Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Your computer might be at risk" - help


  • This topic is locked This topic is locked
48 replies to this topic

#1 basima

basima

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 18 December 2008 - 11:21 AM

Hiya,

I have been reinfected with the same problem 3 times now, and each time the BC guys have helped me get rid of it. This time they think that you guys can help me get rid of it permanantly.

Please refer to my last thread on the problem.

http://www.bleepingcomputer.com/forums/t/187299/your-computer-might-be-at-risk-help/

Logfile of random's system information tool 1.05 (written by random/random)
Run by Khw Family at 2008-12-18 16:05:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (8%) free of 41 GB
Total RAM: 3071 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:16, on 18/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Khw Family\My Documents\RSIT.exe
C:\Program Files\trend micro\Khw Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.66.73.6:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9450 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"=C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-25 1397760]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-01-28 579072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-29 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE [2005-10-31 602112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2005-10-18 557056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-21 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\IMX3LA~1.EXE [2006-06-08 1871872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Khw Family^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

D:\Documents and Settings\Khw Family\Start Menu\Programs\Startup
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"D:\Documents and Settings\Khw Family\Application Data\SopCast\adv\SopAdver.exe"="D:\Documents and Settings\Khw Family\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\Documents and Settings\Khw Family\My Documents\utorrent.exe"="D:\Documents and Settings\Khw Family\My Documents\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"D:\Documents and Settings\Khw Family\My Documents\AutoPlay\programas\dcc26\DCC.exe"="D:\Documents and Settings\Khw Family\My Documents\AutoPlay\programas\dcc26\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe"="C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty®: World at War Multiplayer"
"D:\Documents and Settings\Khw Family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="D:\Documents and Settings\Khw Family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"D:\Documents and Settings\Khw Family\My Documents\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe"="D:\Documents and Settings\Khw Family\My Documents\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Autorun.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-18 16:05:04 ----D---- C:\Program Files\trend micro
2008-12-18 16:05:03 ----D---- C:\rsit
2008-12-18 00:18:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 20:25:57 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-17 17:27:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(2)
2008-12-10 22:18:30 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-09 19:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 18:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 18:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 18:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 18:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 18:18:24 ----D---- C:\WINDOWS\Prefetch
2008-12-09 17:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 17:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 17:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 17:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 17:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 17:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 17:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 17:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 17:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 17:58:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-09 17:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 17:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-09 17:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 17:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 17:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 17:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 17:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 17:55:03 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 17:55:03 ----D---- C:\WINDOWS\l2schemas
2008-12-09 17:55:02 ----D---- C:\WINDOWS\system32\en
2008-12-09 17:55:02 ----D---- C:\WINDOWS\system32\bits
2008-12-09 17:53:47 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 17:49:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 17:49:46 ----D---- C:\WINDOWS\EHome
2008-12-09 17:46:28 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 17:46:26 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 17:46:26 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 17:46:25 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 17:46:25 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 17:46:23 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 17:46:23 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 17:46:21 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 17:46:19 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 17:46:18 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 17:46:18 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-09 17:46:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 17:46:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 17:46:06 ----A---- C:\WINDOWS\002927_.tmp
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 17:46:00 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 17:45:48 ----D---- C:\WINDOWS\system32\up
2008-12-09 17:45:48 ----D---- C:\WINDOWS\system32\ma1
2008-12-09 16:56:12 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 16:54:16 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2008-12-09 16:31:06 ----D---- C:\Program Files\Rockstar Games
2008-12-05 18:58:57 ----D---- D:\Documents and Settings\Khw Family\Application Data\dvdcss
2008-12-05 18:41:34 ----D---- D:\Documents and Settings\All Users\Application Data\vsosdk
2008-12-05 03:42:11 ----D---- D:\Documents and Settings\Khw Family\Application Data\Vso
2008-12-05 03:42:11 ----A---- D:\Documents and Settings\Khw Family\Application Data\inst.exe
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv43260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv33260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv23260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\cook3260.dll
2008-12-05 03:42:05 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-12-05 03:42:05 ----A---- C:\WINDOWS\gdiplus.dll
2008-12-05 03:42:04 ----D---- C:\Program Files\VSO
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\java.exe
2008-11-29 23:04:00 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-11-29 23:04:00 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-11-29 23:03:59 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-11-29 23:03:58 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-11-29 23:03:58 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-11-29 23:03:57 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-11-29 23:03:56 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-11-27 03:11:13 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-27 03:11:12 ----D---- C:\Program Files\AGEIA Technologies
2008-11-27 03:10:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-27 03:10:43 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-27 03:10:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-27 03:06:14 ----D---- D:\Documents and Settings\Khw Family\Application Data\nView_Wallpaper
2008-11-24 21:46:16 ----D---- C:\Program Files\YouTube Downloader
2008-11-20 20:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2008-12-18 16:05:04 ----RD---- C:\Program Files
2008-12-18 15:20:45 ----D---- C:\WINDOWS
2008-12-18 15:20:01 ----D---- C:\WINDOWS\TEMP
2008-12-18 15:19:49 ----AD---- C:\WINDOWS\system32
2008-12-18 15:18:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-18 15:18:16 ----HD---- C:\WINDOWS\inf
2008-12-18 15:18:13 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 15:17:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 15:17:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 04:43:42 ----D---- D:\Documents and Settings\Khw Family\Application Data\uTorrent
2008-12-18 01:50:01 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-18 01:11:05 ----D---- C:\WINDOWS\system32\drivers
2008-12-18 00:19:01 ----D---- C:\WINDOWS\system32\config
2008-12-18 00:18:43 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 00:18:43 ----D---- C:\WINDOWS\Registration
2008-12-15 18:42:10 ----A---- C:\WINDOWS\LEXSTAT.INI
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 16:06:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 22:18:33 ----SHD---- C:\Config.Msi
2008-12-10 22:18:32 ----SHD---- C:\WINDOWS\Installer
2008-12-10 22:18:30 ----D---- D:\Documents and Settings\Khw Family\Application Data\SUPERAntiSpyware.com
2008-12-09 20:07:19 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 19:50:31 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-09 19:50:30 ----RSD---- C:\WINDOWS\assembly
2008-12-09 19:03:27 ----D---- C:\Program Files\Internet Explorer
2008-12-09 19:00:18 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 18:56:34 ----D---- C:\WINDOWS\system32\en-US
2008-12-09 18:56:32 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-09 18:20:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 18:19:02 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 18:17:55 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 18:17:55 ----D---- C:\WINDOWS\ime
2008-12-09 18:17:55 ----D---- C:\WINDOWS\AppPatch
2008-12-09 18:17:54 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 17:57:46 ----D---- C:\Program Files\Messenger
2008-12-09 17:57:32 ----D---- C:\WINDOWS\security
2008-12-09 17:55:14 ----D---- C:\WINDOWS\WinSxS
2008-12-09 17:55:09 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 17:55:09 ----D---- C:\WINDOWS\Help
2008-12-09 17:55:03 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 17:55:02 ----D---- C:\WINDOWS\PeerNet
2008-12-09 17:55:02 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:53:43 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:53:43 ----D---- C:\WINDOWS\system32\npp
2008-12-09 17:53:42 ----D---- C:\WINDOWS\msagent
2008-12-09 17:53:41 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:53:38 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:53:37 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:53:36 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:53:35 ----D---- C:\Program Files\Windows NT
2008-12-09 17:53:35 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:53:33 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:53:24 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 17:53:22 ----D---- C:\WINDOWS\system
2008-12-09 17:45:53 ----RHD---- C:\$VAULT$.AVG
2008-12-09 17:45:49 ----D---- C:\temp
2008-12-09 17:37:23 ----D---- C:\WINDOWS\Debug
2008-12-09 17:20:31 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:15:17 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 16:31:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 04:02:47 ----D---- C:\Program Files\Adobe Photoshop CS3 (Light Version)
2008-12-04 23:19:17 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 21:58:00 ----D---- C:\Program Files\Java
2008-12-02 21:26:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-29 23:25:25 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-28 11:53:34 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-27 22:44:57 ----D---- D:\Documents and Settings\All Users\Application Data\avg7
2008-11-27 04:25:59 ----D---- D:\Documents and Settings\Khw Family\Application Data\Xfire
2008-11-27 03:45:50 ----D---- C:\Program Files\Xfire
2008-11-27 03:12:57 ----D---- C:\WINDOWS\nview
2008-11-27 03:10:57 ----D---- C:\Program Files\Common Files
2008-11-27 03:06:25 ----D---- C:\WINDOWS\nvidia icons

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-01-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-05-13 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-05-13 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-01-28 10760]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-05-23 17801]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-03 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-10-08 25416]
R2 Ndismeetro;Meetro NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\ndismeetro.sys [2005-06-09 34688]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-07-22 68864]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-05 47360]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-10-18 905608]
R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aw8dphes;aw8dphes; C:\WINDOWS\system32\drivers\aw8dphes.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-22 13440]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-07-22 55040]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-06-01 95488]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-01-28 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-05-13 49664]
R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver; C:\Program Files\Belkin\F5D7051\WLService.exe [2004-03-29 49152]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-29 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-28 201816]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2008-12-18 16:05:20

======Uninstall list======

-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
-->MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe After Effects CS3 Presets-->MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe After Effects CS3-->C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3-->MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 (Light Version)-->C:\Program Files\Adobe Photoshop CS3 (Light Version)\Uninstal.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup-->MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{BC467935-A9A5-4D0F-BD89-94F36CDF0524}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Belkin High-Speed Mode Wireless G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D7051\setup.exe" -l0x9
bitcontrol® DreamBox Bundle v2.0-->"C:\Program Files\Common Files\BitCtrl\DreamBoxBundle\Uninstall.exe"
Call of Duty® 4 - Modern Warfare™ 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
ConvertXtoDVD 3.0.0.1-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
Fraps-->"C:\Fraps\uninstall.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImageMixer for HDD Camcorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}\Setup.exe" -l0x9 UNINSTALL -removeonly
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lexmark X5100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Pro Evolution Soccer 2009 DEMO-->MsiExec.exe /X{722AED08-B149-423F-8B86-8453643B61E5}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SM56Tester-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BE5A05F-4E4F-4493-A818-327B2628ABB2}\Setup.exe" -l0x9 -removeonly
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SuperMegaSpoof 2.0-->"C:\Program Files\MegaSpoof\unins000.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak Overlay BETA 2 (#63)-->"C:\Program Files\TSO\uninstall.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Webshots Desktop-->C:\PROGRA~1\Webshots\UNWISE.EXE C:\PROGRA~1\Webshots\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AV: AVG 7.5.516
FW: Norton Internet Worm Protection (disabled)

System event log

Computer Name: FAMILYCOMPUTER
Event Code: 7035
Message: The Belkin High-Speed Mode Wireless G USB Driver service was successfully sent a stop control.

Record Number: 123499
Source Name: Service Control Manager
Time Written: 20081130121951.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILYCOMPUTER
Event Code: 7036
Message: The Belkin High-Speed Mode Wireless G USB Driver service entered the stopped state.

Record Number: 123498
Source Name: Service Control Manager
Time Written: 20081130121951.000000+000
Event Type: information
User:

Computer Name: FAMILYCOMPUTER
Event Code: 7035
Message: The Belkin High-Speed Mode Wireless G USB Driver service was successfully sent a start control.

Record Number: 123497
Source Name: Service Control Manager
Time Written: 20081130121950.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILYCOMPUTER
Event Code: 7036
Message: The Belkin High-Speed Mode Wireless G USB Driver service entered the running state.

Record Number: 123496
Source Name: Service Control Manager
Time Written: 20081130121950.000000+000
Event Type: information
User:

Computer Name: FAMILYCOMPUTER
Event Code: 7035
Message: The Belkin High-Speed Mode Wireless G USB Driver service was successfully sent a stop control.

Record Number: 123495
Source Name: Service Control Manager
Time Written: 20081130121950.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: FAMILYCOMPUTER
Event Code: 1
Message: Service started

Record Number: 1521
Source Name: Avg7UpdSvc
Time Written: 20080902152955.000000+060
Event Type: information
User:

Computer Name: FAMILYCOMPUTER
Event Code: 1517
Message: Windows saved user FAMILYCOMPUTER\Family Account registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1520
Source Name: Userenv
Time Written: 20080902142016.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILYCOMPUTER
Event Code: 0
Message: Service stopped successfully.

Record Number: 1519
Source Name: idsvc
Time Written: 20080902133147.000000+060
Event Type: information
User:

Computer Name: FAMILYCOMPUTER
Event Code: 518
Message: The Windows CardSpace service has been idle for some time. It has been shut down to make resources available for other programs.

Record Number: 1518
Source Name: CardSpace 3.0.0.0
Time Written: 20080902133147.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILYCOMPUTER
Event Code: 0
Message: Service started successfully.

Record Number: 1517
Source Name: idsvc
Time Written: 20080902123147.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\PROGRA~1\COMMON~1\SONICS~1;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 24 December 2008 - 11:09 AM

Hi basima,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

You might want to save this page on your favorites, so you can find it again when you return.

#3 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 24 December 2008 - 12:46 PM

Hiya,

1.

I tried my best to refrain on doing or changing anything since my first post. But after the guys cleared up my problem and during the time I was waiting for a reply to this post my problem got even worse! And as I use this pc for work, I had to at least try to relatively clear it up so I could use it adequatly. Sorry.

I am getting pop-up's very often, even when my pc is idle and on desktop. Fake virus removers keep popping up too. And my windows firewall keeps switching off.

When I am on IE, the settings keep reverting to allowing all cookies even when I manually change them.

I Just tried to use mbam and SAS, but I keep finding infections after each scan. And the problem wouldn't go away.

In my original thread, I was told to make a clean restore point, which I did. I checked it before I got re-infected and the restore point was there. But now it seems to not be there anymore.


2.

Here you go.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Khw Family at 2008-12-24 17:33:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (9%) free of 41 GB
Total RAM: 3071 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:16, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\Documents and Settings\Khw Family\My Documents\RSIT.exe
C:\Program Files\trend micro\Khw Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.66.73.6:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {2790989d-743c-6b9b-1594-726abd6c6000} - {0006c6db-a627-4951-b9b6-c347d9890972} - C:\WINDOWS\system32\kslruz.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CPM2bebea32] Rundll32.exe "c:\windows\system32\disolada.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ruluvofise] Rundll32.exe "C:\WINDOWS\system32\merumebe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - AppInit_DLLs: kslruz.dll C:\WINDOWS\system32\nebiteda.dll c:\windows\system32\disolada.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\disolada.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\disolada.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10374 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\pscamvaf.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0006c6db-a627-4951-b9b6-c347d9890972}]
C:\WINDOWS\system32\kslruz.dll [2008-12-23 130048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"=C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-25 1397760]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-01-28 579072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"CPM2bebea32"=c:\windows\system32\disolada.dll [2008-12-24 98996]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-29 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE [2005-10-31 602112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2005-10-18 557056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-21 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\IMX3LA~1.EXE [2006-06-08 1871872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Khw Family^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

D:\Documents and Settings\Khw Family\Start Menu\Programs\Startup
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kslruz.dll C:\WINDOWS\system32\nebiteda.dll c:\windows\system32\disolada.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\disolada.dll [2008-12-24 98996]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\disolada.dll [2008-12-24 98996]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\nebiteda.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"D:\Documents and Settings\Khw Family\Application Data\SopCast\adv\SopAdver.exe"="D:\Documents and Settings\Khw Family\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\Documents and Settings\Khw Family\My Documents\utorrent.exe"="D:\Documents and Settings\Khw Family\My Documents\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"D:\Documents and Settings\Khw Family\My Documents\AutoPlay\programas\dcc26\DCC.exe"="D:\Documents and Settings\Khw Family\My Documents\AutoPlay\programas\dcc26\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe"="C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty®: World at War Multiplayer"
"D:\Documents and Settings\Khw Family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="D:\Documents and Settings\Khw Family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"D:\Documents and Settings\Khw Family\My Documents\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe"="D:\Documents and Settings\Khw Family\My Documents\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Autorun.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 2 months======

2008-12-24 12:55:11 ----SH---- C:\WINDOWS\system32\afofamuy.ini
2008-12-23 23:15:41 ----A---- C:\WINDOWS\system32\momoityu.dll
2008-12-23 23:15:41 ----A---- C:\WINDOWS\system32\kslruz.dll
2008-12-23 23:15:37 ----A---- C:\WINDOWS\system32\pxvabpdg.dll
2008-12-23 23:15:11 ----A---- C:\WINDOWS\system32\23fb1dd0-.txt
2008-12-18 16:05:04 ----D---- C:\Program Files\trend micro
2008-12-18 16:05:03 ----D---- C:\rsit
2008-12-18 00:18:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 20:25:57 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-17 17:27:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(2)
2008-12-10 22:18:30 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-09 19:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 18:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 18:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 18:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 18:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 18:18:24 ----D---- C:\WINDOWS\Prefetch
2008-12-09 17:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 17:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 17:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 17:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 17:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 17:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 17:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 17:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 17:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 17:58:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-09 17:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 17:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-09 17:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 17:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 17:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 17:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 17:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 17:55:03 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 17:55:03 ----D---- C:\WINDOWS\l2schemas
2008-12-09 17:55:02 ----D---- C:\WINDOWS\system32\en
2008-12-09 17:55:02 ----D---- C:\WINDOWS\system32\bits
2008-12-09 17:53:47 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 17:49:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 17:49:46 ----D---- C:\WINDOWS\EHome
2008-12-09 17:46:28 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 17:46:26 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 17:46:26 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 17:46:25 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 17:46:25 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 17:46:23 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 17:46:23 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 17:46:21 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 17:46:19 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 17:46:18 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 17:46:18 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-09 17:46:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 17:46:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 17:46:06 ----A---- C:\WINDOWS\002927_.tmp
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 17:46:00 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 17:45:48 ----D---- C:\WINDOWS\system32\up
2008-12-09 17:45:48 ----D---- C:\WINDOWS\system32\ma1
2008-12-09 16:56:12 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 16:54:16 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2008-12-09 16:31:06 ----D---- C:\Program Files\Rockstar Games
2008-12-05 18:58:57 ----D---- D:\Documents and Settings\Khw Family\Application Data\dvdcss
2008-12-05 18:41:34 ----D---- D:\Documents and Settings\All Users\Application Data\vsosdk
2008-12-05 03:42:11 ----D---- D:\Documents and Settings\Khw Family\Application Data\Vso
2008-12-05 03:42:11 ----A---- D:\Documents and Settings\Khw Family\Application Data\inst.exe
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv43260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv33260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv23260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\cook3260.dll
2008-12-05 03:42:05 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-12-05 03:42:05 ----A---- C:\WINDOWS\gdiplus.dll
2008-12-05 03:42:04 ----D---- C:\Program Files\VSO
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\java.exe
2008-11-29 23:04:00 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-11-29 23:04:00 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-11-29 23:03:59 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-11-29 23:03:58 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-11-29 23:03:58 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-11-29 23:03:57 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-11-29 23:03:56 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-11-27 03:11:13 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-27 03:11:12 ----D---- C:\Program Files\AGEIA Technologies
2008-11-27 03:10:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-27 03:10:43 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-27 03:10:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-27 03:06:14 ----D---- D:\Documents and Settings\Khw Family\Application Data\nView_Wallpaper
2008-11-24 21:46:16 ----D---- C:\Program Files\YouTube Downloader
2008-11-20 20:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-11-16 00:33:22 ----D---- D:\Documents and Settings\All Users\Application Data\Sports Interactive
2008-11-13 04:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-13 04:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-09 03:14:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-06 00:53:16 ----D---- C:\WINDOWS\system32\xlive
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-11-04 01:09:18 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-11-04 01:09:18 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-11-04 01:09:17 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-04 01:09:17 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-04 01:09:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-04 01:07:34 ----D---- C:\WINDOWS\Logs
2008-10-29 19:03:16 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 22:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-28 22:35:50 ----A---- C:\WINDOWS\system32\nsf1E.tmp
2008-10-28 17:41:22 ----A---- C:\WINDOWS\system32\xlive.dll
2008-10-28 17:41:20 ----A---- C:\WINDOWS\system32\xlivefnt.dll
2008-10-28 17:40:48 ----A---- C:\WINDOWS\system32\xlive.dll.cat

======List of files/folders modified in the last 2 months======

2008-12-24 16:38:43 ----AD---- C:\WINDOWS\system32
2008-12-24 16:38:42 ----D---- C:\WINDOWS
2008-12-24 16:38:38 ----D---- C:\WINDOWS\TEMP
2008-12-24 16:37:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 16:36:42 ----HD---- C:\WINDOWS\inf
2008-12-24 16:36:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-24 16:36:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-24 13:25:41 ----D---- C:\WINDOWS\system32\Adobe
2008-12-24 12:55:08 ----ASH---- C:\WINDOWS\system32\yumafofa.dll
2008-12-24 12:55:08 ----ASH---- C:\WINDOWS\system32\disolada.dll
2008-12-24 05:26:00 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-24 03:50:53 ----D---- C:\WINDOWS\system32\drivers
2008-12-23 23:45:32 ----RD---- C:\Program Files
2008-12-23 23:27:05 ----D---- C:\WINDOWS\Minidump
2008-12-23 23:25:08 ----D---- D:\Documents and Settings\Khw Family\Application Data\uTorrent
2008-12-23 23:09:48 ----SD---- C:\WINDOWS\Tasks
2008-12-19 16:54:44 ----A---- C:\WINDOWS\LEXSTAT.INI
2008-12-18 15:18:13 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 15:17:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 00:19:01 ----D---- C:\WINDOWS\system32\config
2008-12-18 00:18:43 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 00:18:43 ----D---- C:\WINDOWS\Registration
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 22:18:33 ----SHD---- C:\Config.Msi
2008-12-10 22:18:32 ----SHD---- C:\WINDOWS\Installer
2008-12-10 22:18:30 ----D---- D:\Documents and Settings\Khw Family\Application Data\SUPERAntiSpyware.com
2008-12-09 20:07:19 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 19:50:31 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-09 19:50:30 ----RSD---- C:\WINDOWS\assembly
2008-12-09 19:03:27 ----D---- C:\Program Files\Internet Explorer
2008-12-09 19:00:18 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 18:56:34 ----D---- C:\WINDOWS\system32\en-US
2008-12-09 18:56:32 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-09 18:20:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 18:19:02 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 18:17:55 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 18:17:55 ----D---- C:\WINDOWS\ime
2008-12-09 18:17:55 ----D---- C:\WINDOWS\AppPatch
2008-12-09 18:17:54 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 17:57:46 ----D---- C:\Program Files\Messenger
2008-12-09 17:57:32 ----D---- C:\WINDOWS\security
2008-12-09 17:55:14 ----D---- C:\WINDOWS\WinSxS
2008-12-09 17:55:09 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 17:55:09 ----D---- C:\WINDOWS\Help
2008-12-09 17:55:03 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 17:55:02 ----D---- C:\WINDOWS\PeerNet
2008-12-09 17:55:02 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:53:43 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:53:43 ----D---- C:\WINDOWS\system32\npp
2008-12-09 17:53:42 ----D---- C:\WINDOWS\msagent
2008-12-09 17:53:41 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:53:38 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:53:37 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:53:36 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:53:35 ----D---- C:\Program Files\Windows NT
2008-12-09 17:53:35 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:53:33 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:53:24 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 17:53:22 ----D---- C:\WINDOWS\system
2008-12-09 17:45:53 ----RHD---- C:\$VAULT$.AVG
2008-12-09 17:45:49 ----D---- C:\temp
2008-12-09 17:37:23 ----D---- C:\WINDOWS\Debug
2008-12-09 17:20:31 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:15:17 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 16:31:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 04:02:47 ----D---- C:\Program Files\Adobe Photoshop CS3 (Light Version)
2008-12-04 23:19:17 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 21:58:00 ----D---- C:\Program Files\Java
2008-11-29 23:25:25 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-28 11:53:34 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-27 22:44:57 ----D---- D:\Documents and Settings\All Users\Application Data\avg7
2008-11-27 04:25:59 ----D---- D:\Documents and Settings\Khw Family\Application Data\Xfire
2008-11-27 03:45:50 ----D---- C:\Program Files\Xfire
2008-11-27 03:12:57 ----D---- C:\WINDOWS\nview
2008-11-27 03:10:57 ----D---- C:\Program Files\Common Files
2008-11-27 03:06:25 ----D---- C:\WINDOWS\nvidia icons
2008-11-16 00:36:48 ----D---- D:\Documents and Settings\Khw Family\Application Data\Sports Interactive
2008-11-16 00:36:10 ----D---- C:\Program Files\Sports Interactive
2008-11-12 02:49:45 ----D---- C:\Program Files\DivX
2008-10-29 19:03:16 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-01-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-05-13 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-05-13 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-01-28 10760]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-05-23 17801]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-03 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-10-08 25416]
R2 Ndismeetro;Meetro NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\ndismeetro.sys [2005-06-09 34688]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-07-22 68864]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-05 47360]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-10-18 905608]
R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
S1 85dff595;85dff595; C:\WINDOWS\System32\drivers\85dff595.sys []
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ay293vbd;ay293vbd; C:\WINDOWS\system32\drivers\ay293vbd.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-22 13440]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-07-22 55040]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-06-01 95488]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-01-28 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-05-13 49664]
R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver; C:\Program Files\Belkin\F5D7051\WLService.exe [2004-03-29 49152]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-29 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-28 201816]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []

-----------------EOF-----------------


Edited by basima, 24 December 2008 - 12:52 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 24 December 2008 - 02:51 PM

Hi again,
  • Tell me if you have set a proxy and if you know this server:

    inetnum: 83.66.0.0 - 83.66.255.255
    org: ORG-DIES1-RIPE
    netname: TR-DOGAN-20040401
    descr: Dogan Iletisim Elektronik Servis Hizmetleri
    country: TR

  • Open notepad (start-all programs-accessories-notepad). Copy and paste the text in the code box into the notepad.

    @ECHO OFF
    attrib -h -r -s C:\WINDOWS\tasks\pscamvaf.job
    del /q C:\WINDOWS\tasks\pscamvaf.job
    del remove.bat
    • Select save in:desktop
    • Fill in File name: remove.bat
    • Save as type: All file types (*.*)
    • Click Save and close the Notepad.
    • Double-click remove.bat on the desktop.
  • We are going to repair broken file associations.
    • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • The faulty file associations will appear in red beside a checkbox. Just place a checkmark (tick) in the boxes in question.
    • Click the Fix button.

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: {2790989d-743c-6b9b-1594-726abd6c6000} - {0006c6db-a627-4951-b9b6-c347d9890972} - C:\WINDOWS\system32\kslruz.dll
    O4 - HKLM\..\Run: [CPM2bebea32] Rundll32.exe "c:\windows\system32\disolada.dll",a
    O4 - HKUS\S-1-5-19\..\Run: [ruluvofise] Rundll32.exe "C:\WINDOWS\system32\merumebe.dll",s (User 'LOCAL SERVICE')
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O20 - AppInit_DLLs: kslruz.dll C:\WINDOWS\system32\nebiteda.dll c:\windows\system32\disolada.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\disolada.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\disolada.dll


    Optional: The following sites are set to the safe zone. It means that the traffic created by these sites won't be checked by security checkpoints any more. While these site are safe to visit they might not be safe all the time and their traffic better pass through the security checkpoint. If you decided to remove these sites from the trusted zone check the boxes next to the following entries:

    O15 - Trusted Zone: *.antimalwareguard.com
    O15 - Trusted Zone: *.antispyexpert.com
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.spyguardpro.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusremover2008.com
    O15 - Trusted Zone: *.virusschlacht.com



    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • We need to repair a security related registry item altered by the malware. Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6C,69,00,00
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Reboot your computer. Then open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#5 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 24 December 2008 - 03:04 PM

I am just popping out, so will give it a try later.

But I did not set a proxy to that server. Dont even know how and never seen that website before.

Also do you have a link where I can get HiJackThis please?

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 24 December 2008 - 05:13 PM

  • Reset the LAN settings:
    • Open Internet Explorer. When it is open click on Tools and then Internet Options.
    • under connections tab - click LAN settings - all the following items should be unchecked:
    • Automatically detect settings
    • Use automatic configuration script
    • Use a proxy server for your LAN
  • You have already Hijackthis. To run Hijackthis double-click this file: C:\Program Files\trend micro\Khw Family.exe

    You can also make a shortcut by right-clicking the file > select Send to > Desktop

  • When doing the step 4 fix also this line with Hijackthis if still existed:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.66.73.6:3128

Edited by farbar, 25 December 2008 - 05:51 AM.


#7 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 24 December 2008 - 11:40 PM

1. I reseted the lan settings and went to internet options, but those items were unchecked already.

and I couldn't find "R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.66.73.6:3128" in HJT.

2.

mbam log

Malwarebytes' Anti-Malware 1.31
Database version: 1542
Windows 5.1.2600 Service Pack 3

25/12/2008 03:02:25
mbam-log-2008-12-25 (03-02-25).txt

Scan type: Quick Scan
Objects scanned: 79212
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\disolada.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2bebea32 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\disolada.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\disolada.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yumafofa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afofamuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\disolada.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jayosuto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delejome.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\Family Account\Local Settings\Temporary Internet Files\Content.IE5\U82882CE\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.


combofix log

ComboFix 08-12-24.01 - Khw Family 2008-12-25 3:28:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2569 [GMT 0:00]
Running from: d:\documents and settings\Khw Family\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\IE4 Error Log.txt
c:\windows\system32\bb1.dat
c:\windows\system32\bkiiruom.ini
c:\windows\system32\kslruz.dll
c:\windows\system32\momoityu.dll
c:\windows\system32\pxvabpdg.dll
d:\docume~1\KHW~1\LOCALS~1\Temp\tmp2.tmp
d:\documents and settings\Khw Family\Application Data\inst.exe
d:\documents and settings\Khw Family\Local Settings\Temporary Internet Files\fbk.sts

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-18 16:05 . 2008-12-18 16:05 <DIR> d-------- C:\rsit
2008-12-18 16:05 . 2008-12-25 02:43 <DIR> d-------- c:\program files\trend micro
2008-12-18 00:43 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 00:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-18 00:18 . 2008-12-18 01:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 00:03 . 2008-12-18 00:18 <DIR> d---s---- d:\documents and settings\NetworkService.NT AUTHORITY.002
2008-12-18 00:03 . 2008-12-18 00:18 <DIR> d---s---- d:\documents and settings\LocalService.NT AUTHORITY.002
2008-12-17 17:27 . 2008-12-18 00:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2)
2008-12-10 22:18 . 2008-12-10 22:18 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-09 19:06 . 2008-12-09 19:06 482 --a------ c:\windows\system32\edl.dat
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\en
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\bits
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\l2schemas
2008-12-09 17:53 . 2008-12-09 17:53 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 17:49 . 2008-12-09 17:49 <DIR> d-------- c:\windows\EHome
2008-12-09 17:45 . 2008-12-09 17:45 <DIR> d-------- c:\windows\system32\up
2008-12-09 17:45 . 2008-12-09 17:45 <DIR> d-------- c:\windows\system32\ma1
2008-12-09 16:54 . 2008-12-09 17:15 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-09 16:31 . 2008-12-09 16:31 <DIR> d-------- c:\program files\Rockstar Games
2008-12-05 18:58 . 2008-12-05 18:58 <DIR> d-------- d:\documents and settings\Khw Family\Application Data\dvdcss
2008-12-05 18:41 . 2008-12-05 18:41 <DIR> d-------- d:\documents and settings\All Users\Application Data\vsosdk
2008-12-05 03:42 . 2008-12-05 18:58 <DIR> d-------- d:\documents and settings\Khw Family\Application Data\Vso
2008-12-05 03:42 . 2008-12-05 03:42 <DIR> d-------- c:\program files\VSO
2008-12-05 03:42 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-12-05 03:42 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-12-05 03:42 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-12-05 03:42 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-12-05 03:42 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-12-05 03:42 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-12-05 03:42 . 2008-12-05 03:42 47,360 --a------ d:\documents and settings\Khw Family\Application Data\pcouffin.sys
2008-12-05 03:42 . 2008-12-05 03:42 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-29 23:04 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-29 23:04 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-29 23:03 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-29 23:03 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-29 23:03 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-29 23:03 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-29 23:03 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-27 03:11 . 2008-11-27 03:11 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-27 03:11 . 2008-11-27 03:11 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-27 03:10 . 2008-12-10 22:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-27 03:10 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-27 03:10 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-27 03:10 . 2008-12-25 03:36 201,151 --a------ c:\windows\system32\nvapps.xml
2008-11-27 03:10 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-27 03:06 . 2008-11-27 03:06 <DIR> d-------- d:\documents and settings\Khw Family\Application Data\nView_Wallpaper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 23:25 --------- d-----w d:\documents and settings\Khw Family\Application Data\uTorrent
2008-12-23 03:04 3,532 ----a-w C:\drmHeader.bin
2008-12-13 10:34 91,440 ----a-w d:\documents and settings\Family Account\Application Data\GDIPFONTCACHEV1.DAT
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:18 --------- d-----w d:\documents and settings\Khw Family\Application Data\SUPERAntiSpyware.com
2008-12-09 16:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 04:02 --------- d-----w c:\program files\Adobe Photoshop CS3 (Light Version)
2008-12-04 23:19 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-12-02 21:58 --------- d-----w c:\program files\Java
2008-11-29 23:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-28 11:53 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-28 11:53 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 22:44 --------- d-----w d:\documents and settings\All Users\Application Data\avg7
2008-11-27 04:25 --------- d-----w d:\documents and settings\Khw Family\Application Data\Xfire
2008-11-27 03:45 --------- d-----w c:\program files\Xfire
2008-11-24 21:46 --------- d-----w c:\program files\YouTube Downloader
2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-11-16 00:36 --------- d-----w d:\documents and settings\Khw Family\Application Data\Sports Interactive
2008-11-16 00:36 --------- d-----w c:\program files\Sports Interactive
2008-11-16 00:33 --------- d-----w d:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-12 02:49 --------- d-----w c:\program files\DivX
2008-11-10 16:47 --------- d-----w d:\documents and settings\Family Account\Application Data\SUPERAntiSpyware.com
2008-11-10 16:41 --------- d-----w d:\documents and settings\Family Account\Application Data\Malwarebytes
2008-11-10 05:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-29 19:03 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-10-29 19:03 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-29 19:03 22,328 ----a-w d:\documents and settings\Khw Family\Application Data\PnkBstrK.sys
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 729,088 ----a-w c:\windows\system32\nsf1E.tmp
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-28 17:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\nsq1D.tmp
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-08-26 08:19 23 ----a-w d:\documents and settings\Family Account\jagex_runescape_preferences.dat
2007-09-06 17:01 75,144 ----a-w d:\documents and settings\Khw Family\Application Data\GDIPFONTCACHEV1.DAT
2006-03-28 19:23 0 ----a-w d:\documents and settings\Khw Family\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-01-28 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-01-28 219136]

d:\documents and settings\Khw Family\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-05-23 45056]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-05-03 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Khw Family^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=d:\documents and settings\Khw Family\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 14:00 208952 c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
--a------ 2005-10-31 00:58 602112 c:\progra~1\Ahead\NEROTO~1\DRIVES~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-05-11 13:48 127118 c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--------- 2005-11-17 09:51 975360 c:\apps\SMP\SMPSYS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-21 15:24 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-10-18 12:14 557056 c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"d:\\Documents and Settings\\Khw Family\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\utorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\AutoPlay\\programas\\dcc26\\DCC.exe"=
"d:\\Documents and Settings\\Khw Family\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6887:TCP"= 6887:TCP:msnmsgr

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S1 85dff595;85dff595;c:\windows\system32\drivers\85dff595.sys []
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-AzMixerSel - c:\program files\Realtek\InstallShield\AzMixerSel.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\KooPlayer.ocx - O16 -: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79}
hxxp://www.vivitv.com/KooPlayer.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 03:35:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Belkin\F5D7051\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\F5D7051\WLanCfgG.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Lexmark X5100 Series\lxbabmon.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\progra~1\Webshots\webshots.scr
.
**************************************************************************
.
Completion time: 2008-12-25 3:38:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-25 03:38:19

Pre-Run: 3,796,967,424 bytes free
Post-Run: 3,767,771,136 bytes free

336 --- E O F --- 2008-12-18 15:18:17


Fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:40:56, on 25/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\trend micro\Khw Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8736 bytes


3.

Everything went well, until after the combofix. After rebooting my pc and going back into windows I got the blue screen of death. I then had to do a hard reset. Logged back into windows, then my screen froze and couldn't get task manager up, so had to reset again. I then finally logged on and got a new HJT log.

Seems to be alright now. And now IE has stopped reverting back to "accepting all cookies", and no signs of pop-up so far.

Edited by basima, 24 December 2008 - 11:47 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 25 December 2008 - 07:48 AM

Thanks for feedback.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • If you have any external storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) have them ready for disinfection even if you don't use them so often. Connect them when it is asked to. Leave them connected when runnig combofix. If you don't have them skip the step with Flash-disinfector.

  • I see the traces of Symantec/Norton product on your log. Do you still using any Symantec product. You have still some leftovers from an incomplete uninstalled Norton Antivirus on your computer.

    To remove the leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection

    Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore

    How do I turn off Autoplay in Windows XP for my external hard drive?
    • Open My Computer.
    • Right click on the drive letter assigned to your external drive.
    • Choose properties.
    • Click on the Autoplay tab.
    • Click the "Select an action to perform" option.
    • Choose "Take no action."
    • Click OK .
  • Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/187524/your-computer-might-be-at-risk-help/?p=1060131
    
    Collect::[4]
    c:\windows\system32\drivers\85dff595.sys
    C:\WINDOWS\system32\merumebe.dll
    
    Driver::
    85dff595
    
    File::
    E:\Autorun.exe

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • AVG 7 is outdated. You need protection from an updated Antivirus.

    Visit http://free.avg.com/download?prd=afe to download AVG 8 setup file to your desktop. Don't install it yet.
    • Go to Add/Remove programs and uninstall AVG 7.
    • Reboot.
    • Double click the downloaded setup file to Install AVG 8 then update it.
    • On the left side click Computer scanner and select Scan whole computer.
    • When the scan finished under Result Overview tap at the end of scan result click Export overview to file
    • Select File Type: All files Name:scan.txt and save it on your desktop.
    • Under Warnings tap press Remove all unhealed infections. Then close the application.
    • Copy/paste the content of scan.txt located on your desktop to your reply.

Please copy/paste in your next reply:
  • The Combofix log.
  • The AVG 8 log.
  • Any comment or feedback about how it went.


#9 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 25 December 2008 - 02:28 PM

Combofix log

ComboFix 08-12-24.01 - Khw Family 2008-12-25 17:15:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2548 [GMT 0:00]
Running from: d:\documents and settings\Khw Family\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Khw Family\Desktop\CFScript.txt
* Created a new restore point

FILE ::
E:\Autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.exe . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_85dff595


((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-25 16:52 . 2008-12-25 16:52 <DIR> d-------- d:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-18 16:05 . 2008-12-18 16:05 <DIR> d-------- C:\rsit
2008-12-18 16:05 . 2008-12-25 04:21 <DIR> d-------- c:\program files\trend micro
2008-12-18 00:43 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 00:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-18 00:18 . 2008-12-18 01:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 00:03 . 2008-12-18 00:18 <DIR> d---s---- d:\documents and settings\NetworkService.NT AUTHORITY.002
2008-12-18 00:03 . 2008-12-18 00:18 <DIR> d---s---- d:\documents and settings\LocalService.NT AUTHORITY.002
2008-12-17 17:27 . 2008-12-18 00:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2)
2008-12-10 22:18 . 2008-12-10 22:18 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-09 19:06 . 2008-12-09 19:06 482 --a------ c:\windows\system32\edl.dat
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\en
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\bits
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\l2schemas
2008-12-09 17:53 . 2008-12-09 17:53 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 17:49 . 2008-12-09 17:49 <DIR> d-------- c:\windows\EHome
2008-12-09 17:45 . 2008-12-09 17:45 <DIR> d-------- c:\windows\system32\up
2008-12-09 17:45 . 2008-12-09 17:45 <DIR> d-------- c:\windows\system32\ma1
2008-12-09 16:54 . 2008-12-09 17:15 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-09 16:31 . 2008-12-09 16:31 <DIR> d-------- c:\program files\Rockstar Games
2008-12-05 18:58 . 2008-12-05 18:58 <DIR> d-------- d:\documents and settings\Khw Family\Application Data\dvdcss
2008-12-05 18:41 . 2008-12-05 18:41 <DIR> d-------- d:\documents and settings\All Users\Application Data\vsosdk
2008-12-05 03:42 . 2008-12-05 18:58 <DIR> d-------- d:\documents and settings\Khw Family\Application Data\Vso
2008-12-05 03:42 . 2008-12-05 03:42 <DIR> d-------- c:\program files\VSO
2008-12-05 03:42 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-12-05 03:42 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-12-05 03:42 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-12-05 03:42 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-12-05 03:42 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-12-05 03:42 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-12-05 03:42 . 2008-12-05 03:42 47,360 --a------ d:\documents and settings\Khw Family\Application Data\pcouffin.sys
2008-12-05 03:42 . 2008-12-05 03:42 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-29 23:04 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-29 23:04 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-29 23:03 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-29 23:03 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-29 23:03 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-29 23:03 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-29 23:03 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-27 03:11 . 2008-11-27 03:11 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-27 03:11 . 2008-11-27 03:11 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-27 03:10 . 2008-12-10 22:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-27 03:10 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-27 03:10 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-27 03:10 . 2008-12-25 17:21 201,151 --a------ c:\windows\system32\nvapps.xml
2008-11-27 03:10 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-27 03:06 . 2008-11-27 03:06 <DIR> d-------- d:\documents and settings\Khw Family\Application Data\nView_Wallpaper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 23:25 --------- d-----w d:\documents and settings\Khw Family\Application Data\uTorrent
2008-12-23 03:04 3,532 ----a-w C:\drmHeader.bin
2008-12-13 10:34 91,440 ----a-w d:\documents and settings\Family Account\Application Data\GDIPFONTCACHEV1.DAT
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 22:18 --------- d-----w d:\documents and settings\Khw Family\Application Data\SUPERAntiSpyware.com
2008-12-09 16:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 04:02 --------- d-----w c:\program files\Adobe Photoshop CS3 (Light Version)
2008-12-04 23:19 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-12-02 21:58 --------- d-----w c:\program files\Java
2008-11-29 23:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-28 11:53 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-28 11:53 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 22:44 --------- d-----w d:\documents and settings\All Users\Application Data\avg7
2008-11-27 04:25 --------- d-----w d:\documents and settings\Khw Family\Application Data\Xfire
2008-11-27 03:45 --------- d-----w c:\program files\Xfire
2008-11-24 21:46 --------- d-----w c:\program files\YouTube Downloader
2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-11-16 00:36 --------- d-----w d:\documents and settings\Khw Family\Application Data\Sports Interactive
2008-11-16 00:36 --------- d-----w c:\program files\Sports Interactive
2008-11-16 00:33 --------- d-----w d:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-12 02:49 --------- d-----w c:\program files\DivX
2008-11-10 16:47 --------- d-----w d:\documents and settings\Family Account\Application Data\SUPERAntiSpyware.com
2008-11-10 16:41 --------- d-----w d:\documents and settings\Family Account\Application Data\Malwarebytes
2008-11-10 05:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-29 19:03 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-10-29 19:03 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-29 19:03 22,328 ----a-w d:\documents and settings\Khw Family\Application Data\PnkBstrK.sys
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 729,088 ----a-w c:\windows\system32\nsf1E.tmp
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-28 17:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\nsq1D.tmp
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-08-26 08:19 23 ----a-w d:\documents and settings\Family Account\jagex_runescape_preferences.dat
2007-09-06 17:01 75,144 ----a-w d:\documents and settings\Khw Family\Application Data\GDIPFONTCACHEV1.DAT
2006-03-28 19:23 0 ----a-w d:\documents and settings\Khw Family\Application Data\wklnhst.dat

((((((((((((((((((((((((((((( snapshot@2008-12-25_ 3.37.50.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-25 17:19:48 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_174.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-01-28 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-01-28 219136]

d:\documents and settings\Khw Family\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-05-23 45056]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-05-03 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Khw Family^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=d:\documents and settings\Khw Family\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 14:00 208952 c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
--a------ 2005-10-31 00:58 602112 c:\progra~1\Ahead\NEROTO~1\DRIVES~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-05-11 13:48 127118 c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--------- 2005-11-17 09:51 975360 c:\apps\SMP\SMPSYS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-21 15:24 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-10-18 12:14 557056 c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"d:\\Documents and Settings\\Khw Family\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\utorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\AutoPlay\\programas\\dcc26\\DCC.exe"=
"d:\\Documents and Settings\\Khw Family\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6887:TCP"= 6887:TCP:msnmsgr

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\KooPlayer.ocx - O16 -: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79}
hxxp://www.vivitv.com/KooPlayer.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 17:20:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\explorer.exe [2196] 0x8A2F9020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Belkin\F5D7051\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\F5D7051\WLanCfgG.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Lexmark X5100 Series\lxbabmon.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Webshots\webshots.scr
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-12-25 17:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-25 17:23:33
ComboFix2.txt 2008-12-25 03:38:28

Pre-Run: 3,753,447,424 bytes free
Post-Run: 3,734,228,992 bytes free

327 --- E O F --- 2008-12-18 15:18:17


AVG log

"Scan ""Scan whole computer"" was finished."
"Infections found:";"1"
"Infected objects removed or healed:";"1"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"132"
"Information count:";"0"
"Scan started:";"25 December 2008, 17:47:56"
"Scan finished:";"25 December 2008, 18:48:42 (1 hour(s) 46 second(s))"
"Total object scanned:";"803008"
"User who launched the scan:";"Khw Family"

"Infections"
"File";"Infection";"Result"
"C:\Program Files\trend micro\backups\backup-20081225-024314-501.dll";"Trojan horse Generic12.ADHR";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"D:\Documents and Settings\Family Account\Cookies\family_account@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adrevolver[2].txt:\adrevolver.com.4a719aa9";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adrevolver[2].txt:\adrevolver.com.92d7017e";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adrevolver[2].txt:\adrevolver.com.ae595d8";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adrevolver[2].txt:\adrevolver.com.b595d4db";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adtech[1].txt";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@adtech[1].txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@advertising[2].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@doubleclick[2].txt:\doubleclick.net.ce59db3e";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@media.adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@media.adrevolver[2].txt:\media.adrevolver.com.2be00b0";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@media.adrevolver[2].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@pro-market[1].txt";"Found Tracking cookie.Pro-market";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@pro-market[1].txt:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@questionmarket[1].txt:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@revsci[2].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@revsci[2].txt:\revsci.net.b8d48360";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@statse.webtrendslive[1].txt";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.67bdf9b9";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Family Account\Cookies\family_account@zedo[1].txt:\zedo.com.f462b69f";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adbrite[2].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adrevolver[2].txt:\adrevolver.com.4a719aa9";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adrevolver[2].txt:\adrevolver.com.b595d4db";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adtech[1].txt";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adtech[1].txt:\adtech.de.6157efde";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adtech[1].txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adviva[1].txt";"Found Tracking cookie.Adviva";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@adviva[1].txt:\adviva.net.39ec90c";"Found Tracking cookie.Adviva";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@bs.serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@fastclick[1].txt";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@fastclick[1].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@fastclick[1].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@fastclick[1].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@googleadservices[1].txt";"Found Tracking cookie.Googleadservices";"Potentially dangerous object"
"D:\Documents and Settings\KhwFamily\Cookies\khw_family@googleadservices[1].txt:\googleadservices.com.d120a313";"Found Tracking cookie.Googleadservices";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@m.webtrends[2].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@media.adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@media.adrevolver[2].txt:\media.adrevolver.com.2be00b0";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@media.adrevolver[2].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@mediaplex[2].txt:\mediaplex.com.ab37cbaa";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@revsci[1].txt:\revsci.net.80ab30e9";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@tradedoubler[2].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@tradedoubler[2].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@tradedoubler[2].txt:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@tradedoubler[2].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@tribalfusion[1].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.67bdf9b9";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.ce59db3e";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"D:\Documents and Settings\Khw Family\Cookies\khw_family@zedo[1].txt:\zedo.com.f462b69f";"Found Tracking cookie.Zedo";"Potentially dangerous object"


Everything went smoothly so far.

Edit:

On a side note I also realised something else. I have a guest account on my pc, and when I just tried to log on I got three separate rundll errors.

"Error loading
c:\windows\system32\disolada.dll
The specifide module could not be found."

Same for:
c:\windows\system32\jayosuto.dll
c:\windows\system32\yumafofa.dll

And after I got a clean mbam scan on the main account, I also did an mbam scan in the guest account and got this log.

Malwarebytes' Anti-Malware 1.31
Database version: 1542
Windows 5.1.2600 Service Pack 3

25/12/2008 19:39:54
mbam-log-2008-12-25 (19-39-54).txt

Scan type: Quick Scan
Objects scanned: 56352
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ruluvofise (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28d8d9ae (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2bebea32 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Edited by basima, 25 December 2008 - 02:53 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 25 December 2008 - 08:18 PM

Thanks for the feedback. The items found by MBAM on guest account were just registry leftovers. They could not pose any threat as the actual files were already removed.

We are going to find and remove those error messages related to the missing DLLs. Those DLLs are removed malware files with registry leftovers calling the DLLs to run.
  • Tell me what is on E drive (DVD/CD-ROM or extenal drive, etc?).

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Put a copy of rsit.exe on C drive. Boot into the Guest account. Run rsit and post the log.txt (the main log)

  • If you still get those DLLs missing errors download regsearch.zip by Bobbi Flekman and Save it to your desktop.
    • Extract it to your desktop. It will extract the zip file to a folder named regsearch.
    • Open the folder and double click regsearch.exe to start the program.
    • Type jayosuto.dll in the first line of upper window.
    • Type yumafofa.dll in the second line of upper window.
    • Type disolada.dll in the third line of upper window.
    • Click "OK" and Registry Search will search the Registry and report what it finds.
    • Copy and paste the result into your next reply.
    Note: The search takes a while. If you get notifications of access violation click Ok as many times as it needed.


#11 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 25 December 2008 - 10:39 PM

Hiya again.

1. On my E-drive is a game BF2142 dvd-rom.

2. Ran cc cleaner with no problems.

3. rsit log from guest account

Logfile of random's system information tool 1.05 (written by random/random)
Run by Khw Family at 2008-12-26 03:29:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (8%) free of 41 GB
Total RAM: 3071 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:29:21, on 26/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
D:\Documents and Settings\Family Account\My Documents\RSIT.exe
C:\Program Files\trend micro\Khw Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-21-412814699-107538841-203389980-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Family Account')
O4 - HKUS\S-1-5-21-412814699-107538841-203389980-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Family Account')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8611 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-25 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"=C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-25 1397760]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-25 1261336]
"LexPPS.exe"=C:\WINDOWS\system32\lexpps.exe [2003-02-28 174592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-29 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE [2005-10-31 602112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2005-10-18 557056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-21 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\IMX3LA~1.EXE [2006-06-08 1871872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Khw Family^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

D:\Documents and Settings\Khw Family\Start Menu\Programs\Startup
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"D:\Documents and Settings\Khw Family\Application Data\SopCast\adv\SopAdver.exe"="D:\Documents and Settings\Khw Family\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\Documents and Settings\Khw Family\My Documents\utorrent.exe"="D:\Documents and Settings\Khw Family\My Documents\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Documents and Settings\Khw Family\My Documents\AutoPlay\programas\dcc26\DCC.exe"="D:\Documents and Settings\Khw Family\My Documents\AutoPlay\programas\dcc26\DCC.exe:*:Enabled:Dreambox Control Center"
"D:\Documents and Settings\Khw Family\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="D:\Documents and Settings\KhwFamily\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"D:\Documents and Settings\Khw Family\My Documents\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe"="D:\Documents and Settings\Khw Family\My Documents\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2008-12-26 03:23:09 ----D---- C:\Program Files\CCleaner
2008-12-25 19:40:21 ----SHD---- C:\RECYCLER
2008-12-25 18:23:09 ----HD---- C:\$AVG8.VAULT$
2008-12-25 17:39:47 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-25 17:39:31 ----D---- D:\Documents and Settings\All Users\Application Data\avg8
2008-12-25 17:39:31 ----D---- C:\Program Files\AVG
2008-12-25 17:23:42 ----A---- C:\ComboFix.txt
2008-12-25 16:59:26 ----RASHD---- C:\autorun.inf
2008-12-25 16:52:22 ----D---- D:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-25 03:27:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-25 03:27:03 ----D---- C:\Qoobox
2008-12-23 23:15:11 ----A---- C:\WINDOWS\system32\23fb1dd0-.txt
2008-12-18 16:05:04 ----D---- C:\Program Files\trend micro
2008-12-18 16:05:03 ----D---- C:\rsit
2008-12-18 00:18:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 20:25:57 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-17 17:27:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(2)
2008-12-10 22:18:30 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-09 19:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 18:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 18:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 18:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 18:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 18:18:24 ----D---- C:\WINDOWS\Prefetch
2008-12-09 17:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 17:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 17:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 17:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 17:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 17:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 17:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 17:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 17:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 17:58:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-09 17:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 17:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-09 17:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 17:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 17:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 17:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 17:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 17:55:03 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 17:55:03 ----D---- C:\WINDOWS\l2schemas
2008-12-09 17:55:02 ----D---- C:\WINDOWS\system32\en
2008-12-09 17:55:02 ----D---- C:\WINDOWS\system32\bits
2008-12-09 17:53:47 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 17:49:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 17:49:46 ----D---- C:\WINDOWS\EHome
2008-12-09 17:46:28 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 17:46:26 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 17:46:26 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 17:46:25 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 17:46:25 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 17:46:24 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 17:46:23 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 17:46:23 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 17:46:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 17:46:21 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 17:46:19 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 17:46:19 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 17:46:18 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 17:46:18 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 17:46:14 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-09 17:46:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 17:46:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 17:46:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 17:46:06 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 17:46:06 ----A---- C:\WINDOWS\002927_.tmp
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 17:46:05 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 17:46:04 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 17:46:02 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 17:46:01 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 17:46:00 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 17:45:48 ----D---- C:\WINDOWS\system32\up
2008-12-09 17:45:48 ----D---- C:\WINDOWS\system32\ma1
2008-12-09 16:56:12 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 16:54:16 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2008-12-09 16:31:06 ----D---- C:\Program Files\Rockstar Games
2008-12-05 18:58:57 ----D---- D:\Documents and Settings\Khw Family\Application Data\dvdcss
2008-12-05 18:41:34 ----D---- D:\Documents and Settings\All Users\Application Data\vsosdk
2008-12-05 03:42:11 ----D---- D:\Documents and Settings\Khw Family\Application Data\Vso
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv43260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv33260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\drv23260.dll
2008-12-05 03:42:06 ----A---- C:\WINDOWS\system32\cook3260.dll
2008-12-05 03:42:05 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-12-05 03:42:05 ----A---- C:\WINDOWS\gdiplus.dll
2008-12-05 03:42:04 ----D---- C:\Program Files\VSO
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 21:58:13 ----A---- C:\WINDOWS\system32\java.exe
2008-11-29 23:04:00 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-11-29 23:04:00 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-11-29 23:03:59 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-11-29 23:03:58 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-11-29 23:03:58 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-11-29 23:03:57 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-11-29 23:03:56 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-11-27 03:11:13 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-27 03:11:12 ----D---- C:\Program Files\AGEIA Technologies
2008-11-27 03:10:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-27 03:10:43 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-27 03:10:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-27 03:06:14 ----D---- D:\Documents and Settings\Khw Family\Application Data\nView_Wallpaper
2008-11-24 21:46:16 ----D---- C:\Program Files\YouTube Downloader
2008-11-20 20:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-11-16 00:33:22 ----D---- D:\Documents and Settings\All Users\Application Data\Sports Interactive
2008-11-13 04:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-13 04:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-09 03:14:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-06 00:53:16 ----D---- C:\WINDOWS\system32\xlive
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-11-04 01:09:19 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-11-04 01:09:18 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-11-04 01:09:18 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-11-04 01:09:17 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-04 01:09:17 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-04 01:09:16 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-04 01:09:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-04 01:07:34 ----D---- C:\WINDOWS\Logs
2008-10-29 19:03:16 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 22:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-28 22:35:50 ----A---- C:\WINDOWS\system32\nsf1E.tmp
2008-10-28 17:41:22 ----A---- C:\WINDOWS\system32\xlive.dll
2008-10-28 17:41:20 ----A---- C:\WINDOWS\system32\xlivefnt.dll
2008-10-28 17:40:48 ----A---- C:\WINDOWS\system32\xlive.dll.cat

======List of files/folders modified in the last 2 months======

2008-12-26 03:29:20 ----D---- C:\WINDOWS\TEMP
2008-12-26 03:23:09 ----RD---- C:\Program Files
2008-12-26 02:56:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-26 02:44:43 ----D---- D:\Documents and Settings\Khw Family\Application Data\uTorrent
2008-12-25 22:41:17 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-25 17:39:47 ----AD---- C:\WINDOWS\system32
2008-12-25 17:39:42 ----D---- C:\WINDOWS\system32\drivers
2008-12-25 17:39:26 ----SHD---- C:\WINDOWS\Installer
2008-12-25 17:38:58 ----SHD---- C:\Config.Msi
2008-12-25 17:38:08 ----D---- C:\WINDOWS
2008-12-25 17:33:49 ----D---- C:\WINDOWS\system
2008-12-25 17:23:21 ----D---- C:\WINDOWS\erdnt
2008-12-25 17:22:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-25 17:20:37 ----A---- C:\WINDOWS\system.ini
2008-12-25 17:18:13 ----D---- C:\WINDOWS\system32\config
2008-12-25 17:17:02 ----D---- C:\WINDOWS\AppPatch
2008-12-25 17:17:02 ----D---- C:\Program Files\Common Files
2008-12-25 03:28:36 ----D---- C:\temp
2008-12-25 02:31:03 ----SD---- C:\WINDOWS\Tasks
2008-12-24 16:36:42 ----HD---- C:\WINDOWS\inf
2008-12-24 16:36:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-24 13:25:41 ----D---- C:\WINDOWS\system32\Adobe
2008-12-23 23:27:05 ----D---- C:\WINDOWS\Minidump
2008-12-19 16:54:44 ----A---- C:\WINDOWS\LEXSTAT.INI
2008-12-18 15:18:13 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 15:17:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 00:18:43 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 00:18:43 ----D---- C:\WINDOWS\Registration
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 22:18:30 ----D---- D:\Documents and Settings\Khw Family\Application Data\SUPERAntiSpyware.com
2008-12-09 20:07:19 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 19:50:31 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-09 19:50:30 ----RSD---- C:\WINDOWS\assembly
2008-12-09 19:03:27 ----D---- C:\Program Files\Internet Explorer
2008-12-09 19:00:18 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 18:56:34 ----D---- C:\WINDOWS\system32\en-US
2008-12-09 18:56:32 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-09 18:20:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 18:19:02 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 18:17:55 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 18:17:55 ----D---- C:\WINDOWS\ime
2008-12-09 18:17:54 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 17:57:46 ----D---- C:\Program Files\Messenger
2008-12-09 17:57:32 ----D---- C:\WINDOWS\security
2008-12-09 17:55:14 ----D---- C:\WINDOWS\WinSxS
2008-12-09 17:55:09 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 17:55:09 ----D---- C:\WINDOWS\Help
2008-12-09 17:55:03 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 17:55:02 ----D---- C:\WINDOWS\PeerNet
2008-12-09 17:55:02 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:53:43 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:53:43 ----D---- C:\WINDOWS\system32\npp
2008-12-09 17:53:42 ----D---- C:\WINDOWS\msagent
2008-12-09 17:53:41 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:53:38 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:53:37 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:53:36 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:53:35 ----D---- C:\Program Files\Windows NT
2008-12-09 17:53:35 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:53:33 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:53:24 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 17:37:23 ----D---- C:\WINDOWS\Debug
2008-12-09 17:15:17 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 16:31:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 04:02:47 ----D---- C:\Program Files\Adobe Photoshop CS3 (Light Version)
2008-12-04 23:19:17 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 21:58:00 ----D---- C:\Program Files\Java
2008-11-29 23:25:25 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-28 11:53:34 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-27 04:25:59 ----D---- D:\Documents and Settings\Khw Family\Application Data\Xfire
2008-11-27 03:45:50 ----D---- C:\Program Files\Xfire
2008-11-27 03:12:57 ----D---- C:\WINDOWS\nview
2008-11-27 03:06:25 ----D---- C:\WINDOWS\nvidia icons
2008-11-16 00:36:48 ----D---- D:\Documents and Settings\Khw Family\Application Data\Sports Interactive
2008-11-16 00:36:10 ----D---- C:\Program Files\Sports Interactive
2008-11-12 02:49:45 ----D---- C:\Program Files\DivX
2008-10-29 19:03:16 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-25 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-25 26824]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-05-23 17801]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-03 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-10-08 25416]
R2 Ndismeetro;Meetro NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\ndismeetro.sys [2005-06-09 34688]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-07-22 68864]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-05 47360]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-10-18 905608]
R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
S3 aqwttixm;aqwttixm; C:\WINDOWS\system32\drivers\aqwttixm.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-22 13440]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-07-22 55040]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-06-01 95488]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-25 231704]
R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver; C:\Program Files\Belkin\F5D7051\WLService.exe [2004-03-29 49152]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-29 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-28 201816]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------



4. Didn't need to do this as the DLL's missing errors stopped coming after the mbam scan.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 26 December 2008 - 05:50 AM

The log looks clean. :thumbsup:
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:
    Sunbelt-Kerio
    (Note: You install the Sunbelt trial version but after the trial period it will revert back to free version.)

    Comodo Firewall Pro
    Note: If you decide to install Comodo, while installing uncheck the option related to Ask Toolbar.

    Online Armor Free edition

  • I recommend using Site Advisor for safe surfing. It is an extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how save a site is: http://www.siteadvisor.com/

  • I recommend installing this small application for safe surfing. Install Javacools© SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link here.

Do you have any question before we close the topic.

#13 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 26 December 2008 - 08:11 PM

Cool.

1. Which firewall program would you recommend is better from the ones you showed me? Also do I switch off the windows firewall once installed?

2. Do you recommend that I set up a new system restore point? Incase I need it in the future.

3. One last thing. I want to try and reduce the number of non-critical processes I have running from start-up. How would I go about doing that please?

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 26 December 2008 - 09:56 PM

1. Which firewall program would you recommend is better from the ones you showed me? Also do I switch off the windows firewall once installed?


I have listed then in the order of my preference.

2. Do you recommend that I set up a new system restore point? Incase I need it in the future.


Combofix has already done that.

3. One last thing. I want to try and reduce the number of non-critical processes I have running from start-up. How would I go about doing that please?


Good question, I recommend you to do following:

You can install an application handling startup entries to disable those entries.

Good applications handling startup entries:

1. Startup Inspector for Windows for both novice and expert user: http://www.windowsstartup.com/startupinspector.php : It helps manage Windows® startup applications.

2. Startup Control Panel with easier interface than Autoruns: http://www.mlin.net/StartupCPL.shtml

4. Autoruns for more advanced users:http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

You may then consult Bleeping Computer Startup Programs Database and decide for yourself. Just fill in the startup file (filename.exe or filename.dll) at the end of Hijackthis 04 entries and click search.

Do you have any question ?

#15 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 27 December 2008 - 01:22 AM

Sorry to be a real pain again.

But I decided to try and see if my system restore works. So I made a system resore point and then reverted back to one from yesterday.

Then when windows loaded up again. It didn't confirm the restoration.

Now my whole pc is looks completly different and not working properly when it booted up. :thumbsup: \

Windows explorer is now in a different font and my settings gone. Desktop background is blue.

Most of the icons in the lower right tray have gone and all my shortcuts on the start menu. And everything is listed alphabetically.

It seems to not have loaded my personal settings or something. I logged into the guest account and it is fine and nothing has changed on there.

My pc is also running slower and more erratic.

I tried to undo the restore point, but the option wasn't there. And the only restore point is the one just made before the problematic one, so doesn't help.



Sorry to be a real hassle, but I can't figure out what happened and would be really grateful if you can help me.

Edited by basima, 27 December 2008 - 01:29 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users