Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Easydecrypter, and bad late night decisions...


  • Please log in to reply
5 replies to this topic

#1 Lionheartck

Lionheartck

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 22 December 2008 - 01:52 AM

I downloaded a video file, and it came with a program that was supposed to install the codec needed to watch it. I thought I had all the codecs I needed, but it was late and I just wanted to watch the video. So, I blindly clicked through the installation process before realizing the program was non-functioning once installed.

One google search told me that I had downloaded some malware. I quickly uninstalled it. I then ran spybot, superantispyware, and malwarebyte's anti-malware, combofix, and ccleaner. I cleaned up all the random garbage they found, but my computer seems to always be sending and receiving, even if no programs are open to use the connection. It also has a hard time pulling up web pages sometimes. Kaspersky found nothing.

Did I get rid of it, or am I still infected? Thanks in advance!

Also, I can no longer disable my internet connection. I assume that is also a symptom.

Here's my RSIT Log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Cary at 2008-12-21 22:26:49
Microsoft Windows XP Professional Service Pack 3
System drive D: has 47 GB (60%) free of 78 GB
Total RAM: 1014 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:54 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\IDT\WDM\sttray.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\System32\svchost.exe
d:\program files\idt\intelxpv_v83\wdm\STacSV.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Cary\Desktop\RSIT.exe
D:\Program Files\trend micro\Cary.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Gbridge] "D:\Program Files\Gbridge LLC\Gbridge\pstartw.exe" "D:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe" -autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: µTorrent.lnk = D:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - d:\program files\idt\intelxpv_v83\wdm\STacSV.exe

--
End of file - 5739 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SysTrayApp"=D:\Program Files\IDT\WDM\sttray.exe [2008-05-07 413696]
"EPSON Stylus Photo R200 Series"=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
"GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-18 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"uTorrent"=D:\Program Files\uTorrent\uTorrent.exe [2008-11-10 270128]
"PeerGuardian"=D:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"Gbridge"=D:\Program Files\Gbridge LLC\Gbridge\pstartw.exe [2008-11-22 98024]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648]
"WMPNSCFG"=D:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

D:\Documents and Settings\Cary\Start Menu\Programs\Startup
µTorrent.lnk - D:\Program Files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe"="D:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe:*:Enabled:GBridge"
"D:\Program Files\Gbridge LLC\Gbridge\gbwinvnc.exe"="D:\Program Files\Gbridge LLC\Gbridge\gbwinvnc.exe:*:Enabled:Gbwinvnc"
"D:\Program Files\Gbridge LLC\Gbridge\gbvncviewer.exe"="D:\Program Files\Gbridge LLC\Gbridge\gbvncviewer.exe:*:Enabled:Gbvncviewer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.ini - open - "D:\Program Files\GetDiz\GetDiz.exe" "%1"
.txt - open - "D:\Program Files\GetDiz\GetDiz.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-21 22:17:00 ----SHD---- D:\Config.Msi
2008-12-18 16:51:26 ----D---- D:\WINDOWS\pss
2008-12-18 11:14:51 ----D---- D:\WINDOWS\Sun
2008-12-18 11:13:32 ----A---- D:\WINDOWS\system32\javaws.exe
2008-12-18 11:13:32 ----A---- D:\WINDOWS\system32\javaw.exe
2008-12-18 11:13:32 ----A---- D:\WINDOWS\system32\java.exe
2008-12-18 11:13:32 ----A---- D:\WINDOWS\system32\deploytk.dll
2008-12-18 11:13:12 ----D---- D:\Program Files\Java
2008-12-18 11:12:54 ----D---- D:\Documents and Settings\Cary\Application Data\Sun
2008-12-18 11:07:42 ----D---- D:\Program Files\trend micro
2008-12-18 11:07:41 ----D---- D:\rsit
2008-12-18 10:59:59 ----SHD---- D:\RECYCLER
2008-12-18 10:56:08 ----D---- D:\WINDOWS\temp
2008-12-18 10:56:06 ----A---- D:\ComboFix.txt
2008-12-18 10:51:16 ----A---- D:\WINDOWS\zip.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\VFIND.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\SWXCACLS.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\SWSC.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\SWREG.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\sed.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\NIRCMD.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\grep.exe
2008-12-18 10:51:16 ----A---- D:\WINDOWS\fdsv.exe
2008-12-18 10:51:12 ----D---- D:\ComboFix
2008-12-18 10:50:18 ----A---- D:\WINDOWS\UPGRADE.TXT
2008-12-18 10:50:16 ----D---- D:\WINDOWS\setup.pss
2008-12-18 10:40:24 ----A---- D:\WINDOWS\system32\locate.com
2008-12-18 10:39:54 ----D---- D:\MGtools
2008-12-18 10:32:47 ----A---- D:\WINDOWS\EasyDecrypter v1.12 Uninstall Log.txt
2008-12-18 01:38:31 ----A---- D:\WINDOWS\wininit.ini
2008-12-17 23:55:52 ----D---- D:\WINDOWS\ERDNT
2008-12-17 23:55:52 ----AD---- D:\Qoobox
2008-12-17 23:55:04 ----A---- D:\MGtools.exe
2008-12-17 23:51:51 ----D---- D:\Documents and Settings\Cary\Application Data\Malwarebytes
2008-12-17 23:51:42 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 23:51:42 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 23:50:52 ----D---- D:\Program Files\Spybot - Search & Destroy
2008-12-17 23:50:52 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 23:44:14 ----D---- D:\WINDOWS\system32\appmgmt
2008-12-17 23:33:09 ----A---- D:\WINDOWS\system32\igxprd32.dll
2008-12-17 23:33:08 ----A---- D:\WINDOWS\system32\igxpgd32.dll
2008-12-17 23:33:08 ----A---- D:\WINDOWS\system32\igxpdx32.dll
2008-12-17 23:33:08 ----A---- D:\WINDOWS\system32\igxpdv32.dll
2008-12-17 23:33:08 ----A---- D:\WINDOWS\system32\iglicd32.dll
2008-12-17 23:33:08 ----A---- D:\WINDOWS\system32\igldev32.dll
2008-12-17 23:33:08 ----A---- D:\WINDOWS\system32\igfxCoIn_v4926.dll
2008-12-17 23:33:06 ----D---- D:\WINDOWS\system32\Lang
2008-12-17 23:33:06 ----A---- D:\WINDOWS\system32\igxpun.exe
2008-12-17 23:33:06 ----A---- D:\WINDOWS\system32\difxapi.dll
2008-12-17 23:25:09 ----D---- D:\WINDOWS\EasyDecrypter v1.12
2008-12-17 23:24:53 ----A---- D:\WINDOWS\clean2.bat
2008-12-17 23:24:53 ----A---- D:\WINDOWS\clean.vbs
2008-12-17 19:29:22 ----A---- D:\WINDOWS\system32\wiaaut.dll
2008-12-12 03:04:23 ----HDC---- D:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:02:08 ----HDC---- D:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:01:27 ----HDC---- D:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:01:20 ----HDC---- D:\WINDOWS\$NtUninstallKB956802$
2008-12-10 16:45:18 ----D---- D:\Documents and Settings\Cary\Application Data\teamspeak2
2008-12-10 16:43:55 ----D---- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-10 16:43:49 ----D---- D:\Program Files\SUPERAntiSpyware
2008-12-10 16:43:49 ----D---- D:\Documents and Settings\Cary\Application Data\SUPERAntiSpyware.com
2008-12-10 16:43:29 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2008-12-10 16:43:20 ----D---- D:\Program Files\CCleaner
2008-12-05 03:00:37 ----HDC---- D:\WINDOWS\$NtUninstallKB951978$
2008-12-05 03:00:24 ----HDC---- D:\WINDOWS\$NtUninstallKB954459$
2008-12-05 01:15:21 ----D---- D:\WINDOWS\Prefetch
2008-12-04 23:30:10 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-12-04 23:30:01 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2008-12-04 23:29:54 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-12-04 23:29:44 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-12-04 23:29:35 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-12-04 23:29:22 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2008-12-04 23:29:13 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-12-04 23:29:05 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$
2008-12-04 23:28:57 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$
2008-12-04 23:28:48 ----HDC---- D:\WINDOWS\$NtUninstallKB951698$
2008-12-04 23:28:41 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-04 23:28:30 ----HDC---- D:\WINDOWS\$NtUninstallKB951066$
2008-12-04 23:28:21 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$
2008-12-04 23:28:13 ----HDC---- D:\WINDOWS\$NtUninstallKB950762$
2008-12-04 23:28:05 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$
2008-12-04 23:27:57 ----HDC---- D:\WINDOWS\$NtUninstallKB938464$
2008-12-04 23:22:38 ----D---- D:\WINDOWS\system32\scripting
2008-12-04 23:22:37 ----D---- D:\WINDOWS\l2schemas
2008-12-04 23:22:36 ----D---- D:\WINDOWS\system32\en
2008-12-04 23:22:35 ----D---- D:\WINDOWS\system32\bits
2008-12-04 23:19:18 ----D---- D:\WINDOWS\ServicePackFiles
2008-12-04 23:08:37 ----HDC---- D:\WINDOWS\$NtServicePackUninstall$
2008-11-26 13:33:37 ----A---- D:\WINDOWS\Gbridge.INI
2008-11-26 13:30:37 ----D---- D:\Documents and Settings\Cary\Application Data\Gbridge
2008-11-26 13:30:17 ----D---- D:\Program Files\Gbridge LLC
2008-11-25 22:58:43 ----D---- D:\Program Files\WinSCP
2008-11-25 19:47:49 ----D---- D:\Program Files\FormatFactory
2008-11-24 02:57:25 ----A---- D:\WINDOWS\system32\muweb.dll
2008-11-24 02:57:24 ----A---- D:\WINDOWS\system32\mucltui.dll.mui
2008-11-24 02:57:24 ----A---- D:\WINDOWS\system32\mucltui.dll
2008-11-24 00:42:11 ----A---- D:\WINDOWS\system32\msonpmon.dll
2008-11-24 00:40:35 ----D---- D:\Program Files\Microsoft Works
2008-11-24 00:40:18 ----D---- D:\Program Files\MSBuild
2008-11-24 00:39:45 ----D---- D:\Program Files\Microsoft Visual Studio
2008-11-24 00:39:45 ----D---- D:\Program Files\Common Files\DESIGNER
2008-11-24 00:38:39 ----D---- D:\Program Files\Microsoft.NET
2008-11-24 00:36:21 ----D---- D:\Program Files\Microsoft Visual Studio 8
2008-11-24 00:35:34 ----D---- D:\WINDOWS\SHELLNEW
2008-11-24 00:34:47 ----D---- D:\Program Files\Microsoft Office
2008-11-24 00:34:45 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-24 00:34:04 ----RHD---- D:\MSOCache
2008-11-24 00:30:44 ----D---- D:\Program Files\MagicISO
2008-11-24 00:29:57 ----D---- D:\Program Files\MagicDisc

======List of files/folders modified in the last 1 months======

2008-12-21 22:26:37 ----D---- D:\Documents and Settings\Cary\Application Data\uTorrent
2008-12-21 22:17:21 ----D---- D:\Program Files\Mozilla Firefox
2008-12-21 22:17:02 ----RD---- D:\Program Files
2008-12-21 22:17:02 ----D---- D:\WINDOWS\system32
2008-12-21 22:17:00 ----SHD---- D:\WINDOWS\Installer
2008-12-21 20:13:04 ----D---- D:\WINDOWS
2008-12-18 20:55:56 ----D---- D:\Program Files\PeerGuardian2
2008-12-18 11:00:01 ----D---- D:\WINDOWS\system32\CatRoot2
2008-12-18 10:59:06 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-12-18 10:54:57 ----A---- D:\WINDOWS\system.ini
2008-12-18 10:54:19 ----D---- D:\WINDOWS\system32\drivers
2008-12-18 10:54:18 ----D---- D:\WINDOWS\AppPatch
2008-12-18 10:54:18 ----D---- D:\Program Files\Common Files
2008-12-18 03:00:48 ----HD---- D:\WINDOWS\inf
2008-12-18 03:00:45 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-12-18 03:00:35 ----HD---- D:\WINDOWS\$hf_mig$
2008-12-18 00:00:56 ----D---- D:\WINDOWS\Debug
2008-12-17 23:33:08 ----DC---- D:\WINDOWS\system32\DRVSTORE
2008-12-17 07:48:15 ----A---- D:\WINDOWS\avisplitter.ini
2008-12-15 00:34:23 ----D---- D:\WINDOWS\system32\Macromed
2008-12-13 00:40:02 ----A---- D:\WINDOWS\system32\mshtml.dll
2008-12-12 17:48:28 ----SD---- D:\WINDOWS\Downloaded Program Files
2008-12-12 03:04:12 ----D---- D:\Program Files\Internet Explorer
2008-12-10 16:45:18 ----D---- D:\Program Files\Teamspeak2_RC2
2008-12-10 16:41:44 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 16:41:41 ----D---- D:\Program Files\Online Services
2008-12-10 16:41:38 ----D---- D:\WINDOWS\system32\inetsrv
2008-12-10 10:51:12 ----D---- D:\WINDOWS\system32\wbem
2008-12-09 17:24:37 ----A---- D:\WINDOWS\system32\MRT.exe
2008-12-05 01:14:59 ----D---- D:\WINDOWS\system32\Setup
2008-12-05 01:14:57 ----RSD---- D:\WINDOWS\Fonts
2008-12-05 01:13:52 ----D---- D:\WINDOWS\security
2008-12-04 23:32:04 ----D---- D:\WINDOWS\system32\CatRoot
2008-12-04 23:28:07 ----D---- D:\Program Files\Messenger
2008-12-04 23:23:15 ----D---- D:\WINDOWS\WinSxS
2008-12-04 23:22:59 ----D---- D:\WINDOWS\network diagnostic
2008-12-04 23:22:59 ----D---- D:\WINDOWS\Help
2008-12-04 23:22:58 ----D---- D:\WINDOWS\ime
2008-12-04 23:22:40 ----D---- D:\WINDOWS\system32\usmt
2008-12-04 23:22:40 ----D---- D:\WINDOWS\system32\en-US
2008-12-04 23:22:35 ----D---- D:\WINDOWS\PeerNet
2008-12-04 23:22:35 ----D---- D:\Program Files\Movie Maker
2008-12-04 23:19:05 ----D---- D:\WINDOWS\system32\Restore
2008-12-04 23:19:05 ----D---- D:\WINDOWS\system32\npp
2008-12-04 23:19:05 ----D---- D:\WINDOWS\mui
2008-12-04 23:19:04 ----D---- D:\WINDOWS\msagent
2008-12-04 23:19:02 ----D---- D:\WINDOWS\srchasst
2008-12-04 23:19:01 ----D---- D:\Program Files\NetMeeting
2008-12-04 23:19:00 ----D---- D:\WINDOWS\system32\Com
2008-12-04 23:18:57 ----D---- D:\Program Files\Windows NT
2008-12-04 23:18:57 ----D---- D:\Program Files\Windows Media Player
2008-12-04 23:18:57 ----D---- D:\Program Files\Outlook Express
2008-12-04 23:18:53 ----D---- D:\Program Files\Common Files\System
2008-12-04 23:18:30 ----D---- D:\WINDOWS\system32\oobe
2008-12-04 23:18:27 ----D---- D:\WINDOWS\system
2008-12-04 23:14:02 ----D---- D:\WINDOWS\system32\ReinstallBackups
2008-12-04 23:08:36 ----D---- D:\WINDOWS\ehome
2008-12-04 08:48:30 ----SD---- D:\Documents and Settings\Cary\Application Data\Microsoft
2008-11-28 20:28:41 ----D---- D:\Program Files\Common Files\Adobe
2008-11-25 23:30:00 ----D---- D:\Program Files\Guild Wars
2008-11-25 03:07:45 ----RSD---- D:\WINDOWS\assembly
2008-11-25 03:06:31 ----A---- D:\WINDOWS\win.ini
2008-11-25 03:04:12 ----D---- D:\Program Files\Common Files\Microsoft Shared
2008-11-24 14:10:59 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-24 00:41:42 ----D---- D:\WINDOWS\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel® PRO Network Connection Driver; D:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-04 157696]
R3 gbridge;Gbridge Virtual Miniport; D:\WINDOWS\system32\DRIVERS\gbridge.sys [2008-10-19 39928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;IDT High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2008-05-07 1271032]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; D:\WINDOWS\system32\drivers\sfng32.sys [2005-04-04 35712]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-18 152984]
R2 STacSV;Audio Service; d:\program files\idt\intelxpv_v83\wdm\STacSV.exe [2008-05-07 212992]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Also, I didn't know if this would help, but it's recommended in one of the other sections.

info.txt logfile of random's system information tool 1.05 2008-12-18 11:07:47

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 5.0-->D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
EPSON Printer Software-->D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FormatFactory-->MsiExec.exe /X{F977DEAF-D59D-4AD8-B19D-B4D0136491E6}
Gbridge (remove only)-->D:\Program Files\Gbridge LLC\Gbridge\uninstall.exe
GetDiz 4.2-->D:\PROGRA~1\GetDiz\UNINST~1\UNWISE.EXE D:\PROGRA~1\GetDiz\UNINST~1\install.log
Guild Wars-->"D:\Program Files\Guild Wars\Gw.exe" -uninstall
High Definition Audio Driver Package - KB835221-->D:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"D:\MGTools\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Intel® Graphics Media Accelerator Driver-->D:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
K-Lite Mega Codec Pack 4.1.4-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic ISO Maker v5.4 (build 0239)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79-->D:\PROGRA~1\MAGICD~1\UNWISE.EXE D:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
PeerGuardian 2.0-->"D:\Program Files\PeerGuardian2\unins000.exe"
PlayNC Launcher-->D:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127)-->"D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"D:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"D:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"D:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->D:\WINDOWS\system32\MacroMed\Flash\genuinst.exe D:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"D:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2-->"D:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1.7-->"D:\Program Files\WinSCP\unins000.exe"

System event log

Computer Name: KIRKS-8B14311AF
Event Code: 14204
Message: Service 'WMPNetworkSvc' started.

Record Number: 423
Source Name: WMPNetworkSvc
Time Written: 20081113030108.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 7036
Message: The Windows Media Player Network Sharing Service service entered the stopped state.

Record Number: 422
Source Name: Service Control Manager
Time Written: 20081113030059.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 14205
Message: Service 'WMPNetworkSvc' stopped.

Record Number: 421
Source Name: WMPNetworkSvc
Time Written: 20081113030059.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 14207
Message: Media server 'KIRKS-8B14311AF: Cary:' was removed and has stopped sharing media with network media devices.

Record Number: 420
Source Name: WMPNetworkSvc
Time Written: 20081113030058.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 7035
Message: The Windows Media Player Network Sharing Service service was successfully sent a stop control.

Record Number: 419
Source Name: Service Control Manager
Time Written: 20081113030056.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: KIRKS-8B14311AF
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20081109160847.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20081109160844.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20081109160721.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20081109160648.000000-360
Event Type: information
User:

Computer Name: KIRKS-8B14311AF
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20081109160647.000000-360
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=D:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Edited by Lionheartck, 22 December 2008 - 02:00 AM.


BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 31 December 2008 - 02:33 AM

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.


Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#3 Lionheartck

Lionheartck
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 January 2009 - 12:10 AM

Thanks Rosty. Here's a new HJT Log, I used DDS.

This is from my original Post:
I downloaded a video file, and it came with a program that was supposed to install the codec needed to watch it. I thought I had all the codecs I needed, but it was late and I just wanted to watch the video. So, I blindly clicked through the installation process before realizing the program was non-functioning once installed.

One google search told me that I had downloaded some malware. I quickly uninstalled it. I then ran spybot, superantispyware, and malwarebyte's anti-malware, combofix, and ccleaner. I cleaned up all the random garbage they found, but my computer seems to always be sending and receiving, even if no programs are open to use the connection. It also has a hard time pulling up web pages sometimes. Kaspersky found nothing.

Did I get rid of it, or am I still infected? Thanks in advance!

Also, I can no longer disable my internet connection. I assume that is also a symptom.



DDS (Version 1.1.0) - NTFSx86
Run by Cary at 23:05:47.27 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.327 [GMT -6:00]


============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\IDT\WDM\sttray.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
d:\program files\idt\intelxpv_v83\wdm\STacSV.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Java\jre6\bin\jucheck.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Cary\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"
uRun: [PeerGuardian] d:\program files\peerguardian2\pg2.exe
uRun: [Gbridge] "d:\program files\gbridge llc\gbridge\pstartw.exe" "d:\program files\gbridge llc\gbridge\Gbridge.exe" -autostart
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [EPSON Stylus Photo R200 Series] d:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] d:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [Persistence] d:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: d:\docume~1\cary\startm~1\programs\startup\torren~1.lnk - d:\program files\utorrent\uTorrent.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\cary\applic~1\mozilla\firefox\profiles\x19jf6e4.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - plugin: c:\program files\adobe\acrobat 5.0\reader\browser\nppdf32.dll
FF - plugin: d:\documents and settings\cary\application data\mozilla\firefox\profiles\x19jf6e4.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R3 gbridge;Gbridge Virtual Miniport;d:\windows\system32\drivers\gbridge.sys [2008-10-19 39928]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2008-12-31 22:28 <DIR> --d----- d:\program files\VideoLAN
2008-12-30 21:42 361,344 ac------ d:\windows\system32\dllcache\TCPIP.SYS
2008-12-29 21:12 <DIR> --d----- d:\program files\iPhoneBrowser
2008-12-18 16:51 <DIR> --d----- d:\windows\pss
2008-12-18 11:13 410,976 a------- d:\windows\system32\deploytk.dll
2008-12-18 11:13 73,728 a------- d:\windows\system32\javacpl.cpl
2008-12-18 11:07 <DIR> --d----- d:\program files\trend micro
2008-12-18 10:51 161,792 a------- d:\windows\SWREG.exe
2008-12-18 10:51 98,816 a------- d:\windows\sed.exe
2008-12-18 10:51 <DIR> --d----- D:\ComboFix
2008-12-18 10:50 <DIR> --d----- d:\windows\setup.pss
2008-12-18 10:40 11,254 a------- d:\windows\system32\locate.com
2008-12-18 10:39 <DIR> --d----- D:\MGtools
2008-12-18 01:38 79 a------- d:\windows\wininit.ini
2008-12-17 23:55 1,312,755 a------- D:\MGtools.exe
2008-12-17 23:51 <DIR> --d----- d:\docume~1\cary\applic~1\Malwarebytes
2008-12-17 23:51 15,504 a------- d:\windows\system32\drivers\mbam.sys
2008-12-17 23:51 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 23:51 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2008-12-17 23:51 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-17 23:50 <DIR> --d----- d:\program files\Spybot - Search & Destroy
2008-12-17 23:50 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-17 23:44 <DIR> --d----- d:\windows\system32\appmgmt
2008-12-17 23:25 <DIR> --d----- d:\windows\EasyDecrypter v1.12
2008-12-17 23:24 217 a------- d:\windows\clean.vbs
2008-12-17 23:24 28 a------- d:\windows\clean2.bat
2008-12-17 19:29 547,840 a------- d:\windows\system32\wiaaut.dll
2008-12-17 19:29 108,336 a------- d:\windows\system32\Mswinsck.ocx
2008-12-17 19:29 64,000 a------- d:\windows\system32\wiaaut.oca
2008-12-17 19:29 140,288 a------- d:\windows\system32\Comdlg32.ocx
2008-12-17 19:29 132,880 a------- d:\windows\system32\MSINET.OCX
2008-12-17 19:29 102,400 a------- d:\windows\system32\DinkITXPUIMenus.ocx
2008-12-17 19:29 65,536 a------- d:\windows\system32\EnhSliderOcx.ocx
2008-12-10 16:43 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-10 16:43 <DIR> --d----- d:\program files\SUPERAntiSpyware
2008-12-10 16:43 <DIR> --d----- d:\docume~1\cary\applic~1\SUPERAntiSpyware.com
2008-12-10 16:43 <DIR> --d----- d:\program files\common files\Wise Installation Wizard
2008-12-10 16:43 <DIR> --d----- d:\program files\CCleaner

==================== Find3M ====================

2008-12-30 21:42 361,344 a------- d:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-30 21:42 361,344 a------- d:\windows\system32\drivers\TCPIP.SYS
2008-12-04 23:26 86,327 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-09 16:09 21,640 a------- d:\windows\system32\emptyregdb.dat
2008-10-23 06:36 286,720 a------- d:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- d:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- d:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- d:\windows\system32\muweb.dll

============= FINISH: 23:06:03.68 ===============

Attached Files



#4 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 07 January 2009 - 03:03 AM

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.
Posted Image
Proud member of ASAP since 2007

#5 Lionheartck

Lionheartck
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 January 2009 - 09:46 PM

Sorry, that program said it did a pseudo HJT Log... Here's the real thing.

Thanks Rosty.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:07 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\IDT\WDM\sttray.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
d:\program files\idt\intelxpv_v83\wdm\STacSV.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Java\jre6\bin\jucheck.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Gbridge] "D:\Program Files\Gbridge LLC\Gbridge\pstartw.exe" "D:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe" -autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: µTorrent.lnk = D:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - d:\program files\idt\intelxpv_v83\wdm\STacSV.exe

--
End of file - 5855 bytes

#6 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 08 January 2009 - 01:56 AM

Hi,

I don't see malware present in your log.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users