Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Antivirus" trojan


  • This topic is locked This topic is locked
9 replies to this topic

#1 elmongo2

elmongo2

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:27 AM

Posted 09 December 2008 - 07:44 PM

Computer with XP. The trojan won't let me use Kaspersky. I only have the "Hijack This" log to post for now....

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-09 18:41:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 22 GB (59%) free of 38 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:52 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cosmi\HelpExpress\HXDL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
F:\RSIT.exe
C:\Documents and Settings\Administrator\Application Data\U3\0000185E25710BD3\LaunchPad.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Cosmi\HelpExpress\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" -run
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [03730559307927513161849192825240] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm173YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7320 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
&Research - C:\WINDOWS\system32\winsrc.dll [2008-12-09 364032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-26 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-03-11 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-01-31 98304]
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [2002-05-28 69632]
"PROMon.exe"= []
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2002-08-07 485376]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-06-01 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-22 77824]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL []
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HXDL.EXE"=C:\Program Files\Cosmi\HelpExpress\HXDL.EXE [2002-01-29 50872]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-26 39408]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-08-04 1667584]
"03730559307927513161849192825240"=C:\Program Files\Antivirus 2009\av2009.exe [2008-12-09 1105408]
"ieupdate"=C:\WINDOWS\system32\explorer32.exe [2008-12-09 117760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a46329c-9fc8-11dd-b17c-0007e91b98f0}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9f6654-abad-11dd-b196-0007e91b98f0}]
shell\AutoRun\command - E:\podcastready.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-09 18:41:40 ----D---- C:\Program Files\trend micro
2008-12-09 18:41:37 ----D---- C:\rsit
2008-12-09 18:12:33 ----A---- C:\WINDOWS\system32\winsrc.dll
2008-12-09 18:11:07 ----A---- C:\WINDOWS\system32\explorer32.exe
2008-12-09 18:10:50 ----A---- C:\WINDOWS\system32\ieupdates.exe
2008-12-09 18:10:29 ----D---- C:\Program Files\Antivirus 2009
2008-12-09 18:08:52 ----D---- C:\Program Files\MyWebSearch
2008-12-09 18:08:36 ----D---- C:\Program Files\FunWebProducts
2008-12-05 16:04:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Help
2008-12-03 20:08:18 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-23 20:07:34 ----D---- C:\Program Files\TryMedia
2008-11-23 20:06:45 ----D---- C:\Program Files\WildTangent
2008-11-23 20:06:44 ----D---- C:\WINDOWS\wt
2008-11-23 11:54:11 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-11-23 11:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\AWEM
2008-11-23 09:59:12 ----D---- C:\Documents and Settings\Administrator\Application Data\iWin
2008-11-22 15:24:15 ----D---- C:\Program Files\Legacy Interactive
2008-11-22 13:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-11-22 13:46:44 ----D---- C:\Documents and Settings\Administrator\Application Data\AlwaysNeat
2008-11-22 11:20:46 ----A---- C:\WINDOWS\unvise32qt.exe
2008-11-22 11:20:01 ----D---- C:\WINDOWS\system32\QuickTime
2008-11-22 11:19:59 ----D---- C:\Program Files\QuickTime
2008-11-22 11:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-11-22 10:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-11-19 19:43:54 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-11-19 19:43:54 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-11-19 19:43:53 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-11-19 19:43:53 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-11-19 19:43:52 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-11-19 19:43:52 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-11-19 19:43:50 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-19 19:43:48 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-19 19:43:46 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-19 19:43:45 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-19 19:43:45 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-19 19:43:43 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-19 19:43:42 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-19 19:43:42 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-19 19:43:41 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-19 19:43:40 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-19 19:43:38 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-19 19:43:38 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-11-19 19:43:36 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-19 19:43:36 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-19 19:43:35 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-19 19:43:35 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-19 19:43:29 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-19 19:43:28 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-19 19:43:28 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-19 19:43:27 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-19 19:43:27 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-19 19:43:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-19 19:43:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-19 19:43:24 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-19 19:43:24 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-19 19:43:23 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-19 19:43:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-19 19:43:20 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-19 19:43:20 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-19 19:43:19 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-19 19:43:19 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-19 19:43:17 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-19 19:40:30 ----D---- C:\WINDOWS\Logs
2008-11-19 19:40:27 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-19 19:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-11-19 19:20:00 ----D---- C:\Program Files\Yahoo! Games
2008-11-15 17:21:04 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-13 18:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-13 18:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-13 18:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-13 18:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-13 18:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-13 18:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-13 18:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-13 18:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-13 18:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-13 18:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-13 18:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-13 18:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 18:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-13 18:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-13 18:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-13 18:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-13 18:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-13 18:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 18:29:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-13 18:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-11 18:30:21 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-11 18:30:21 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-11 18:30:21 ----A---- C:\WINDOWS\system32\java.exe
2008-11-11 18:04:42 ----D---- C:\WINDOWS\Prefetch
2008-11-11 18:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-11 17:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-11 17:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-11 17:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-11 17:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-11 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-11 17:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-11-11 17:56:41 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-11 17:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-11 17:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-11 17:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-11 17:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-11 17:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-11 17:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-11 17:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-11 17:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-11 17:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-11 17:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-11 17:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-11 17:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-11 17:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-11 17:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-11 17:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-11 17:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-11 17:45:31 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-11 17:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-11 17:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-11 17:43:22 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-11 17:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-11 17:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-11 17:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-11 17:40:53 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-11 17:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2008-11-11 17:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-11 17:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-11 17:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-11 17:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-11 17:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-11 17:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-11 17:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-11 17:35:34 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-11 17:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-11 17:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-11 17:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-11 17:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-11 17:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-11 17:26:53 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-11 17:24:41 ----D---- C:\WINDOWS\peernet
2008-11-11 17:24:40 ----D---- C:\WINDOWS\provisioning
2008-11-11 17:21:56 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-11 17:12:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-11 17:12:39 ----D---- C:\WINDOWS\EHome
2008-11-11 16:46:05 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-11 09:15:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-10 22:09:15 ----D---- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
2008-11-10 22:07:18 ----D---- C:\Program Files\Oberon Media
2008-11-10 22:03:51 ----D---- C:\Program Files\AquaPark
2008-11-10 21:09:12 ----D---- C:\Program Files\Airport Mania
2008-11-10 21:05:22 ----D---- C:\Program Files\Farm Frenzy
2008-11-10 20:57:16 ----D---- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-11-10 20:56:49 ----D---- C:\Program Files\FishCo
2008-11-10 20:05:15 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-10 20:05:15 ----D---- C:\Documents and Settings\Administrator\Application Data\PlayFirst
2008-11-10 20:04:48 ----D---- C:\Program Files\Cooking Dash
2008-11-10 20:04:34 ----D---- C:\Program Files\ReflexiveArcade

======List of files/folders modified in the last 1 months======

2008-12-09 18:41:40 ----RD---- C:\Program Files
2008-12-09 18:27:21 ----D---- C:\WINDOWS\Temp
2008-12-09 18:23:09 ----D---- C:\WINDOWS\system32
2008-12-09 18:23:08 ----D---- C:\WINDOWS
2008-12-09 18:22:33 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 18:21:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 18:17:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 18:08:58 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:08:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-08 19:54:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-07 18:49:54 ----D---- C:\WINDOWS\Registration
2008-12-05 16:04:22 ----D---- C:\WINDOWS\Help
2008-11-22 15:00:16 ----HD---- C:\WINDOWS\inf
2008-11-22 13:57:47 ----SHD---- C:\WINDOWS\Installer
2008-11-22 13:57:47 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-11-19 19:43:58 ----D---- C:\WINDOWS\system32\DirectX
2008-11-15 18:02:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-15 17:21:04 ----D---- C:\WINDOWS\Debug
2008-11-13 19:12:29 ----D---- C:\WINDOWS\security
2008-11-13 19:02:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-13 18:36:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 18:36:11 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 18:36:02 ----D---- C:\Program Files\Messenger
2008-11-13 18:31:29 ----D---- C:\WINDOWS\WinSxS
2008-11-11 18:30:21 ----D---- C:\Program Files\Java
2008-11-11 18:13:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-11 18:06:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-11 18:06:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-11 18:05:49 ----A---- C:\WINDOWS\setuplog.txt
2008-11-11 18:05:10 ----D---- C:\WINDOWS\system32\wbem
2008-11-11 18:04:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-11 18:04:10 ----SHD---- C:\System Volume Information
2008-11-11 18:04:03 ----D---- C:\WINDOWS\msagent
2008-11-11 18:04:03 ----D---- C:\WINDOWS\AppPatch
2008-11-11 18:04:02 ----RSD---- C:\WINDOWS\Fonts
2008-11-11 17:43:39 ----D---- C:\WINDOWS\system32\Com
2008-11-11 17:26:59 ----RASH---- C:\boot.ini
2008-11-11 17:26:54 ----A---- C:\WINDOWS\win.ini
2008-11-11 17:26:53 ----D---- C:\Program Files\Windows Media Player
2008-11-11 17:25:03 ----D---- C:\WINDOWS\system32\Setup
2008-11-11 17:25:01 ----D---- C:\WINDOWS\ime
2008-11-11 17:24:44 ----D---- C:\WINDOWS\system32\oobe
2008-11-11 17:24:43 ----D---- C:\Program Files\Movie Maker
2008-11-11 17:24:40 ----D---- C:\WINDOWS\Media
2008-11-11 17:21:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-11 17:21:21 ----D---- C:\WINDOWS\system32\npp
2008-11-11 17:21:21 ----D---- C:\WINDOWS\mui
2008-11-11 17:21:17 ----D---- C:\WINDOWS\srchasst
2008-11-11 17:21:15 ----D---- C:\Program Files\NetMeeting
2008-11-11 17:21:07 ----D---- C:\Program Files\Windows NT
2008-11-11 17:21:07 ----D---- C:\Program Files\Outlook Express
2008-11-11 17:20:59 ----D---- C:\Program Files\Common Files\System
2008-11-11 17:20:40 ----D---- C:\WINDOWS\system32\usmt
2008-11-11 17:20:37 ----D---- C:\WINDOWS\system
2008-11-11 17:18:06 ----RD---- C:\WINDOWS\Web
2008-11-11 17:17:50 ----RASH---- C:\NTDETECT.COM
2008-11-11 17:17:09 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-25 170880]
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2004-04-29 369024]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2002-11-26 103936]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-19 542976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [2003-02-05 50816]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\GTNDIS5.SYS []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-13 90395]
S4 adpu320;adpu320; C:\WINDOWS\System32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 Symmpi;Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-26 168432]
R2 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-06-01 155715]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2008-12-09 28762]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
People do dumb things. And I'm not talking about paying too much for car insurance either.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 10 December 2008 - 08:22 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Run RSIT again.. make sure you change the List files/folders created or modified in the last 3 months


Post these logs..

1. Malwarebytes'
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:27 AM

Posted 10 December 2008 - 10:37 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/10/2008 9:30:17 PM
mbam-log-2008-12-10 (21-30-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 113904
Time elapsed: 51 minute(s), 16 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 68

Memory Processes Infected:
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Unloaded process successfully.
C:\WINDOWS\system32\explorer32.exe (Backdoor.PoisonIvy) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\03730559307927513161849192825240 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\winsrc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Yahoo! Games\Ranch Rush\ijl15.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP146\A0025676.cpl (Rogue.XPantivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02667610 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02667A36 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02667D63.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02667F18.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02668199.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\026684E5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\026687A4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\explorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-10 21:34:59
Microsoft Windows XP Professional Service Pack 2
System drive C: has 22 GB (59%) free of 38 GB
Total RAM: 511 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:05 PM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Cosmi\HelpExpress\HXDL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Cosmi\HelpExpress\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" -run
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6529 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-26 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-03-11 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-01-31 98304]
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [2002-05-28 69632]
"PROMon.exe"= []
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2002-08-07 485376]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-06-01 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-22 77824]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HXDL.EXE"=C:\Program Files\Cosmi\HelpExpress\HXDL.EXE [2002-01-29 50872]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-26 39408]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9f6654-abad-11dd-b196-0007e91b98f0}]
shell\AutoRun\command - E:\podcastready.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-10 15:59:09 ----A---- C:\WINDOWS\system32\winsrc.dll.tmp
2008-12-09 18:41:40 ----D---- C:\Program Files\trend micro
2008-12-09 18:41:37 ----D---- C:\rsit
2008-12-05 16:04:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Help
2008-12-03 20:08:18 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-23 20:07:34 ----D---- C:\Program Files\TryMedia
2008-11-23 20:06:45 ----D---- C:\Program Files\WildTangent
2008-11-23 20:06:44 ----D---- C:\WINDOWS\wt
2008-11-23 11:54:11 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-11-23 11:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\AWEM
2008-11-23 09:59:12 ----D---- C:\Documents and Settings\Administrator\Application Data\iWin
2008-11-22 15:24:15 ----D---- C:\Program Files\Legacy Interactive
2008-11-22 13:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-11-22 13:46:44 ----D---- C:\Documents and Settings\Administrator\Application Data\AlwaysNeat
2008-11-22 11:20:46 ----A---- C:\WINDOWS\unvise32qt.exe
2008-11-22 11:20:01 ----D---- C:\WINDOWS\system32\QuickTime
2008-11-22 11:19:59 ----D---- C:\Program Files\QuickTime
2008-11-22 11:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-11-22 10:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-11-19 19:43:54 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-11-19 19:43:54 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-11-19 19:43:53 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-11-19 19:43:53 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-11-19 19:43:52 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-11-19 19:43:52 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-11-19 19:43:50 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-19 19:43:48 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-19 19:43:46 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-19 19:43:45 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-19 19:43:45 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-19 19:43:43 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-19 19:43:42 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-19 19:43:42 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-19 19:43:41 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-19 19:43:40 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-19 19:43:38 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-19 19:43:38 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-11-19 19:43:36 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-19 19:43:36 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-19 19:43:35 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-19 19:43:35 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-19 19:43:29 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-19 19:43:28 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-19 19:43:28 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-19 19:43:27 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-19 19:43:27 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-19 19:43:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-19 19:43:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-19 19:43:24 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-19 19:43:24 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-19 19:43:23 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-19 19:43:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-19 19:43:20 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-19 19:43:20 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-19 19:43:19 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-19 19:43:19 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-19 19:43:17 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-19 19:40:30 ----D---- C:\WINDOWS\Logs
2008-11-19 19:40:27 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-19 19:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-11-19 19:20:00 ----D---- C:\Program Files\Yahoo! Games
2008-11-15 17:21:04 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-13 18:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-13 18:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-13 18:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-13 18:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-13 18:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-13 18:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-13 18:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-13 18:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-13 18:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-13 18:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-13 18:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-13 18:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 18:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-13 18:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-13 18:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-13 18:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-13 18:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-13 18:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 18:29:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-13 18:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-11 18:30:21 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-11 18:30:21 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-11 18:30:21 ----A---- C:\WINDOWS\system32\java.exe
2008-11-11 18:04:42 ----D---- C:\WINDOWS\Prefetch
2008-11-11 18:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-11 17:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-11 17:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-11 17:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-11 17:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-11 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-11 17:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-11-11 17:56:41 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-11 17:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-11 17:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-11 17:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-11 17:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-11 17:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-11 17:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-11 17:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-11 17:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-11 17:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-11 17:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-11 17:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-11 17:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-11 17:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-11 17:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-11 17:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-11 17:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-11 17:45:31 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-11 17:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-11 17:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-11 17:43:22 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-11 17:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-11 17:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-11 17:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-11 17:40:53 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-11 17:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2008-11-11 17:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-11 17:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-11 17:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-11 17:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-11 17:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-11 17:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-11 17:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-11 17:35:34 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-11 17:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-11 17:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-11 17:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-11 17:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-11 17:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-11 17:26:53 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-11 17:24:41 ----D---- C:\WINDOWS\peernet
2008-11-11 17:24:40 ----D---- C:\WINDOWS\provisioning
2008-11-11 17:21:56 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-11 17:12:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-11 17:12:39 ----D---- C:\WINDOWS\EHome
2008-11-11 16:46:05 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-11 09:15:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2008-12-10 21:34:14 ----D---- C:\WINDOWS\Temp
2008-12-10 21:33:51 ----D---- C:\WINDOWS\system32\drivers
2008-12-10 21:33:51 ----D---- C:\WINDOWS
2008-12-10 21:31:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 21:30:17 ----RD---- C:\Program Files
2008-12-10 21:30:16 ----D---- C:\WINDOWS\system32
2008-12-10 21:03:38 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2008-12-10 20:31:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-10 18:36:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 18:08:58 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:08:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-08 19:54:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-07 18:49:54 ----D---- C:\WINDOWS\Registration
2008-12-05 16:04:22 ----D---- C:\WINDOWS\Help
2008-11-23 11:00:15 ----D---- C:\Documents and Settings\Administrator\Application Data\PlayFirst
2008-11-22 15:00:16 ----HD---- C:\WINDOWS\inf
2008-11-22 13:57:47 ----SHD---- C:\WINDOWS\Installer
2008-11-22 13:57:47 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-11-19 19:43:58 ----D---- C:\WINDOWS\system32\DirectX
2008-11-19 17:24:48 ----D---- C:\Program Files\Oberon Media
2008-11-15 18:02:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-15 17:21:04 ----D---- C:\WINDOWS\Debug
2008-11-13 19:12:29 ----D---- C:\WINDOWS\security
2008-11-13 19:02:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-13 18:36:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 18:36:11 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 18:36:02 ----D---- C:\Program Files\Messenger
2008-11-13 18:31:29 ----D---- C:\WINDOWS\WinSxS
2008-11-11 18:30:21 ----D---- C:\Program Files\Java
2008-11-11 18:13:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-11 18:06:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-11 18:06:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-11 18:05:49 ----A---- C:\WINDOWS\setuplog.txt
2008-11-11 18:05:10 ----D---- C:\WINDOWS\system32\wbem
2008-11-11 18:04:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-11 18:04:10 ----SHD---- C:\System Volume Information
2008-11-11 18:04:03 ----D---- C:\WINDOWS\msagent
2008-11-11 18:04:03 ----D---- C:\WINDOWS\AppPatch
2008-11-11 18:04:02 ----RSD---- C:\WINDOWS\Fonts
2008-11-11 17:43:39 ----D---- C:\WINDOWS\system32\Com
2008-11-11 17:26:59 ----RASH---- C:\boot.ini
2008-11-11 17:26:54 ----A---- C:\WINDOWS\win.ini
2008-11-11 17:26:53 ----D---- C:\Program Files\Windows Media Player
2008-11-11 17:25:03 ----D---- C:\WINDOWS\system32\Setup
2008-11-11 17:25:01 ----D---- C:\WINDOWS\ime
2008-11-11 17:24:44 ----D---- C:\WINDOWS\system32\oobe
2008-11-11 17:24:43 ----D---- C:\Program Files\Movie Maker
2008-11-11 17:24:40 ----D---- C:\WINDOWS\Media
2008-11-11 17:21:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-11 17:21:21 ----D---- C:\WINDOWS\system32\npp
2008-11-11 17:21:21 ----D---- C:\WINDOWS\mui
2008-11-11 17:21:17 ----D---- C:\WINDOWS\srchasst
2008-11-11 17:21:15 ----D---- C:\Program Files\NetMeeting
2008-11-11 17:21:07 ----D---- C:\Program Files\Windows NT
2008-11-11 17:21:07 ----D---- C:\Program Files\Outlook Express
2008-11-11 17:20:59 ----D---- C:\Program Files\Common Files\System
2008-11-11 17:20:40 ----D---- C:\WINDOWS\system32\usmt
2008-11-11 17:20:37 ----D---- C:\WINDOWS\system
2008-11-11 17:18:06 ----RD---- C:\WINDOWS\Web
2008-11-11 17:17:50 ----RASH---- C:\NTDETECT.COM
2008-11-11 17:17:09 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-25 170880]
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2004-04-29 369024]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2002-11-26 103936]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-19 542976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [2003-02-05 50816]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\GTNDIS5.SYS []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-13 90395]
S4 adpu320;adpu320; C:\WINDOWS\System32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 Symmpi;Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-26 168432]
R2 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-06-01 155715]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
People do dumb things. And I'm not talking about paying too much for car insurance either.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 10 December 2008 - 10:51 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:27 AM

Posted 11 December 2008 - 08:37 AM

ComboFix 08-12-09.03 - Administrator 2008-12-11 7:21:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\msssc.dll
c:\windows\system32\winsrc.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-09 18:41 . 2008-12-09 18:41 <DIR> d-------- C:\rsit
2008-12-09 18:41 . 2008-12-10 21:35 <DIR> d-------- c:\program files\trend micro
2008-12-03 20:08 . 2008-12-03 20:08 <DIR> d-------- c:\windows\.jagex_cache_32
2008-12-03 20:08 . 2008-12-03 20:09 31 --a------ c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-11-23 20:07 . 2008-11-23 20:07 <DIR> d-------- c:\program files\TryMedia
2008-11-23 20:06 . 2008-11-23 20:07 <DIR> d-------- c:\windows\wt
2008-11-23 20:06 . 2008-11-23 20:07 <DIR> d-------- c:\program files\WildTangent
2008-11-23 11:54 . 2008-11-23 20:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sandlot Games
2008-11-23 11:43 . 2008-11-23 11:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\AWEM
2008-11-23 09:59 . 2008-11-23 09:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\iWin
2008-11-22 15:40 . 2008-11-22 15:40 1,409 --a------ c:\windows\system32\tmpE85E3.FOT
2008-11-22 15:40 . 2008-11-22 15:40 1,409 --a------ c:\windows\system32\tmp966E3.FOT
2008-11-22 15:40 . 2008-11-22 15:40 1,409 --a------ c:\windows\system32\tmp679E3.FOT
2008-11-22 15:40 . 2008-11-22 15:40 1,409 --a------ c:\windows\system32\tmp5A9E3.FOT
2008-11-22 15:40 . 2008-11-22 15:40 1,409 --a------ c:\windows\system32\tmp494E3.FOT
2008-11-22 15:40 . 2008-11-22 15:40 1,409 --a------ c:\windows\system32\tmp045E3.FOT
2008-11-22 15:40 . 2008-11-22 15:40 1,409 --a------ c:\windows\system32\tmp025E3.FOT
2008-11-22 15:28 . 2005-06-29 16:00 24 --a------ c:\windows\AM_D8.PRF
2008-11-22 15:24 . 2008-11-22 15:24 <DIR> d-------- c:\program files\Legacy Interactive
2008-11-22 14:05 . 2008-11-23 09:13 40 --a------ c:\windows\RSoftInfo.dat
2008-11-22 13:57 . 2008-11-22 13:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2008-11-22 13:46 . 2008-11-22 13:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AlwaysNeat
2008-11-22 11:27 . 2008-12-11 07:30 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-22 11:27 . 2008-12-11 07:26 1,409 --a------ c:\windows\QTFont.for
2008-11-22 11:20 . 2008-11-22 11:20 <DIR> d-------- c:\windows\system32\QuickTime
2008-11-22 11:20 . 1999-11-10 11:05 86,016 --a------ c:\windows\unvise32qt.exe
2008-11-22 11:19 . 2008-11-22 11:21 <DIR> d-------- c:\program files\QuickTime
2008-11-22 11:19 . 2008-11-22 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2008-11-22 10:16 . 2008-11-22 10:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreshGames
2008-11-19 19:40 . 2008-11-19 19:43 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-19 19:40 . 2008-11-19 19:40 <DIR> d-------- c:\windows\Logs
2008-11-19 19:21 . 2008-11-19 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-19 19:20 . 2008-12-03 19:55 <DIR> d-------- c:\program files\Yahoo! Games
2008-11-15 17:21 . 2008-11-15 18:01 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-12 16:28 . 2008-08-14 04:00 2,180,352 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-12 16:28 . 2008-08-14 03:58 2,136,064 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-12 16:28 . 2008-08-14 03:22 2,057,728 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-12 16:28 . 2008-08-14 03:22 2,015,744 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-12 16:28 . 2008-09-15 05:57 1,846,016 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-12 16:28 . 2008-06-13 07:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-11-12 16:28 . 2008-08-14 03:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-11-12 16:27 . 2008-04-11 12:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-11-12 16:27 . 2008-05-01 08:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-11 20:55 . 2008-12-03 20:07 33 --a------ c:\windows\popcinfo.dat
2008-11-11 18:30 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-11 17:26 . 2008-11-11 18:07 316,640 --a------ c:\windows\WMSysPr9.prx
2008-11-11 17:26 . 2004-08-04 01:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-11 17:24 . 2008-11-11 17:24 <DIR> d-------- c:\windows\provisioning
2008-11-11 17:24 . 2008-11-11 17:24 <DIR> d-------- c:\windows\peernet
2008-11-11 17:21 . 2008-11-11 17:21 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-11 17:12 . 2008-11-11 17:12 <DIR> d-------- c:\windows\EHome
2008-11-11 09:15 . 2008-11-19 17:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 13:19 --------- d-----w c:\documents and settings\Administrator\Application Data\U3
2008-12-11 02:31 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-09 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-04 01:59 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 01:59 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-23 17:00 --------- d-----w c:\documents and settings\Administrator\Application Data\PlayFirst
2008-11-19 23:24 --------- d-----w c:\program files\Oberon Media
2008-11-12 00:30 --------- d-----w c:\program files\Java
2008-11-11 04:09 --------- d-----w c:\documents and settings\Administrator\Application Data\Playrix Entertainment
2008-11-11 04:04 --------- d-----w c:\program files\AquaPark
2008-11-11 04:01 --------- d-----w c:\program files\Airport Mania
2008-11-11 03:05 --------- d-----w c:\program files\Farm Frenzy
2008-11-11 02:57 --------- d-----w c:\program files\FishCo
2008-11-11 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-11-11 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-11 02:04 --------- d-----w c:\program files\ReflexiveArcade
2008-11-11 02:04 --------- d-----w c:\program files\Cooking Dash
2008-10-26 20:47 --------- d-----w c:\program files\Google
2008-10-26 19:33 --------- d-----w c:\program files\Yahoo!
2008-10-26 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-26 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-26 19:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Yahoo!
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 21:35 --------- d-----w c:\program files\EA GAMES
2008-10-22 02:22 --------- d-----w c:\program files\COSMI
2008-10-22 01:19 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2008-10-22 01:18 --------- d-----w c:\program files\Program Shortcuts
2008-10-22 01:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-22 01:11 1,596 --sha-r c:\windows\system32\drivers\HP_HP d530 CMT(DC577AV)_YB_0CBD_QUSW341_EU_44_I085Ch_SHP_V_B786B2 v1.11_T030710_WXP1_L409_M504_J40_7Intel_8Pentium 4_92.39_1_N14E41696_()_X_CD6_RHewlett-Packard_2_G80862572_OSAMSUNG CD-ROM SC-148C_DIN-KCH.MRK
2008-10-22 01:11 --------- d-----w c:\program files\Compaq
2008-10-22 01:06 --------- d-----w c:\program files\intel
2008-10-22 01:05 --------- d-----w c:\program files\Analog Devices
2008-10-22 01:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-22 01:03 --------- d-----w c:\program files\Common Files\Java
2008-10-22 00:54 --------- d-----w c:\program files\microsoft frontpage
2008-10-22 00:48 --------- d-----w c:\program files\Alwil Software
2008-10-22 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-22 00:36 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-10-22 00:32 --------- d-----w c:\program files\Microsoft.NET
2008-10-22 00:32 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-21 23:33 --------- d-----w c:\program files\Sunbelt Software
2008-10-21 23:21 --------- d--h--w c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 39408]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2002-08-07 485376]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-06-01 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-22 77824]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-21 78416]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-21 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 SbPF.Launcher;SbPF.Launcher;"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-10-21 65576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9f6654-abad-11dd-b196-0007e91b98f0}]
\Shell\AutoRun\command - E:\podcastready.exe

*Newly Created Service* - NMSCFG
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-HXDL.EXE - c:\program files\Cosmi\HelpExpress\HXDL.EXE -from=HXIUL.EXE -to=HXIUL.EXE
HKLM-Run-PROMon.exe - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 07:30:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\NMSSvc.Exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\rundll32.exe
c:\program files\COSMI\HelpExpress\HXDL.EXE
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-11 7:35:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-11 13:35:06

Pre-Run: 23,369,408,512 bytes free
Post-Run: 23,508,312,064 bytes free

207 --- E O F --- 2008-12-10 00:16:06

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-11 07:35:49
Microsoft Windows XP Professional Service Pack 2
System drive C: has 22 GB (59%) free of 38 GB
Total RAM: 511 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:55 AM, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Cosmi\HelpExpress\HXDL.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\My Documents\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6358 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-26 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-03-11 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-01-31 98304]
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [2002-05-28 69632]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2002-08-07 485376]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-06-01 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-22 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-26 39408]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9f6654-abad-11dd-b196-0007e91b98f0}]
shell\AutoRun\command - E:\podcastready.exe


======List of files/folders created in the last 1 months======

2008-12-11 07:35:17 ----A---- C:\ComboFix.txt
2008-12-11 07:19:50 ----A---- C:\WINDOWS\zip.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\VFIND.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\SWSC.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\SWREG.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\sed.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\grep.exe
2008-12-11 07:19:50 ----A---- C:\WINDOWS\fdsv.exe
2008-12-11 07:19:42 ----D---- C:\WINDOWS\ERDNT
2008-12-11 07:19:42 ----D---- C:\Qoobox
2008-12-11 07:19:41 ----D---- C:\ComboFix
2008-12-09 18:41:40 ----D---- C:\Program Files\trend micro
2008-12-09 18:41:37 ----D---- C:\rsit
2008-12-05 16:04:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Help
2008-12-03 20:08:18 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-23 20:07:34 ----D---- C:\Program Files\TryMedia
2008-11-23 20:06:45 ----D---- C:\Program Files\WildTangent
2008-11-23 20:06:44 ----D---- C:\WINDOWS\wt
2008-11-23 11:54:11 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-11-23 11:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\AWEM
2008-11-23 09:59:12 ----D---- C:\Documents and Settings\Administrator\Application Data\iWin
2008-11-22 15:24:15 ----D---- C:\Program Files\Legacy Interactive
2008-11-22 13:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-11-22 13:46:44 ----D---- C:\Documents and Settings\Administrator\Application Data\AlwaysNeat
2008-11-22 11:20:46 ----A---- C:\WINDOWS\unvise32qt.exe
2008-11-22 11:20:01 ----D---- C:\WINDOWS\system32\QuickTime
2008-11-22 11:19:59 ----D---- C:\Program Files\QuickTime
2008-11-22 11:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-11-22 10:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-11-19 19:43:55 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-11-19 19:43:54 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-11-19 19:43:54 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-11-19 19:43:53 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-11-19 19:43:53 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-11-19 19:43:52 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-11-19 19:43:52 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-11-19 19:43:51 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-11-19 19:43:50 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-19 19:43:49 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-19 19:43:48 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-19 19:43:47 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-19 19:43:46 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-19 19:43:45 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-19 19:43:45 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-19 19:43:44 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-19 19:43:43 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-19 19:43:42 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-19 19:43:42 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-19 19:43:41 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-19 19:43:40 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-19 19:43:39 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-19 19:43:38 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-19 19:43:38 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-11-19 19:43:37 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-11-19 19:43:36 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-19 19:43:36 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-19 19:43:35 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-19 19:43:35 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-19 19:43:29 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-19 19:43:28 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-19 19:43:28 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-19 19:43:27 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-19 19:43:27 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-19 19:43:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-19 19:43:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-19 19:43:25 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-19 19:43:24 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-19 19:43:24 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-19 19:43:23 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-19 19:43:22 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-19 19:43:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-19 19:43:20 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-19 19:43:20 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-19 19:43:19 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-19 19:43:19 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-19 19:43:17 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-19 19:40:30 ----D---- C:\WINDOWS\Logs
2008-11-19 19:40:27 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-19 19:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-11-19 19:20:00 ----D---- C:\Program Files\Yahoo! Games
2008-11-15 17:21:04 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-13 18:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-13 18:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-13 18:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-13 18:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-13 18:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-13 18:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-13 18:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-13 18:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-13 18:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-13 18:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-13 18:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-13 18:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 18:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-13 18:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-13 18:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-13 18:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-13 18:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-13 18:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 18:29:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-13 18:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

======List of files/folders modified in the last 1 months======

2008-12-11 07:35:23 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 07:35:23 ----D---- C:\WINDOWS\system32
2008-12-11 07:35:22 ----D---- C:\WINDOWS
2008-12-11 07:35:20 ----D---- C:\WINDOWS\Temp
2008-12-11 07:30:59 ----A---- C:\WINDOWS\system.ini
2008-12-11 07:27:05 ----D---- C:\WINDOWS\system32\config
2008-12-11 07:24:02 ----D---- C:\Program Files\Common Files
2008-12-11 07:24:01 ----D---- C:\WINDOWS\AppPatch
2008-12-11 07:21:28 ----D---- C:\Program Files\Internet Explorer
2008-12-11 07:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 07:19:35 ----D---- C:\WINDOWS\Prefetch
2008-12-11 07:19:16 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2008-12-10 21:30:17 ----RD---- C:\Program Files
2008-12-10 20:31:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-10 18:36:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 18:08:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-08 19:54:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-07 18:49:54 ----D---- C:\WINDOWS\Registration
2008-12-05 16:04:22 ----D---- C:\WINDOWS\Help
2008-11-23 11:00:15 ----D---- C:\Documents and Settings\Administrator\Application Data\PlayFirst
2008-11-22 15:00:16 ----HD---- C:\WINDOWS\inf
2008-11-22 13:57:47 ----SHD---- C:\WINDOWS\Installer
2008-11-22 13:57:47 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-11-19 19:43:58 ----D---- C:\WINDOWS\system32\DirectX
2008-11-19 17:57:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-19 17:24:48 ----D---- C:\Program Files\Oberon Media
2008-11-15 18:02:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-15 17:21:04 ----D---- C:\WINDOWS\Debug
2008-11-13 19:12:29 ----D---- C:\WINDOWS\security
2008-11-13 19:02:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-13 18:36:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 18:36:11 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 18:36:02 ----D---- C:\Program Files\Messenger
2008-11-13 18:31:29 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-25 170880]
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2004-04-29 369024]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2002-11-26 103936]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-19 542976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [2003-02-05 50816]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\GTNDIS5.SYS []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-13 90395]
S4 adpu320;adpu320; C:\WINDOWS\System32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 Symmpi;Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-26 168432]
R2 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-06-01 155715]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
People do dumb things. And I'm not talking about paying too much for car insurance either.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 11 December 2008 - 11:07 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\windows\system32\tmpE85E3.FOT
    c:\windows\system32\tmp966E3.FOT
    c:\windows\system32\tmp679E3.FOT
    c:\windows\system32\tmp5A9E3.FOT
    c:\windows\system32\tmp494E3.FOT
    c:\windows\system32\tmp045E3.FOT
    c:\windows\system32\tmp025E3.FOT
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT



Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE




NEXT


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



Post me these logs in your next reply..

1. OTMoveIt3
2. Kaspersky Online
3. Tell me, how is the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:27 AM

Posted 13 December 2008 - 12:44 AM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\tmpE85E3.FOT moved successfully.
c:\windows\system32\tmp966E3.FOT moved successfully.
c:\windows\system32\tmp679E3.FOT moved successfully.
c:\windows\system32\tmp5A9E3.FOT moved successfully.
c:\windows\system32\tmp494E3.FOT moved successfully.
c:\windows\system32\tmp045E3.FOT moved successfully.
c:\windows\system32\tmp025E3.FOT moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_4f0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFF5FE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2b8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_834.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12122008_154350

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_4f0.dat not found!
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFF5FE.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2b8.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_834.dat moved successfully.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 12, 2008 23:26:44
Records in database: 1456259
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 57804
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:09:59


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1

The selected area was scanned.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 13 December 2008 - 05:09 AM

Looks very good to me.. Lets do this...


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:27 AM

Posted 17 December 2008 - 05:34 PM

Thanks much. :thumbsup:

Computer works great!
People do dumb things. And I'm not talking about paying too much for car insurance either.

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 18 December 2008 - 12:02 AM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users