26 . 2008-12-06 10:26	<DIR>	d--------	c:\program files\GT2
2008-12-02 17:13 . 2008-12-02 17:16	<DIR>	d--------	c:\program files\HTMLBookFixer
2008-12-02 14:40 . 2008-12-02 14:40	<DIR>	d--------	c:\documents and settings\scott\Application Data\Nvu
2008-12-02 09:37 . 2008-12-02 09:37	<DIR>	d--------	c:\documents and settings\scott\Application Data\ABBYY
2008-12-02 09:36 . 2008-12-02 09:36	<DIR>	d--------	c:\documents and settings\All Users\Application Data\ABBYY
2008-12-02 09:35 . 2008-12-02 09:37	<DIR>	d--------	c:\program files\ABBYY FineReader 7.0 Professional Edition
2008-12-02 09:26 . 2001-08-17 22:36	87,040	--a------	c:\windows\system32\wiafbdrv.dll
2008-12-02 09:26 . 2001-08-17 22:36	87,040	--a--c---	c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-02 09:26 . 2008-04-14 00:15	15,104	--a------	c:\windows\system32\drivers\usbscan.sys
2008-12-02 09:26 . 2008-04-14 00:15	15,104	--a--c---	c:\windows\system32\dllcache\usbscan.sys
2008-12-02 09:25 . 2008-12-02 21:03	<DIR>	d--------	c:\program files\Visioneer OneTouch
2008-12-02 09:25 . 2000-05-23 11:36	716,288	--a------	c:\windows\system32\Ltwvc11n.dll
2008-12-02 09:25 . 2000-05-23 11:36	391,168	--a------	c:\windows\system32\Ltkrn11n.dll
2008-12-02 09:25 . 1999-11-23 18:01	276,992	--a------	c:\windows\system32\LFCMP11n.DLL
2008-12-02 09:25 . 2000-05-23 11:36	262,144	--a------	c:\windows\system32\LTDIS11n.dll
2008-12-02 09:25 . 2000-05-23 11:36	127,488	--a------	c:\windows\system32\Ltimg11n.dll
2008-12-02 09:25 . 2000-05-23 11:36	118,272	--a------	c:\windows\system32\Ltfil11n.dll
2008-12-02 09:25 . 2002-08-19 07:46	36,864	--a------	c:\windows\system32\vizMicro.dll
2008-12-02 09:25 . 2000-05-23 11:36	36,864	--a------	c:\windows\system32\Lfbmp11n.dll
2008-12-01 19:09 . 2005-01-21 13:41	208,896	--a------	c:\windows\system32\HPP2800V.DLL
2008-12-01 19:09 . 2004-12-24 11:12	36,864	--a------	c:\windows\system32\hppadt40.dll
2008-12-01 19:09 . 2004-12-24 11:12	32,768	--a------	c:\windows\system32\hppamon0.dll
2008-12-01 19:09 . 2005-01-20 14:18	484	--a------	c:\windows\system32\HPP2800V.DAT
2008-12-01 14:40 . 2008-12-01 14:40	<DIR>	d--------	c:\documents and settings\scott\Application Data\FMZilla
2008-12-01 14:39 . 2008-12-06 21:16	<DIR>	d--------	c:\program files\Free Music Zilla
2008-12-01 11:26 . 2008-12-01 11:26	<DIR>	d--------	C:\Python26
2008-12-01 11:16 . 2008-12-01 15:05	<DIR>	d--------	c:\documents and settings\scott\Application Data\Mobipocket
2008-12-01 11:14 . 2008-12-01 11:14	<DIR>	d--------	c:\program files\Mobipocket Reader
2008-11-30 10:33 . 2008-11-30 13:00	<DIR>	d--------	c:\program files\ConvertLIT GUI
2008-11-30 10:27 . 2008-11-30 10:27	<DIR>	d--------	c:\program files\Microsoft Reader
2008-11-30 10:27 . 2003-06-05 17:15	57,436	--a------	c:\windows\DASShp.dll
2008-11-28 16:18 . 2008-11-28 16:18	<DIR>	d--------	c:\program files\Sothink SWF Decompiler
2008-11-28 16:18 . 2008-11-28 16:18	<DIR>	d--------	c:\program files\Common Files\SourceTec
2008-11-25 23:05 . 2008-11-25 23:05	<DIR>	d--------	c:\windows\system32\CLSID
2008-11-24 08:44 . 2008-11-24 08:44	<DIR>	d--------	c:\program files\DsNET Corp
2008-11-24 08:44 . 2004-03-08 23:00	124,688	--a------	c:\windows\system32\MSWINSCK.OCX
2008-11-24 08:25 . 2008-12-09 16:23	<DIR>	d--------	c:\program files\YouTube Assistant
2008-11-22 11:38 . 2008-11-22 11:38	491	--a------	c:\windows\SStylerProDemo.ini
2008-11-22 11:35 . 1998-10-29 17:45	306,688	--a------	c:\windows\IsUninst.exe
2008-11-21 23:11 . 2008-12-02 11:13	<DIR>	d--------	c:\program files\OpenOffice.org 2.4
2008-11-21 17:26 . 2008-07-12 08:18	3,851,784	--a------	c:\windows\system32\D3DX9_39.dll
2008-11-21 17:26 . 2008-07-12 08:18	1,493,528	--a------	c:\windows\system32\D3DCompiler_39.dll
2008-11-21 17:26 . 2008-07-31 10:40	509,448	--a------	c:\windows\system32\XAudio2_2.dll
2008-11-21 17:26 . 2008-07-12 08:18	467,984	--a------	c:\windows\system32\d3dx10_39.dll
2008-11-21 17:26 . 2008-07-31 10:41	238,088	--a------	c:\windows\system32\xactengine3_2.dll
2008-11-21 17:26 . 2008-07-31 10:41	68,616	--a------	c:\windows\system32\XAPOFX1_1.dll
2008-11-21 17:09 . 2008-11-28 16:51	<DIR>	d--------	c:\program files\Sacred 2 - Fallen Angel
2008-11-21 17:08 . 2008-11-21 17:08	<DIR>	d--------	c:\windows\system32\AGEIA
2008-11-21 17:08 . 2008-11-21 17:08	<DIR>	d--------	c:\program files\AGEIA Technologies
2008-11-16 11:39 . 2008-11-16 11:39	<DIR>	d--------	c:\program files\CDisplay
2008-11-16 10:56 . 2008-11-16 10:56	118	--a------	c:\windows\system32\MRT.INI

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 19:49	---------	d-----w	c:\documents and settings\scott\Application Data\Hamachi
2008-12-16 19:49	---------	d-----w	c:\documents and settings\scott\Application Data\.purple
2008-12-16 19:46	---------	d-----w	c:\documents and settings\scott\Application Data\uTorrent
2008-12-16 19:45	---------	d-----w	c:\documents and settings\scott\Application Data\TeraCopy
2008-12-16 19:26	---------	d-----w	c:\program files\Java
2008-12-15 19:17	---------	d-----w	c:\documents and settings\scott\Application Data\Vidalia
2008-12-15 00:07	---------	d-----w	c:\documents and settings\scott\Application Data\skypePM
2008-12-14 01:32	---------	d-----w	c:\program files\mIRC
2008-12-13 23:28	---------	d-----w	c:\documents and settings\scott\Application Data\OpenOffice.org2
2008-12-13 23:16	---------	d-----w	c:\documents and settings\scott\Application Data\stickies
2008-12-13 23:16	---------	d-----w	c:\documents and settings\LocalService\Application Data\VMware
2008-12-13 23:16	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware
2008-12-13 23:15	---------	d-----w	c:\program files\Logitech
2008-12-10 00:36	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2008-12-10 00:35	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-12-10 00:32	---------	d-----w	c:\program files\Sins of a Solar Empire
2008-12-10 00:29	---------	d-----w	c:\program files\Common Files\Logitech
2008-12-10 00:26	---------	d-----w	c:\program files\Motorola Phone Tools
2008-12-10 00:26	---------	d-----w	c:\program files\Curse
2008-12-10 00:26	---------	d-----w	c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-08 05:11	---------	d-----w	c:\program files\Rhapsody
2008-12-08 02:57	---------	d-----w	c:\documents and settings\scott\Application Data\gtk-2.0
2008-12-06 22:34	---------	d-----w	c:\program files\pspvc
2008-12-06 22:34	---------	d-----w	c:\program files\AviSynth 2.5
2008-12-06 18:40	---------	d-----w	c:\documents and settings\All Users\Application Data\vsosdk
2008-12-06 18:29	---------	d-----w	c:\documents and settings\scott\Application Data\Vso
2008-12-06 06:14	---------	d-----w	c:\program files\TextAloud
2008-12-03 03:27	---------	d-----w	c:\documents and settings\scott\Application Data\AccurateRip
2008-12-02 19:56	---------	d-----w	c:\program files\Exact Audio Copy
2008-12-02 03:07	---------	d-----w	c:\program files\Hewlett-Packard
2008-12-01 22:08	---------	d-----w	c:\program files\QuickTime Alternative
2008-12-01 22:08	---------	d-----w	c:\program files\Bonjour
2008-11-23 16:44	---------	d-----w	c:\documents and settings\scott\Application Data\Roxio
2008-11-22 01:25	413,696	----a-w	c:\windows\system32\wrap_oal.dll
2008-11-22 01:25	110,592	----a-w	c:\windows\system32\OpenAL32.dll
2008-11-16 07:25	---------	d-----w	c:\program files\FileZilla Server
2008-11-16 06:59	---------	d-----w	c:\program files\iTAP6_User_Dictionary_Locker
2008-11-16 06:58	---------	d-----w	c:\program files\Common Files\Adobe AIR
2008-11-13 01:28	---------	d-----w	c:\program files\Creative
2008-11-12 00:31	---------	d-----w	c:\program files\World of Warcraft
2008-11-11 02:25	---------	d-----w	c:\program files\Motorola
2008-11-09 02:50	---------	d-----w	c:\program files\NewsLeecher
2008-11-09 02:49	---------	d-----w	c:\documents and settings\scott\Application Data\VMware
2008-11-09 00:39	---------	d-----w	c:\program files\VMware
2008-11-08 18:42	---------	d-----w	c:\program files\Giganews Accelerator
2008-11-08 18:19	---------	d-----w	c:\program files\Cepstral
2008-11-07 17:42	---------	d-----w	c:\program files\QuickPar
2008-11-06 21:06	---------	d-----w	c:\program files\TransMac
2008-11-06 06:39	---------	d-----w	c:\program files\AMD
2008-11-06 05:58	361,600	----a-w	c:\windows\system32\drivers\tcpip.sys
2008-11-05 03:22	---------	d-----w	c:\program files\Fallout 3
2008-11-04 05:00	---------	d-----w	c:\program files\MotoKit
2008-11-04 04:42	720,896	----a-w	c:\windows\iun6002.exe
2008-11-04 03:12	---------	d-----w	c:\program files\WIBUKEY
2008-11-04 03:12	---------	d-----w	c:\program files\WIBU-SYSTEMS
2008-11-03 01:35	---------	d-----w	c:\program files\Driver Manager
2008-11-03 00:04	---------	d-----w	c:\program files\MSXML 4.0
2008-11-02 05:10	---------	d-----w	c:\program files\Common Files\Motorola Shared
2008-11-01 23:27	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_Motousbnet_01005.Wdf
2008-11-01 23:23	25,600	----a-w	c:\documents and settings\scott\usbsermptxp.sys
2008-11-01 23:23	22,768	----a-w	c:\documents and settings\scott\usbsermpt.sys
2008-11-01 23:10	---------	d-----w	c:\program files\BitPim
2008-11-01 21:58	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-11-01 21:53	0	---ha-w	c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-01 21:53	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-11-01 21:53	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-11-01 21:53	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-11-01 09:27	---------	d-----w	c:\program files\Mozilla Thunderbird
2008-10-30 07:01	---------	d-----w	c:\program files\Mediafour
2008-10-30 07:01	---------	d-----w	c:\program files\Common Files\Mediafour
2008-10-30 06:28	---------	d-----w	c:\documents and settings\scott\Application Data\iSerial Reader
2008-10-30 04:58	---------	d-----w	c:\program files\Carrier
2008-10-29 03:35	---------	d-----w	c:\documents and settings\All Users\Application Data\Fallout3
2008-10-28 22:46	694,026	----a-w	c:\windows\unins000.exe
2008-10-28 18:58	---------	d-----w	c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-27 01:44	---------	d-----w	c:\program files\Medieval CUE Splitter
2008-10-26 03:38	---------	d-----w	c:\program files\ConvertXtoDVD
2008-10-26 02:22	47,360	----a-w	c:\windows\system32\drivers\pcouffin.sys
2008-10-26 02:22	47,360	----a-w	c:\documents and settings\scott\Application Data\pcouffin.sys
2008-10-26 02:22	---------	d-----w	c:\program files\VSO
2008-10-25 22:43	---------	d-----w	c:\program files\Microsoft Silverlight
2008-10-25 20:04	---------	d-----w	c:\program files\Stickies
2008-10-25 19:13	---------	d-----w	c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:32	---------	d-----w	c:\program files\WinScraper
2008-10-23 12:36	286,720	----a-w	c:\windows\system32\gdi32.dll
2008-10-23 07:39	---------	d-----w	c:\documents and settings\scott\Application Data\FLV Extract
2008-10-23 07:34	---------	d-----w	c:\program files\XviD4PSP5
2008-10-23 07:32	---------	d-----w	c:\program files\MSBuild
2008-10-23 07:30	---------	d-----w	c:\program files\Reference Assemblies
2008-10-22 19:41	---------	d-----w	c:\program files\SecondLife
2008-10-22 14:23	---------	d-----w	c:\program files\Wallpaper Master
2008-10-22 05:54	---------	d-----w	c:\program files\Megaupload
2008-10-22 01:54	---------	d-----w	c:\program files\GoldWave
2008-10-22 00:39	---------	d-----w	c:\program files\NCH Software
2008-10-22 00:37	---------	d-----w	c:\program files\NCH Swift Sound
2008-10-21 21:54	---------	d-----w	c:\program files\TagRename
2008-10-21 21:21	---------	d-----w	c:\program files\Unlocker
2008-10-21 20:03	---------	d-----w	c:\program files\Input Director
2008-10-21 19:08	---------	d-----w	c:\program files\7-Zip
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
2008-09-26 15:57	144688	--a------	c:\program files\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-15 270128]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-09-02 4013511]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-08-17 143360]
"Tunebite"="c:\program files\Tunebite\Tunebite.exe" [2008-09-26 4736304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"Taskix"="c:\program files\Taskix\Taskix32.exe" [2008-04-02 61440]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-11-04 86016]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-09-24 86016]
"CloneCDTray"="c:\program files\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"CTHelper"="CTHELPER.EXE" [2007-04-09 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]

c:\documents and settings\scott\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-10-09 625952]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-01-16 757760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Carrier.lnk - c:\program files\Carrier\carrier.exe [2008-09-17 25123]
FileZilla Server Interface.lnk - c:\program files\FileZilla Server\FileZilla Server Interface.exe [2008-11-10 942080]
Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 757760]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-10-09 625952]
ICQ Corp.lnk - c:\program files\ICQCorp\ICQCorp.exe [2008-04-15 973312]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
SHOUTcast DNAS (GUI).lnk - c:\program files\SHOUTcast\sc_serv.exe [2004-12-27 167936]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-01-16 757760]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Input Director\\InputDirector.exe"=
"c:\\Program Files\\Input Director\\InputDirectorSessionHelper.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.sys [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R2 B2Ether;Basilisk II Ethernet Driver;c:\windows\system32\DRIVERS\B2Ether.sys [2008-10-29 8686]
R2 cdenable;cdenable;c:\windows\system32\Drivers\cdenable.sys [2008-10-29 6112]
R2 Cepstral License Server;Cepstral License Server;"c:\program files\Cepstral\bin\CepstralLicSrv.exe" [2008-06-24 57344]
R2 InputDirector;Input Director Service;c:\program files\Input Director\IDWinService.exe [2008-09-09 32768]
R2 MacDriveService;MacDriveService;"c:\program files\Mediafour\MacDrive 7\MacDriveService.exe" [2007-05-01 143360]
R2 uvnc_service;uvnc_service;"c:\program files\UltraVNC\WinVNC.exe" -service [2008-09-27 1386048]
R2 vmci;VMware vmci;\??\c:\windows\system32\Drivers\vmci.sys [2008-09-18 54960]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-11-01 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-11-01 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-11-01 23680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-11-01 42112]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - ELBYCDIO
*Newly Created Service* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {719C8A69-3C41-497B-8544-9325A0D31BB7} = 192.168.1.1,68.94.156.1,68.94.157.1
FF - ProfilePath - c:\documents and settings\scott\Application Data\Mozilla\Firefox\Profiles\n7zcyazl.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]http://www.gmer.net[/url]
Rootkit scan 2008-12-16 11:49:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTHelper = CTHELPER.EXE? 
  CTxfiHlp = CTXFIHLP.EXE? 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-16 11:51:44
ComboFix-quarantined-files.txt  2008-12-16 19:50:37
ComboFix2.txt  2008-11-29 19:53:24

Pre-Run: 102,759,694,336 bytes free
Post-Run: 102,851,682,304 bytes free

315	--- E O F ---	2008-12-13 09:13:02

However I would like to note a segment of the previous ComboFix log which, prior to today's run, was identical in all previous logs:

Excerpt from ComboFix3.txt
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\scott\Application Data\google\runhh6110411.exe
c:\documents and settings\scott\Application Data\inst.exe

I suspect this information may be valuable in determining what this malware is, and although I realize it was not specifically requested I felt it relevant enough to include.

Thank you for your efforts in assisting me with this removal process.

Edited by Yourhighness, 16 December 2008 - 04:00 PM.
changed codebox to code tag

"And I laugh at myself, while the tears roll down -- 'cause it's The World I Know..."
Collective Soul - The World I Know

#6 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:08:57 AM

Posted 16 December 2008 - 03:59 PM

Hi there,

thanks for the logs. Could you please post the following, before we continue: C:\Qoobox\ComboFix-quarantined-files.txt

Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#7 Eilonwy05

Eilonwy05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 16 December 2008 - 04:03 PM

As requested:

ComboFix-quarantined-files.txt
[codebox]2008-12-16 11:42:33 A------- 290 C:\Qoobox\Quarantine\catchme.log
2008-12-16 11:48:23 A------- 11,326 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-12-16 11:50:24 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-12-16 11:50:24 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-12-16 11:50:24 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
[/codebox]
"And I laugh at myself, while the tears roll down -- 'cause it's The World I Know..."
Collective Soul - The World I Know

#8 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:08:57 AM

Posted 17 December 2008 - 02:29 PM

Hi Eilonwy05,

please do not use the codebox with these large logs. They can sometimes muck with the board software.

Step #1

Please download Malwarebytes' Anti-Malware from Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step #2

Please do a scan with Kaspersky Online Scanner (You need to use InternetExplorer or enable IEView in Firefox)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#9 Eilonwy05

Eilonwy05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 18 December 2008 - 05:06 PM

It appears that between my initial post Dec. 7, and my post Dec. 17 reiterating that I was infected, I had not noticed that, in fact, the infection had been removed by my first run of ComboFix -- I had mistaken normal Windows behavior for infection, and had not verified that information with any outside sources.

Thank you for your efforts in assisting me, anyway!
"And I laugh at myself, while the tears roll down -- 'cause it's The World I Know..."
Collective Soul - The World I Know

#10 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:08:57 AM

Posted 20 December 2008 - 02:36 AM

Hi Eilonwy05,

to be on the safe side, I would prefer if you just did the last step, to make sure nothing remained undetected on your machine...The infection you had was one nasty fella, so I would feel better to have my post #8 anyway.

Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#11 Eilonwy05

Eilonwy05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 20 December 2008 - 03:17 PM

Let me put it this way: your Malware-Bytes tool found absolutely nothing. I then began the process of attempting to install and run Kaspersky Online Scanner.

An hour and a quarter later, it had nearly finished downloading the 40 megabytes of itself -- if I had been able to manually download the entire package, I might have spent a full 3 minutes if there were heavy internet usage on my line already; as it was, there was no other traffic for the duration of the process. Yes, I understand that my personal internet connection is not the only factor in determining overall download speed from any given web server; but even accounting for a potentially "overwhelmed" Kaspersky server, slower processing from forcing everything through a Java interface, and general internet latency, I don't see any excuse for dial-up modem speeds from the download process. So far, not so good. Finally got the components installed, updated, and running a scan on my local system.

TWENTY FULL HOURS later, I was presented with a list of 17 "infections" -- consisting of a full eight independently-verified false-positives, and no less than NINE instances of "infected" files specifically labeled as "Not A Virus", all of them publicly available, legitimate shareware, freeware, and open-source applications and utilities which I myself knowingly installed in their default locations.

Any respect I might have had for your ability to diagnose a problem with my system was fully shattered at that point; if you are happy to put your faith and fate -- and that of your visitors -- in the hands of Kaspersky, so be it. I won't sink to that level. Not only that, but seeing that you failed to catch the fact that from my Dec. 16 post forward, I had no infection present on my system -- we were chasing wild geese, one might say -- I have serious doubts in my chances of getting actual help here.

Again, I appreciate you efforts and willingness to assist. However, I simply no longer have any need for such, and with that I bid you good day.

Perhaps someone with the correct permissions to do so through the board's software might close this topic now?
"And I laugh at myself, while the tears roll down -- 'cause it's The World I Know..."
Collective Soul - The World I Know

#12 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:08:57 AM

Posted 21 December 2008 - 12:35 PM

if that is your wish, I will close your topic. Just some final things though:

Please navigate to: Start >> Run... and type Combofix /u and hit Enter. Thanks.

Please also have a look at the following links, giving some advice and suggestions for preventing future infections:I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atl east one of them (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users