Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection - frmwrk32.exe?


  • This topic is locked This topic is locked
12 replies to this topic

#1 fat_cap

fat_cap

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 21 February 2009 - 12:36 PM

Hi - I have recently become infected with some malware or a combination of them.

I have Zonealarm as my firewall and it popped up asking whether to block or allow frmwrk32.exe. I denied it from running but still have symtpoms of malware including Firefox being hijacked: when I do a google search sometimes the links I click will take me to random sites instead of the real link location, my Task Manager is not working: pressing CNTRL ALT DEL brings up a box saying that Task Manager has been disabled by the administrator, I have an icon of a big red circle with a white cross in it in my tray next to the clock with a "Warning! Security report" speech bubble which pops up. Also I cannot use my system restore function - I can get as far as picking the date I want to roll back to but when I click NEXT to start the restore nothing happens.

I have tried Spybot S+D, AVG and MalwareBytes but am still ahving problems. Spybot did find and get rid of some malware but my problems are still persisting.

I have also tried running MalwareBytes in Safe mode but the computer keeps restarting as every time I come back to the computer it is at the logon screen for XP and not in SafeMode anymore.

EDIT: After looking through the forums I thought I should also add that one fo the problems that the first Spybot scan that I ran came up with and fixed was Virtumonde.dll.

I hope this helps.

My DDS.txt log is as below:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 17:30:38.87 on 21/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1170 [GMT 0:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\runservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Direct Folders\df.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\TVersity\Media Server\web\admin\TVersity.exe
C:\Documents and Settings\Administrator.XBETAS-300052XA\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.givemebackmygoogle.com/
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
uSearch Bar = hxxp://google.icq.com/search/search_frame.php
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AVG7_EMC] c:\progra~1\grisoft\avgfre~1\avgemc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [lxczbmgr.exe] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [DirectFolders] "c:\program files\direct folders\df.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Framework Windows] frmwrk32.exe
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\admini~1.xbe\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\admini~1.xbe\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &Winamp Search - c:\documents and settings\all users.windows\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://www.uclan.ac.uk/other/iss/remote/wficat.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38146.3004861111
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - hxxp://66.117.37.13/gba1035.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.xbe\applic~1\mozilla\firefox\profiles\c7ldoya0.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\documents and settings\administrator.xbetas-300052xa\application data\mozilla\firefox\profiles\c7ldoya0.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHapPlugin411.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-11-6 21851]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-5-12 97408]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-6-7 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2005-10-24 4224]
R1 Avg7RsXP;AVG7 Rezident Driver;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-15 27776]
R1 AvgClean;AVG Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-7-23 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-3-7 394952]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-12-12 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-1-28 49664]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2005-6-10 4960]
R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2004-11-6 161060]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2005-6-28 2560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-2 47640]
R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service --> c:\windows\system32\lxczcoms.exe -service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 Softimage License Server;Softimage License Server;c:\softimage\flexlm\bin\lmgrd.exe --> c:\softimage\flexlm\bin\LMGRD.EXE [?]
S3 P1Scanner;MUSTEK P1 Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2004-7-17 15104]
S3 Swmpaccmvam;Swmpaccmvam;c:\windows\system32\drivers\atmlane.sys [2003-10-6 55808]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-21 14:48 1 a------- c:\windows\system32\uniq.tll
2009-02-21 01:45 26,624 a------- c:\windows\system32\frmwrk32.exe
2009-02-21 01:45 26,624 a------- c:\windows\system32\998.exe
2009-02-19 23:23 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-02-19 21:42 283 a------- c:\windows\system32\tversity.cookies
2009-02-19 16:11 <DIR> --d----- c:\docume~1\admini~1.xbe\applic~1\Malwarebytes
2009-02-19 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-19 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 16:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 16:11 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-02-19 14:29 <DIR> --d----- c:\program files\Vector Magic
2009-02-18 19:59 <DIR> --d----- c:\program files\TVersity Codec Pack
2009-02-18 19:57 <DIR> --d----- c:\program files\TVersity
2009-02-18 19:19 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-17 19:11 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-02-17 19:07 715,248 a------- c:\windows\system32\drivers\sptd.sys

==================== Find3M ====================

2009-02-21 14:07 32,895 a------- c:\windows\system32\wacom.dat
2009-02-21 01:31 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-10-15 17:49 29,880 a------- c:\docume~1\admini~1.xbe\applic~1\GDIPFONTCACHEV1.DAT
2007-12-10 19:52 87,608 a------- c:\docume~1\admini~1.xbe\applic~1\inst.exe
2007-12-10 19:52 47,360 a------- c:\docume~1\admini~1.xbe\applic~1\pcouffin.sys
2005-01-08 15:25 1,388 a------- c:\docume~1\admini~1.xbe\applic~1\ViewerApp.dat
2004-03-11 13:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2007-11-09 19:28 633 a--sh--- c:\windows\system32\mmf(10)(2).sys
2007-11-08 18:13 633 a--sh--- c:\windows\system32\mmf(10)(3).sys
2007-11-09 19:22 633 a--sh--- c:\windows\system32\mmf(11)(2).sys
2007-11-07 20:23 633 a--sh--- c:\windows\system32\mmf(11)(3).sys
2007-11-04 11:58 633 a--sh--- c:\windows\system32\mmf(11)(4).sys
2007-11-08 18:13 633 a--sh--- c:\windows\system32\mmf(12)(2).sys
2007-11-09 21:25 633 a--sh--- c:\windows\system32\mmf(12)(3).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(12)(4).sys
2007-11-07 20:23 633 a--sh--- c:\windows\system32\mmf(13)(2).sys
2007-11-03 16:55 633 a--sh--- c:\windows\system32\mmf(13)(3).sys
2007-10-29 00:28 633 a--sh--- c:\windows\system32\mmf(13)(4).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(14)(2).sys
2007-11-03 16:55 633 a--sh--- c:\windows\system32\mmf(14)(3).sys
2007-11-05 18:10 633 a--sh--- c:\windows\system32\mmf(14)(4).sys
2007-10-30 20:07 633 a--sh--- c:\windows\system32\mmf(14)(5).sys
2007-11-03 12:51 633 a--sh--- c:\windows\system32\mmf(14)(6).sys
2007-11-04 11:58 633 a--sh--- c:\windows\system32\mmf(15)(2).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(15)(3).sys
2007-11-03 16:55 633 a--sh--- c:\windows\system32\mmf(15)(4).sys
2007-10-29 12:48 633 a--sh--- c:\windows\system32\mmf(15)(5).sys
2007-11-05 18:04 633 a--sh--- c:\windows\system32\mmf(16)(2).sys
2007-11-04 11:58 633 a--sh--- c:\windows\system32\mmf(16)(3).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(16)(4).sys
2007-10-29 18:54 633 a--sh--- c:\windows\system32\mmf(16)(5).sys
2007-11-03 12:51 633 a--sh--- c:\windows\system32\mmf(18)(2).sys
2007-11-05 18:16 633 a--sh--- c:\windows\system32\mmf(2)(2).sys
2007-10-26 20:25 633 a--sh--- c:\windows\system32\mmf(2)(3).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(2)(4).sys
2007-11-10 10:36 633 a--sh--- c:\windows\system32\mmf(2)(5).sys
2007-11-09 19:37 633 a--sh--- c:\windows\system32\mmf(2)(6).sys
2007-11-10 11:00 633 a--sh--- c:\windows\system32\mmf(2)(7).sys
2007-11-05 18:10 633 a--sh--- c:\windows\system32\mmf(2)(8).sys
2008-03-07 19:06 633 a--sh--- c:\windows\system32\mmf(2).sys
2007-11-03 12:51 633 a--sh--- c:\windows\system32\mmf(20)(2).sys
2007-10-29 18:54 633 a--sh--- c:\windows\system32\mmf(20)(3).sys
2007-10-30 20:07 633 a--sh--- c:\windows\system32\mmf(21)(2).sys
2007-10-29 12:48 633 a--sh--- c:\windows\system32\mmf(21)(3).sys
2007-10-29 18:54 633 a--sh--- c:\windows\system32\mmf(22)(2).sys
2007-10-29 00:28 633 a--sh--- c:\windows\system32\mmf(22)(3).sys
2007-10-29 12:48 633 a--sh--- c:\windows\system32\mmf(23)(2).sys
2007-10-29 00:13 633 a--sh--- c:\windows\system32\mmf(23)(3).sys
2007-10-29 00:28 633 a--sh--- c:\windows\system32\mmf(24)(2).sys
2007-11-09 21:37 633 a--sh--- c:\windows\system32\mmf(24)(3).sys
2007-10-29 00:13 633 a--sh--- c:\windows\system32\mmf(25)(2).sys
2007-11-09 19:32 633 a--sh--- c:\windows\system32\mmf(25)(3).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(26)(2).sys
2007-11-09 19:32 633 a--sh--- c:\windows\system32\mmf(26)(3).sys
2007-11-09 21:25 633 a--sh--- c:\windows\system32\mmf(26)(4).sys
2007-11-09 20:43 633 a--sh--- c:\windows\system32\mmf(3)(2).sys
2007-11-10 10:28 633 a--sh--- c:\windows\system32\mmf(3)(3).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(3)(4).sys
2007-11-09 21:10 633 a--sh--- c:\windows\system32\mmf(3)(5).sys
2008-03-07 21:08 633 a--sh--- c:\windows\system32\mmf(3).sys
2007-11-09 19:56 633 a--sh--- c:\windows\system32\mmf(34)(2).sys
2007-11-09 19:56 633 a--sh--- c:\windows\system32\mmf(34)(3).sys
2007-11-09 20:13 633 a--sh--- c:\windows\system32\mmf(35)(2).sys
2007-11-09 20:31 633 a--sh--- c:\windows\system32\mmf(36)(2).sys
2007-11-09 20:43 633 a--sh--- c:\windows\system32\mmf(37)(2).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(39)(2).sys
2007-11-09 20:31 633 a--sh--- c:\windows\system32\mmf(4)(2).sys
2007-11-09 22:15 633 a--sh--- c:\windows\system32\mmf(4)(3).sys
2007-11-09 20:43 633 a--sh--- c:\windows\system32\mmf(4)(4).sys
2008-03-07 20:50 633 a--sh--- c:\windows\system32\mmf(4).sys
2007-11-09 20:13 633 a--sh--- c:\windows\system32\mmf(5)(2).sys
2007-11-09 20:31 633 a--sh--- c:\windows\system32\mmf(5)(3).sys
2008-03-07 20:43 633 a--sh--- c:\windows\system32\mmf(5).sys
2007-11-09 19:56 633 a--sh--- c:\windows\system32\mmf(6)(2).sys
2007-11-09 21:10 633 a--sh--- c:\windows\system32\mmf(6)(3).sys
2008-03-07 19:58 633 a--sh--- c:\windows\system32\mmf(6).sys
2007-11-09 19:46 633 a--sh--- c:\windows\system32\mmf(7)(2).sys
2008-03-07 21:23 633 a--sh--- c:\windows\system32\mmf(7).sys
2007-11-09 19:37 633 a--sh--- c:\windows\system32\mmf(8)(2).sys
2007-11-09 19:28 633 a--sh--- c:\windows\system32\mmf(8)(3).sys
2008-03-07 21:29 633 a--sh--- c:\windows\system32\mmf(8).sys
2007-11-09 19:32 633 a--sh--- c:\windows\system32\mmf(9)(2).sys
2007-11-09 19:22 633 a--sh--- c:\windows\system32\mmf(9)(3).sys

============= FINISH: 17:31:39.39 ===============

Attached Files


Edited by fat_cap, 22 February 2009 - 10:29 AM.


BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:41 AM

Posted 28 February 2009 - 11:45 PM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,fat_cap. :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
In the meantime, please refrain from making any changes to your computer, and please do in the following:

Step1
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:41 PM

Posted 07 March 2009 - 05:12 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 fat_cap

fat_cap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 09 March 2009 - 03:44 PM

Hi - thanks for taking the time to try and help me with my problem.

Since starting the topic I have gotten rid of the red circle fake antivirus pop-up and managed to get task manager working again.

Unfortuanately I am still getting my Google searches hijacked by sites such as searchfeed.com which I can't for the life of me fix.

Here is the results of the two log files you asked me to post.

LOG.TXT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-09 20:40:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (4%) free of 239 GB
Total RAM: 2047 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:21, on 09/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\runservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Direct Folders\df.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe
C:\DOCUME~1\ADMINI~1.XBE\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\TVersity\Media Server\web\admin\TVersity.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator.XBETAS-300052XA\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.givemebackmygoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DirectFolders] "C:\Program Files\Direct Folders\df.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.uclan.ac.uk/other/iss/remote/wficat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1035.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Softimage License Server - Unknown owner - C:\Softimage\FLEXLM\bin\LMGRD.EXE (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12181 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-31 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_EMC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-21 406528]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"lxczbmgr.exe"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2007-02-08 74672]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-02-08 295856]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-11-14 919016]
"DirectFolders"=C:\Program Files\Direct Folders\df.exe [2008-03-27 278016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Documents and Settings\Administrator.XBETAS-300052XA\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AutoBackup Launcher.lnk - C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-17 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"%windir%\system32\ccapp.exe"="%windir%\system32\ccapp.exe:*:Enabled:System Process"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lxczcoms.exe"="C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Crazybump Beta Test\CrazyBump.exe"="C:\Program Files\Crazybump Beta Test\CrazyBump.exe:*:Enabled:CrazyBump"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23619702-dc9f-11dc-ae74-000d6148f3df}]
shell\AutoRun\command - "E:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95f4b50-db2b-11dc-ae72-000d6148f3df}]
shell\AutoRun\command - setupSNK.exe


======List of files/folders created in the last 1 months======

2009-03-09 20:40:56 ----D---- C:\Program Files\trend micro
2009-03-09 20:40:50 ----D---- C:\rsit
2009-03-04 18:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-03 08:00:58 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-28 12:29:36 ----D---- C:\WINDOWS\system32\WTablet
2009-02-28 12:29:33 ----N---- C:\WINDOWS\system32\Wintab32.dll
2009-02-28 12:29:33 ----N---- C:\WINDOWS\system32\Wintab.dll
2009-02-28 12:29:32 ----N---- C:\WINDOWS\system32\Tablet.exe
2009-02-28 12:29:26 ----D---- C:\Program Files\Tablet
2009-02-27 15:11:18 ----A---- C:\WINDOWS\system32\MRT.INI
2009-02-27 15:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-27 15:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-27 15:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-02-27 15:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-27 15:06:31 ----A---- C:\WINDOWS\imsins.BAK
2009-02-27 15:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-21 01:45:04 ----A---- C:\WINDOWS\system32\998.exe
2009-02-19 23:50:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-02-19 23:23:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-19 16:11:47 ----D---- C:\Documents and Settings\Administrator.XBETAS-300052XA\Application Data\Malwarebytes
2009-02-19 16:11:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-19 16:11:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-02-19 14:29:17 ----D---- C:\Program Files\Vector Magic
2009-02-18 19:59:29 ----D---- C:\Program Files\TVersity Codec Pack
2009-02-18 19:57:46 ----D---- C:\Program Files\TVersity
2009-02-18 19:25:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-18 19:24:49 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-18 19:19:52 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-18 19:19:36 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-02-18 19:14:13 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-02-18 19:06:44 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-02-17 19:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2009-02-17 19:11:40 ----D---- C:\Documents and Settings\Administrator.XBETAS-300052XA\Application Data\DAEMON Tools
2009-02-17 19:11:13 ----D---- C:\Program Files\DAEMON Tools Lite
2009-02-17 19:05:00 ----D---- C:\Program Files\7-Zip

======List of files/folders modified in the last 1 months======

2009-03-09 20:43:23 ----D---- C:\Program Files\PeerGuardian2
2009-03-09 20:41:55 ----D---- C:\WINDOWS\Prefetch
2009-03-09 20:40:56 ----D---- C:\Program Files
2009-03-09 20:05:53 ----D---- C:\Program Files\Mozilla Firefox
2009-03-09 19:22:40 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-03-09 19:22:29 ----A---- C:\vraylog.txt
2009-03-09 19:21:20 ----D---- C:\WINDOWS\Temp
2009-03-09 19:19:44 ----D---- C:\WINDOWS\Internet Logs
2009-03-09 19:10:55 ----D---- C:\WINDOWS\system32
2009-03-09 19:10:49 ----D---- C:\Program Files\LogMeIn
2009-03-08 13:48:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-05 19:32:32 ----A---- C:\WINDOWS\Lexstat.ini
2009-03-05 19:27:41 ----D---- C:\temp
2009-03-05 17:36:26 ----D---- C:\WINDOWS
2009-03-04 22:11:11 ----D---- C:\Program Files\Soulseek
2009-03-04 18:23:40 ----HD---- C:\WINDOWS\inf
2009-03-04 18:23:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-04 18:22:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-04 08:00:07 ----D---- C:\Documents and Settings\Administrator.XBETAS-300052XA\Application Data\AVG7
2009-03-03 17:50:31 ----D---- C:\WINDOWS\system32\drivers
2009-03-03 07:54:16 ----D---- C:\Program Files\Opera
2009-02-28 10:25:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-27 20:15:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-27 15:09:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-27 15:07:18 ----D---- C:\Program Files\Internet Explorer
2009-02-27 15:07:10 ----D---- C:\WINDOWS\ie7updates
2009-02-27 13:39:20 ----D---- C:\WINDOWS\system32\config
2009-02-27 13:38:50 ----D---- C:\WINDOWS\system32\wbem
2009-02-27 13:38:50 ----D---- C:\WINDOWS\Registration
2009-02-25 18:24:49 ----D---- C:\Program Files\FlashFXP
2009-02-24 19:47:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Soulseek
2009-02-22 22:50:58 ----D---- C:\Program Files\Trillian
2009-02-21 13:30:50 ----D---- C:\WINDOWS\Minidump
2009-02-21 13:30:50 ----D---- C:\WINDOWS\Debug
2009-02-21 13:24:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-20 13:02:28 ----D---- C:\Program Files\Lavasoft
2009-02-20 13:02:26 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-02-20 13:02:26 ----D---- C:\Documents and Settings\Administrator.XBETAS-300052XA\Application Data\Lavasoft
2009-02-20 12:26:49 ----SHD---- C:\WINDOWS\Installer
2009-02-20 12:26:48 ----HD---- C:\Config.Msi
2009-02-20 12:26:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-20 12:04:27 ----D---- C:\Documents and Settings\Administrator.XBETAS-300052XA\Application Data\Spybot - Search & Destroy
2009-02-20 10:30:16 ----SD---- C:\WINDOWS\Tasks
2009-02-20 10:28:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG7
2009-02-19 23:49:49 ----D---- C:\WINDOWS\WinSxS
2009-02-19 10:35:35 ----D---- C:\WINDOWS\security
2009-02-19 10:34:15 ----RHD---- C:\$VAULT$.AVG
2009-02-18 20:01:49 ----D---- C:\Program Files\ffdshow
2009-02-18 19:20:49 ----A---- C:\WINDOWS\win.ini
2009-02-18 19:19:50 ----D---- C:\Program Files\Windows Media Player
2009-02-18 19:19:45 ----D---- C:\WINDOWS\Help
2009-02-18 19:12:00 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-18 18:41:13 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-17 15:06:13 ----D---- C:\Documents and Settings\Administrator.XBETAS-300052XA\Application Data\Vso
2009-02-12 04:56:17 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-07-30 43672]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2004-10-03 25244]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-25 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-07-23 4224]
R1 Avg7RsXP;AVG7 Rezident Driver; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-07-23 27776]
R1 AvgClean;AVG Clean Driver; C:\WINDOWS\system32\drivers\avgclean.sys [2007-12-21 10760]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-11-14 394952]
R2 AvgTdi;AVG Network Redirector; \??\C:\WINDOWS\System32\Drivers\avgtdi.sys []
R2 ETDrv;ETDrv; C:\WINDOWS\system32\drivers\ETDrv.sys [2003-08-07 161060]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-10 47360]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-04 65152]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 Sentinel;Sentinel; C:\WINDOWS\system32\drivers\sentinel.sys []
S3 a997kurg;a997kurg; C:\WINDOWS\system32\drivers\a997kurg.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 P1Scanner;MUSTEK P1 Still Image Device Service; C:\WINDOWS\system32\drivers\usbscan.sys [2008-04-13 15104]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-03-14 79360]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-25 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-07-23 49664]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2002-09-13 46080]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-11-17 114688]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2005-06-28 2560]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-17 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 537520]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-07-06 749568]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2009-01-19 827392]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-11-14 75304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Softimage License Server;Softimage License Server; C:\Softimage\FLEXLM\bin\LMGRD.EXE []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-06-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 License Management Service ESD;License Management Service ESD; C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe [2004-10-19 68608]
S3 Swmpaccmvam;Swmpaccmvam; C:\WINDOWS\system32\drivers\atmlane.sys [2008-04-13 55808]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

INFO.TXT
info.txt logfile of random's system information tool 1.05 2009-03-09 20:43:50

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\ITE Raid Driver Setup\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Silicon Image Raid\Uninst.isu"
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max Cg Plugin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10B22101-1614-4B0C-88DA-9F2015C5A266}\Setup.exe" -l0x9
3DS Max DDS Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36403ED9-3E0B-4407-B876-82BC479C0B38}\Setup.exe" -l0x9
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
3GP Player 2007-->"C:\Program Files\3GP Player\unins000.exe"
3ivx D4 4.5.1 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
517142 - ZBrush (Windows) (Shared Components)-->C:\Program Files\Common Files\element5 Shared\Uninstall\517142 ZBrush Windows\B1FFA000\UninstApplet.exe /uninstall
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
ACDSee 5.0 Standard Trial-->MsiExec.exe /I{A4C7096C-DB17-4B31-BBDB-E805513AA637}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
a-squared free 1.5.1-->"C:\Program Files\a2 free\unins000.exe"
Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BitTorrent 3.4.2-->"C:\Program Files\BitTorrent\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 2.2.3.258-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Crazybump Beta Test (remove only)-->"C:\Program Files\Crazybump Beta Test\uninst.exe"
CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DDS Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64963F0E-03F2-4B59-8D1B-1806545E7092}\Setup.exe" -l0x9
Direct Folders-->"C:\Program Files\Direct Folders\unins000.exe"
DirectShow .SHN FIlter-->"C:\Program Files\DirectShow .SHN FIlter\Uninstall.exe" "C:\Program Files\DirectShow .SHN FIlter\install.log"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe"
finalShaders SP1-->C:\3dsmax5\cebas\FINALS~1\UNWISE.EXE C:\3dsmax5\cebas\FINALS~1\finalshaders.log
FlashFXP-->C:\PROGRA~1\FlashFXP\UNWISE.EXE C:\PROGRA~1\FlashFXP\INSTALL.LOG
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Fraps-->"C:\Fraps\uninstall.exe"
FreeAgent Pro Tools-->C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 3900 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.3 - Scanjet 4600 Series-->MsiExec.exe /I{3E270C95-8327-4C2F-A8E1-902CC2604A20}
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Development Kit 5.0 Update 14-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150140}
J2SE Runtime Environment 5.0 Update 14-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150140}
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.27 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark 1200 Series-->C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LogMeIn-->MsiExec.exe /I{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}
Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic Video Converter Trial Version (English) 8.0.3.18-->"C:\Program Files\Magic Video Converter\unins001.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite-->C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_wu_eng.exe /LANG="2057"
Nokia PC Suite-->MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Cg Compiler-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64A2E8C1-EDBC-4189-AEBC-0A82EC010044}\Setup.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA FX Composer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA018AF8-8121-4D0B-B45E-DD07D153F372}\Setup.exe" -l0x9
NVIDIA Photoshop Plug-ins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\Setup.exe" -l0x9
Opera 9.63-->MsiExec.exe /X{2C0CD17D-0B06-4700-83FA-7344B868B0A2}
PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PodUtil 2.7.1-->"C:\Program Files\PodUtil\unins000.exe"
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SDFormatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SkyPaint-->C:\PROGRA~1\SkyPaint\UNWISE.EXE C:\PROGRA~1\SkyPaint\INSTALL.LOG
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL
SoulSeek 157 NS 13-->"C:\Program Files\Soulseekt\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tablet-->C:\Program Files\Tablet\Remove.exe /u
The Haptek Player-->C:\PROGRA~1\Haptek\player\UNWISE.EXE C:\PROGRA~1\Haptek\player\INSTALL.LOG
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.11 RC7-->C:\Program Files\TVersity\Media Server\uninst.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TweakNow RegCleaner-->"C:\Program Files\TweakNow RegCleaner\unins000.exe"
Ultra Hal Assistant 6.1-->C:\Program Files\Zabaware\Ultra Hal Assistant 6\uninst.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Vector Magic-->"C:\Program Files\Vector Magic\Uninstall.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VSO CopyToDVD 4-->"C:\Program Files\VSO\unins000.exe"
VSO Inspector 1.3.1.82-->"C:\Program Files\vso\tools\unins000.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
ZAppLink-->MsiExec.exe /I{BC352445-5DD8-4C4F-909A-21A9E75017B1}
ZBrush2-->"C:\Program Files\Pixologic\ZBrush2\UninstallerData\Uninstall ZBrush2.exe"
ZBrush3-->MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}
ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: AVG 7.5.557
FW: ZoneAlarm Pro Firewall

System event log

Computer Name: SAMS_COMPUTER
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 83381
Source Name: Service Control Manager
Time Written: 20090126180854.000000+000
Event Type: information
User:

Computer Name: SAMS_COMPUTER
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 83380
Source Name: Service Control Manager
Time Written: 20090126180854.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: SAMS_COMPUTER
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 83379
Source Name: Service Control Manager
Time Written: 20090126180851.000000+000
Event Type: information
User:

Computer Name: SAMS_COMPUTER
Event Code: 7035
Message: The IP Traffic Filter Driver service was successfully sent a start control.

Record Number: 83378
Source Name: Service Control Manager
Time Written: 20090126180851.000000+000
Event Type: information
User: SAMS_COMPUTER\Administrator

Computer Name: SAMS_COMPUTER
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 83377
Source Name: Service Control Manager
Time Written: 20090126180850.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: SAMS_COMPUTER
Event Code: 205
Message: User SAMS_COMPUTER\Administrator from IP address 85.133.27.147 ended a Remote Control session.

Record Number: 15601
Source Name: LogMeIn
Time Written: 20080709165300.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: SAMS_COMPUTER
Event Code: 202
Message: Remote Control session started for user SAMS_COMPUTER\Administrator from IP address 85.133.27.147. The interactive user (if present) has not been asked for a confirmation.

Record Number: 15600
Source Name: LogMeIn
Time Written: 20080709150611.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: SAMS_COMPUTER
Event Code: 102
Message: User SAMS_COMPUTER\Administrator has successfully logged on from IP address 85.133.27.147. Secure (SSL) Connection: Yes

Record Number: 15599
Source Name: LogMeIn
Time Written: 20080709150547.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: SAMS_COMPUTER
Event Code: 106
Message: User SAMS_COMPUTER\Administrator from IP address 85.133.27.147 has been logged out by the service due to reaching the preset amount of idle time.

Record Number: 15598
Source Name: LogMeIn
Time Written: 20080709145631.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: SAMS_COMPUTER
Event Code: 205
Message: User SAMS_COMPUTER\Administrator from IP address 85.133.27.147 ended a Remote Control session.

Record Number: 15597
Source Name: LogMeIn
Time Written: 20080709143635.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\ALPSER~1;C:\PROGRA~1\ALPSER~1\(x86);C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LM_LICENSE_FILE"=C:\Softimage\FLEXLM\licenses;
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:41 AM

Posted 09 March 2009 - 03:45 PM

Re opened at OP 's request.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:41 AM

Posted 09 March 2009 - 09:32 PM

Hi fat_cap,

Message received. Will check your status a little while and get back to you asap.

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:41 AM

Posted 10 March 2009 - 01:56 AM

Hi fat_cap,



I notice there is sign of one P2P (Person to Person) File Sharing Program on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
You are well advised to remove it via Control Panel > Add/Remove Programs.

BitTorrent 3.4.2



Step1

Please close all browsers and other windows while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.



Step2

Please disable Spybot S&D's protection,or it will interfere.
  • You can enable it after you're clean.
  • Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Click the 'Allow Change' box.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
  • If it is, right click it and choose 'exit Spybot-S&D Resident'.
  • Restart the computer.
  • If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm




Step3

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time. Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log
2.New RIST log Thanks.

#8 fat_cap

fat_cap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 10 March 2009 - 02:15 PM

Hi - I have ran the programs and turned off my antivirus - the logs from goored and combofix are below

GooredFix v1.91 by jpshortstuff
Log created at 18:34 on 10/03/2009 running Option #1 (Administrator)
Firefox version 3.0.7 (en-GB)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{BD92739F-B094-42F9-92EF-C5DEEB04E735}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

___________________________________________________________


ComboFix 09-03-06.02 - Administrator 2009-03-10 19:01:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1468 [GMT 0:00]
Running from: c:\documents and settings\Administrator.XBETAS-300052XA\Desktop\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Pro Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\inst.exe
c:\documents and settings\Testing\Application Data\inst.exe
c:\windows\patch.exe
c:\windows\system32\998.exe
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-09 20:40 . 2009-03-09 20:43 <DIR> d-------- C:\rsit
2009-03-09 20:40 . 2009-03-09 20:43 <DIR> d-------- c:\program files\trend micro
2009-03-03 07:54 . 2009-03-02 20:37 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-02 20:37 . 2009-03-03 07:54 <DIR> d-------- c:\documents and settings\Administrator.XBETAS-300052XA\.housecall6.6
2009-02-28 12:29 . 2009-02-28 12:29 <DIR> d-------- c:\windows\system32\WTablet
2009-02-28 12:29 . 2009-02-28 12:29 <DIR> d-------- c:\program files\Tablet
2009-02-28 12:29 . 2005-07-06 15:50 1,825,972 --------- c:\windows\system32\WacomTablet.znc
2009-02-28 12:29 . 2005-07-06 17:54 1,413,120 --------- c:\windows\system32\WacomTablet.cpl
2009-02-28 12:29 . 2005-07-06 17:50 749,568 --------- c:\windows\system32\Tablet.exe
2009-02-28 12:29 . 2005-07-06 18:08 102,400 --------- c:\windows\system32\Wintab32.dll
2009-02-28 12:29 . 1999-05-07 16:12 15,744 --------- c:\windows\system32\Wintab.dll
2009-02-28 12:29 . 2009-03-10 18:42 13,890 --a------ c:\windows\system32\tablet.dat
2009-02-28 12:29 . 2001-04-09 20:45 8,138 --------- c:\windows\system32\drivers\PenClass.sys
2009-02-27 15:11 . 2009-02-27 15:11 118 --a------ c:\windows\system32\MRT.INI
2009-02-27 15:06 . 2009-02-27 15:08 1,374 --a------ c:\windows\imsins.BAK
2009-02-27 07:54 . 2009-03-10 18:42 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-27 07:54 . 2009-02-27 07:54 1,409 --a------ c:\windows\QTFont.for
2009-02-19 23:50 . 2009-02-20 12:26 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-02-19 23:23 . 2009-02-21 13:35 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-19 21:42 . 2009-03-10 18:42 283 --a------ c:\windows\system32\tversity.cookies
2009-02-19 16:11 . 2009-02-19 16:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 16:11 . 2009-02-19 16:11 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-02-19 16:11 . 2009-02-19 16:11 <DIR> d-------- c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\Malwarebytes
2009-02-19 16:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 16:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-19 14:29 . 2009-02-19 14:29 <DIR> d-------- c:\program files\Vector Magic
2009-02-18 19:59 . 2009-02-18 20:02 <DIR> d-------- c:\program files\TVersity Codec Pack
2009-02-18 19:57 . 2009-02-18 19:57 <DIR> d-------- c:\program files\TVersity
2009-02-18 19:19 . 2009-02-18 19:19 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-18 19:12 . 2009-02-18 19:14 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-17 19:11 . 2009-02-18 18:15 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-17 19:11 . 2009-02-17 19:32 <DIR> d-------- c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\DAEMON Tools
2009-02-17 19:07 . 2009-02-17 19:07 715,248 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-17 19:05 . 2009-02-17 19:05 <DIR> d-------- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 19:16 --------- d-----w c:\program files\PeerGuardian2
2009-03-10 04:49 --------- d-----w c:\program files\LogMeIn
2009-03-04 22:11 --------- d-----w c:\program files\Soulseek
2009-03-04 08:00 --------- d-----w c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\AVG7
2009-03-03 07:54 --------- d-----w c:\program files\Opera
2009-02-25 18:24 --------- d-----w c:\program files\FlashFXP
2009-02-24 19:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2009-02-23 18:51 2,904,576 ----a-w c:\windows\Internet Logs\xDB3A.tmp
2009-02-22 22:50 --------- d-----w c:\program files\Trillian
2009-02-21 13:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-20 13:06 69,632 ----a-w c:\windows\Internet Logs\xDB38.tmp
2009-02-20 13:06 2,876,416 ----a-w c:\windows\Internet Logs\xDB39.tmp
2009-02-20 13:02 --------- d-----w c:\program files\Lavasoft
2009-02-20 13:02 --------- d-----w c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\Lavasoft
2009-02-20 12:04 --------- d-----w c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\Spybot - Search & Destroy
2009-02-20 11:56 2,856,960 ----a-w c:\windows\Internet Logs\xDB37.tmp
2009-02-20 11:56 1,907,200 ----a-w c:\windows\Internet Logs\xDB36.tmp
2009-02-20 10:28 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AVG7
2009-02-20 08:00 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVG7
2009-02-18 20:01 --------- d-----w c:\program files\ffdshow
2009-02-17 15:06 --------- d-----w c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\Vso
2009-02-06 20:01 5,410,816 ----a-w c:\windows\Internet Logs\xDB32.tmp
2009-02-06 20:01 2,703,360 ----a-w c:\windows\Internet Logs\xDB35.tmp
2009-01-24 18:47 9,037,902 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-15 17:49 29,880 ----a-w c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\GDIPFONTCACHEV1.DAT
2008-02-22 20:02 27,904 ----a-w c:\documents and settings\Testing\Application Data\GDIPFONTCACHEV1.DAT
2007-12-10 19:52 47,360 ----a-w c:\documents and settings\Testing\Application Data\pcouffin.sys
2007-12-10 19:52 47,360 ----a-w c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\pcouffin.sys
2005-01-08 15:25 1,388 ----a-w c:\documents and settings\Testing\Application Data\ViewerApp.dat
2005-01-08 15:25 1,388 ----a-w c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\ViewerApp.dat
2004-06-06 15:53 73,728 ------w c:\documents and settings\Administrator\SetupNI.dll
2004-03-11 13:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2007-11-09 19:28 633 --sha-w c:\windows\system32\mmf(10)(2).sys
2007-11-08 18:13 633 --sha-w c:\windows\system32\mmf(10)(3).sys
2007-11-09 19:22 633 --sha-w c:\windows\system32\mmf(11)(2).sys
2007-11-07 20:23 633 --sha-w c:\windows\system32\mmf(11)(3).sys
2007-11-04 11:58 633 --sha-w c:\windows\system32\mmf(11)(4).sys
2007-11-08 18:13 633 --sha-w c:\windows\system32\mmf(12)(2).sys
2007-11-09 21:25 633 --sha-w c:\windows\system32\mmf(12)(3).sys
2007-11-04 10:25 633 --sha-w c:\windows\system32\mmf(12)(4).sys
2007-11-07 20:23 633 --sha-w c:\windows\system32\mmf(13)(2).sys
2007-11-03 16:55 633 --sha-w c:\windows\system32\mmf(13)(3).sys
2007-10-29 00:28 633 --sha-w c:\windows\system32\mmf(13)(4).sys
2007-11-09 20:57 633 --sha-w c:\windows\system32\mmf(14)(2).sys
2007-11-03 16:55 633 --sha-w c:\windows\system32\mmf(14)(3).sys
2007-11-05 18:10 633 --sha-w c:\windows\system32\mmf(14)(4).sys
2007-10-30 20:07 633 --sha-w c:\windows\system32\mmf(14)(5).sys
2007-11-03 12:51 633 --sha-w c:\windows\system32\mmf(14)(6).sys
2007-11-04 11:58 633 --sha-w c:\windows\system32\mmf(15)(2).sys
2007-11-04 10:25 633 --sha-w c:\windows\system32\mmf(15)(3).sys
2007-11-03 16:55 633 --sha-w c:\windows\system32\mmf(15)(4).sys
2007-10-29 12:48 633 --sha-w c:\windows\system32\mmf(15)(5).sys
2007-11-05 18:04 633 --sha-w c:\windows\system32\mmf(16)(2).sys
2007-11-04 11:58 633 --sha-w c:\windows\system32\mmf(16)(3).sys
2007-11-04 10:25 633 --sha-w c:\windows\system32\mmf(16)(4).sys
2007-10-29 18:54 633 --sha-w c:\windows\system32\mmf(16)(5).sys
2007-11-03 12:51 633 --sha-w c:\windows\system32\mmf(18)(2).sys
2007-11-05 18:16 633 --sha-w c:\windows\system32\mmf(2)(2).sys
2007-10-26 20:25 633 --sha-w c:\windows\system32\mmf(2)(3).sys
2007-11-09 20:57 633 --sha-w c:\windows\system32\mmf(2)(4).sys
2007-11-10 10:36 633 --sha-w c:\windows\system32\mmf(2)(5).sys
2007-11-09 19:37 633 --sha-w c:\windows\system32\mmf(2)(6).sys
2007-11-10 11:00 633 --sha-w c:\windows\system32\mmf(2)(7).sys
2007-11-05 18:10 633 --sha-w c:\windows\system32\mmf(2)(8).sys
2008-03-07 19:06 633 --sha-w c:\windows\system32\mmf(2).sys
2007-11-03 12:51 633 --sha-w c:\windows\system32\mmf(20)(2).sys
2007-10-29 18:54 633 --sha-w c:\windows\system32\mmf(20)(3).sys
2007-10-30 20:07 633 --sha-w c:\windows\system32\mmf(21)(2).sys
2007-10-29 12:48 633 --sha-w c:\windows\system32\mmf(21)(3).sys
2007-10-29 18:54 633 --sha-w c:\windows\system32\mmf(22)(2).sys
2007-10-29 00:28 633 --sha-w c:\windows\system32\mmf(22)(3).sys
2007-10-29 12:48 633 --sha-w c:\windows\system32\mmf(23)(2).sys
2007-10-29 00:13 633 --sha-w c:\windows\system32\mmf(23)(3).sys
2007-10-29 00:28 633 --sha-w c:\windows\system32\mmf(24)(2).sys
2007-11-09 21:37 633 --sha-w c:\windows\system32\mmf(24)(3).sys
2007-10-29 00:13 633 --sha-w c:\windows\system32\mmf(25)(2).sys
2007-11-09 19:32 633 --sha-w c:\windows\system32\mmf(25)(3).sys
2007-11-09 20:57 633 --sha-w c:\windows\system32\mmf(26)(2).sys
2007-11-09 19:32 633 --sha-w c:\windows\system32\mmf(26)(3).sys
2007-11-09 21:25 633 --sha-w c:\windows\system32\mmf(26)(4).sys
2007-11-09 20:43 633 --sha-w c:\windows\system32\mmf(3)(2).sys
2007-11-10 10:28 633 --sha-w c:\windows\system32\mmf(3)(3).sys
2007-11-09 20:57 633 --sha-w c:\windows\system32\mmf(3)(4).sys
2007-11-09 21:10 633 --sha-w c:\windows\system32\mmf(3)(5).sys
2008-03-07 21:08 633 --sha-w c:\windows\system32\mmf(3).sys
2007-11-09 19:56 633 --sha-w c:\windows\system32\mmf(34)(2).sys
2007-11-09 19:56 633 --sha-w c:\windows\system32\mmf(34)(3).sys
2007-11-09 20:13 633 --sha-w c:\windows\system32\mmf(35)(2).sys
2007-11-09 20:31 633 --sha-w c:\windows\system32\mmf(36)(2).sys
2007-11-09 20:43 633 --sha-w c:\windows\system32\mmf(37)(2).sys
2007-11-04 10:25 633 --sha-w c:\windows\system32\mmf(39)(2).sys
2007-11-09 20:31 633 --sha-w c:\windows\system32\mmf(4)(2).sys
2007-11-09 22:15 633 --sha-w c:\windows\system32\mmf(4)(3).sys
2007-11-09 20:43 633 --sha-w c:\windows\system32\mmf(4)(4).sys
2008-03-07 20:50 633 --sha-w c:\windows\system32\mmf(4).sys
2007-11-09 20:13 633 --sha-w c:\windows\system32\mmf(5)(2).sys
2007-11-09 20:31 633 --sha-w c:\windows\system32\mmf(5)(3).sys
2008-03-07 20:43 633 --sha-w c:\windows\system32\mmf(5).sys
2007-11-09 19:56 633 --sha-w c:\windows\system32\mmf(6)(2).sys
2007-11-09 21:10 633 --sha-w c:\windows\system32\mmf(6)(3).sys
2008-03-07 19:58 633 --sha-w c:\windows\system32\mmf(6).sys
2007-11-09 19:46 633 --sha-w c:\windows\system32\mmf(7)(2).sys
2008-03-07 21:23 633 --sha-w c:\windows\system32\mmf(7).sys
2007-11-09 19:37 633 --sha-w c:\windows\system32\mmf(8)(2).sys
2007-11-09 19:28 633 --sha-w c:\windows\system32\mmf(8)(3).sys
2008-03-07 21:29 633 --sha-w c:\windows\system32\mmf(8).sys
2007-11-09 19:32 633 --sha-w c:\windows\system32\mmf(9)(2).sys
2007-11-09 19:22 633 --sha-w c:\windows\system32\mmf(9)(3).sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_EMC"="c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-21 406528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]
"DirectFolders"="c:\program files\Direct Folders\df.exe" [2008-03-27 278016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Testing\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-06 113664]
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-01-14 95456]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2008-11-26 1873280]

c:\documents and settings\Administrator.XBETAS-300052XA\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-06 113664]
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-01-14 95456]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-03-31 127488]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-02-28 114688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 19:47 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\ccapp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25464:TCP"= 25464:TCP:BitComet 25464 TCP
"25464:UDP"= 25464:UDP:BitComet 25464 UDP

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-11-06 21851]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-05-12 97408]
R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2004-11-06 161060]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2005-06-28 2560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-02 47640]
S2 Softimage License Server;Softimage License Server;c:\softimage\FLEXLM\bin\LMGRD.EXE --> c:\softimage\FLEXLM\bin\LMGRD.EXE [?]
S3 P1Scanner;MUSTEK P1 Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2004-07-17 15104]
S3 Swmpaccmvam;Swmpaccmvam;c:\windows\system32\drivers\atmlane.sys [2003-10-06 55808]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95f4b50-db2b-11dc-ae72-000d6148f3df}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.givemebackmygoogle.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\Mozilla\Firefox\Profiles\c7ldoya0.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\documents and settings\Administrator.XBETAS-300052XA\Application Data\Mozilla\Firefox\Profiles\c7ldoya0.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHapPlugin411.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 19:16:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0]
"1"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,f3,14,12,4f,01,36,44,
b9
"2"=hex:6c,c5,5b,f7,b0,9e,32,e3,03,c6,40,3c,f9,93,f0,a3,e0,80,50,c4,b1,40,2f,
48,ec,05,72,d0,e0,27,38,13
"3"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,88,0a,70,d8,2f,23,2d,
64,0e,4f,11,7b,2d,48,46,54,f2,60,49,21,f0,9e,bf,bb,ce,a9,b7,33,0c,9b,44,72

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0\2E23F88730107CE6]
"1"=hex:a5,c9,74,ec,b1,20,d6,a1,09,fa,f5,4f,55,50,73,85
"2"=hex:07,95,f7,2a,04,d4,26,a4
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,ce,c8,a9,1f,59,5f,3d,
24,37,04,40,4a,f4,30,65,d4,c0,58,80,e5,16,68,3a,98,df,ce,bb,3a,52,ae,be,a8,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,42,65,bf,c3,d7,b2,88,
07,4b,e7,15,d7,52,86,76,79,e7,6c,c2,fa,12,7e,7a,c3,b9,5d,c3,e8,30,d9,6c,8f,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-03-10 19:18:50
ComboFix-quarantined-files.txt 2009-03-10 19:18:25

Pre-Run: 14,366,547,968 bytes free
Post-Run: 14,411,997,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

335 --- E O F --- 2009-03-04 18:23:40

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:41 AM

Posted 11 March 2009 - 02:58 AM

Hi fat_cap,



Step1

Ensure all instances of Firefox are closed
  • Double-click Goored.exe on your Desktop to run it
  • Select 2. Fix Goored by typing 2 & pressing Enter.
  • Type y at the prompt then press Enter. The removal process will begin.
  • A log will open, post the contents of that log in your next reply.


Step2

Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • JJ2SE Development Kit 5.0 Update 14
      J2SE Runtime Environment 5.0 Update 14
      Java 2 Runtime Environment, SE v1.4.2_04
      Java 2 Runtime Environment, SE v1.4.2_05
      Java™ 6 Update 3
      Java™ 6 Update 5
      Java™ 6 Update 7
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.


Step3

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.



Step4

Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.GooredFix log
2.Kas Scan Report
3.New HJT log

Tell me how your pc is behaving now.

#10 fat_cap

fat_cap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 11 March 2009 - 04:19 PM

Hi - thanks for the quick reply.

The Kapersky scan is taking a long time! I am going to let it run and will post back the results and logs tomorrow.

#11 fat_cap

fat_cap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 12 March 2009 - 07:35 AM

Hi -the kapersky took much longer than anticipated but eventually finished!

Initial tests look like the browser hijack has gone which is great!

Here are the logs that you asked for:

GooredFix v1.91 by jpshortstuff
Log created at 17:54 on 11/03/2009 running Option #2 (Administrator)
Firefox version 3.0.7 (en-GB)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{BD92739F-B094-42F9-92EF-C5DEEB04E735}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 11, 2009 16:13:43
Records in database: 1889325
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
H:\

Scan statistics:
Files scanned: 323539
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 18:05:59


File name / Threat name / Threats count
C:\Documents and Settings\Administrator.XBETAS-300052XA\My Documents\my downloads\program downloads\mirc\mirc61.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 1
C:\Documents and Settings\Testing\My Documents\my downloads\program downloads\mirc\mirc61.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 1
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir Infected: Trojan.Win32.Monder.bdnr 1

The selected area was scanned.

_____________________________________________


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 12:38:11.46 on 12/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1533 [GMT 0:00]

AV: AVG 7.5.557 *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\runservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Direct Folders\df.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\ADMINI~1.XBE\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1.XBE\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Administrator.XBETAS-300052XA\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.givemebackmygoogle.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [AVG7_EMC] c:\progra~1\grisoft\avgfre~1\avgemc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [lxczbmgr.exe] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [DirectFolders] "c:\program files\direct folders\df.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\admini~1.xbe\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\admini~1.xbe\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &Winamp Search - c:\documents and settings\all users.windows\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://www.uclan.ac.uk/other/iss/remote/wficat.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38146.3004861111
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.xbe\applic~1\mozilla\firefox\profiles\c7ldoya0.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\documents and settings\administrator.xbetas-300052xa\application data\mozilla\firefox\profiles\c7ldoya0.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHapPlugin411.dll
FF - plugin: c:\program files\opera\program\plugins\npjava11.dll
FF - plugin: c:\program files\opera\program\plugins\npjava12.dll
FF - plugin: c:\program files\opera\program\plugins\npjava13.dll
FF - plugin: c:\program files\opera\program\plugins\npjava14.dll
FF - plugin: c:\program files\opera\program\plugins\npjava32.dll
FF - plugin: c:\program files\opera\program\plugins\npjpi160_07.dll
FF - plugin: c:\program files\opera\program\plugins\npoji610.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2004-11-6 21851]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-5-12 97408]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-6-7 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2005-10-24 4224]
R1 Avg7RsXP;AVG7 Rezident Driver;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-15 27776]
R1 AvgClean;AVG Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-7-23 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-3-7 394952]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-12-12 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-1-28 49664]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2005-6-10 4960]
R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2004-11-6 161060]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2005-6-28 2560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-2 47640]
R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service --> c:\windows\system32\lxczcoms.exe -service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 Softimage License Server;Softimage License Server;c:\softimage\flexlm\bin\lmgrd.exe --> c:\softimage\flexlm\bin\LMGRD.EXE [?]
S3 P1Scanner;MUSTEK P1 Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2004-7-17 15104]
S3 Swmpaccmvam;Swmpaccmvam;c:\windows\system32\drivers\atmlane.sys [2003-10-6 55808]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-03-11 18:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-11 18:10 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 18:59 <DIR> a-dshr-- C:\cmdcons
2009-03-10 18:54 161,792 a------- c:\windows\SWREG.exe
2009-03-10 18:54 98,816 a------- c:\windows\sed.exe
2009-03-09 20:40 <DIR> --d----- c:\program files\trend micro
2009-03-03 07:54 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-02 20:37 <DIR> --d----- c:\documents and settings\administrator.xbetas-300052xa\.housecall6.6
2009-02-28 12:29 13,890 a------- c:\windows\system32\tablet.dat
2009-02-28 12:29 1,825,972 -------- c:\windows\system32\WacomTablet.znc
2009-02-28 12:29 1,413,120 -------- c:\windows\system32\WacomTablet.cpl
2009-02-28 12:29 <DIR> --d----- c:\windows\system32\WTablet
2009-02-28 12:29 8,138 -------- c:\windows\system32\drivers\PenClass.sys
2009-02-28 12:29 102,400 -------- c:\windows\system32\Wintab32.dll
2009-02-28 12:29 15,744 -------- c:\windows\system32\Wintab.dll
2009-02-28 12:29 749,568 -------- c:\windows\system32\Tablet.exe
2009-02-28 12:29 <DIR> --d----- c:\program files\Tablet
2009-02-27 15:11 118 a------- c:\windows\system32\MRT.INI
2009-02-27 07:54 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-27 07:54 1,409 a------- c:\windows\QTFont.for
2009-02-19 23:23 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-02-19 21:42 283 a------- c:\windows\system32\tversity.cookies
2009-02-19 16:11 <DIR> --d----- c:\docume~1\admini~1.xbe\applic~1\Malwarebytes
2009-02-19 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-19 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 16:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 16:11 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-02-19 14:29 <DIR> --d----- c:\program files\Vector Magic
2009-02-18 19:59 <DIR> --d----- c:\program files\TVersity Codec Pack
2009-02-18 19:57 <DIR> --d----- c:\program files\TVersity
2009-02-18 19:19 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-17 19:11 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-02-17 19:07 715,248 a------- c:\windows\system32\drivers\sptd.sys

==================== Find3M ====================

2009-03-11 17:52 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll
2008-10-15 17:49 29,880 a------- c:\docume~1\admini~1.xbe\applic~1\GDIPFONTCACHEV1.DAT
2007-12-10 19:52 47,360 a------- c:\docume~1\admini~1.xbe\applic~1\pcouffin.sys
2005-01-08 15:25 1,388 a------- c:\docume~1\admini~1.xbe\applic~1\ViewerApp.dat
2004-03-11 13:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2007-11-09 19:28 633 a--sh--- c:\windows\system32\mmf(10)(2).sys
2007-11-08 18:13 633 a--sh--- c:\windows\system32\mmf(10)(3).sys
2007-11-09 19:22 633 a--sh--- c:\windows\system32\mmf(11)(2).sys
2007-11-07 20:23 633 a--sh--- c:\windows\system32\mmf(11)(3).sys
2007-11-04 11:58 633 a--sh--- c:\windows\system32\mmf(11)(4).sys
2007-11-08 18:13 633 a--sh--- c:\windows\system32\mmf(12)(2).sys
2007-11-09 21:25 633 a--sh--- c:\windows\system32\mmf(12)(3).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(12)(4).sys
2007-11-07 20:23 633 a--sh--- c:\windows\system32\mmf(13)(2).sys
2007-11-03 16:55 633 a--sh--- c:\windows\system32\mmf(13)(3).sys
2007-10-29 00:28 633 a--sh--- c:\windows\system32\mmf(13)(4).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(14)(2).sys
2007-11-03 16:55 633 a--sh--- c:\windows\system32\mmf(14)(3).sys
2007-11-05 18:10 633 a--sh--- c:\windows\system32\mmf(14)(4).sys
2007-10-30 20:07 633 a--sh--- c:\windows\system32\mmf(14)(5).sys
2007-11-03 12:51 633 a--sh--- c:\windows\system32\mmf(14)(6).sys
2007-11-04 11:58 633 a--sh--- c:\windows\system32\mmf(15)(2).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(15)(3).sys
2007-11-03 16:55 633 a--sh--- c:\windows\system32\mmf(15)(4).sys
2007-10-29 12:48 633 a--sh--- c:\windows\system32\mmf(15)(5).sys
2007-11-05 18:04 633 a--sh--- c:\windows\system32\mmf(16)(2).sys
2007-11-04 11:58 633 a--sh--- c:\windows\system32\mmf(16)(3).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(16)(4).sys
2007-10-29 18:54 633 a--sh--- c:\windows\system32\mmf(16)(5).sys
2007-11-03 12:51 633 a--sh--- c:\windows\system32\mmf(18)(2).sys
2007-11-05 18:16 633 a--sh--- c:\windows\system32\mmf(2)(2).sys
2007-10-26 20:25 633 a--sh--- c:\windows\system32\mmf(2)(3).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(2)(4).sys
2007-11-10 10:36 633 a--sh--- c:\windows\system32\mmf(2)(5).sys
2007-11-09 19:37 633 a--sh--- c:\windows\system32\mmf(2)(6).sys
2007-11-10 11:00 633 a--sh--- c:\windows\system32\mmf(2)(7).sys
2007-11-05 18:10 633 a--sh--- c:\windows\system32\mmf(2)(8).sys
2008-03-07 19:06 633 a--sh--- c:\windows\system32\mmf(2).sys
2007-11-03 12:51 633 a--sh--- c:\windows\system32\mmf(20)(2).sys
2007-10-29 18:54 633 a--sh--- c:\windows\system32\mmf(20)(3).sys
2007-10-30 20:07 633 a--sh--- c:\windows\system32\mmf(21)(2).sys
2007-10-29 12:48 633 a--sh--- c:\windows\system32\mmf(21)(3).sys
2007-10-29 18:54 633 a--sh--- c:\windows\system32\mmf(22)(2).sys
2007-10-29 00:28 633 a--sh--- c:\windows\system32\mmf(22)(3).sys
2007-10-29 12:48 633 a--sh--- c:\windows\system32\mmf(23)(2).sys
2007-10-29 00:13 633 a--sh--- c:\windows\system32\mmf(23)(3).sys
2007-10-29 00:28 633 a--sh--- c:\windows\system32\mmf(24)(2).sys
2007-11-09 21:37 633 a--sh--- c:\windows\system32\mmf(24)(3).sys
2007-10-29 00:13 633 a--sh--- c:\windows\system32\mmf(25)(2).sys
2007-11-09 19:32 633 a--sh--- c:\windows\system32\mmf(25)(3).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(26)(2).sys
2007-11-09 19:32 633 a--sh--- c:\windows\system32\mmf(26)(3).sys
2007-11-09 21:25 633 a--sh--- c:\windows\system32\mmf(26)(4).sys
2007-11-09 20:43 633 a--sh--- c:\windows\system32\mmf(3)(2).sys
2007-11-10 10:28 633 a--sh--- c:\windows\system32\mmf(3)(3).sys
2007-11-09 20:57 633 a--sh--- c:\windows\system32\mmf(3)(4).sys
2007-11-09 21:10 633 a--sh--- c:\windows\system32\mmf(3)(5).sys
2008-03-07 21:08 633 a--sh--- c:\windows\system32\mmf(3).sys
2007-11-09 19:56 633 a--sh--- c:\windows\system32\mmf(34)(2).sys
2007-11-09 19:56 633 a--sh--- c:\windows\system32\mmf(34)(3).sys
2007-11-09 20:13 633 a--sh--- c:\windows\system32\mmf(35)(2).sys
2007-11-09 20:31 633 a--sh--- c:\windows\system32\mmf(36)(2).sys
2007-11-09 20:43 633 a--sh--- c:\windows\system32\mmf(37)(2).sys
2007-11-04 10:25 633 a--sh--- c:\windows\system32\mmf(39)(2).sys
2007-11-09 20:31 633 a--sh--- c:\windows\system32\mmf(4)(2).sys
2007-11-09 22:15 633 a--sh--- c:\windows\system32\mmf(4)(3).sys
2007-11-09 20:43 633 a--sh--- c:\windows\system32\mmf(4)(4).sys
2008-03-07 20:50 633 a--sh--- c:\windows\system32\mmf(4).sys
2007-11-09 20:13 633 a--sh--- c:\windows\system32\mmf(5)(2).sys
2007-11-09 20:31 633 a--sh--- c:\windows\system32\mmf(5)(3).sys
2008-03-07 20:43 633 a--sh--- c:\windows\system32\mmf(5).sys
2007-11-09 19:56 633 a--sh--- c:\windows\system32\mmf(6)(2).sys
2007-11-09 21:10 633 a--sh--- c:\windows\system32\mmf(6)(3).sys
2008-03-07 19:58 633 a--sh--- c:\windows\system32\mmf(6).sys
2007-11-09 19:46 633 a--sh--- c:\windows\system32\mmf(7)(2).sys
2008-03-07 21:23 633 a--sh--- c:\windows\system32\mmf(7).sys
2007-11-09 19:37 633 a--sh--- c:\windows\system32\mmf(8)(2).sys
2007-11-09 19:28 633 a--sh--- c:\windows\system32\mmf(8)(3).sys
2008-03-07 21:29 633 a--sh--- c:\windows\system32\mmf(8).sys
2007-11-09 19:32 633 a--sh--- c:\windows\system32\mmf(9)(2).sys
2007-11-09 19:22 633 a--sh--- c:\windows\system32\mmf(9)(3).sys

============= FINISH: 12:39:33.68 ===============

________________________________________________-


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2005 16:24:05
System Uptime: 03/11/2009 18:05:50 (-5670 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | nVidia-nForce2
Processor: AMD Athlon™ XP 2800+ | Socket A | 2079/167mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 234 GiB total, 12.828 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 119.869 GiB free.
F: is Removable
G: is Removable
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1240: 26/01/2009 18:42:29 - System Checkpoint
RP1241: 27/01/2009 20:33:28 - System Checkpoint
RP1242: 29/01/2009 18:21:26 - System Checkpoint
RP1243: 30/01/2009 18:57:50 - System Checkpoint
RP1244: 31/01/2009 17:39:34 - Software Distribution Service 3.0
RP1245: 31/01/2009 21:48:44 - Installed Opera 9.63
RP1246: 01/02/2009 16:56:28 - Installed Windows NLSDownlevelMapping.
RP1247: 01/02/2009 16:57:02 - Installed Windows IDNMitigationAPIs.
RP1248: 01/02/2009 16:59:07 - Installed Windows Internet Explorer 7.
RP1249: 01/02/2009 17:00:31 - Software Distribution Service 3.0
RP1250: 02/02/2009 20:20:19 - System Checkpoint
RP1251: 03/02/2009 21:25:45 - System Checkpoint
RP1252: 05/02/2009 18:48:21 - System Checkpoint
RP1253: 07/02/2009 16:17:12 - System Checkpoint
RP1254: 08/02/2009 18:26:53 - System Checkpoint
RP1255: 09/02/2009 20:20:12 - System Checkpoint
RP1256: 09/02/2009 21:28:11 - Software Distribution Service 3.0
RP1257: 11/02/2009 18:44:15 - System Checkpoint
RP1258: 12/02/2009 19:40:16 - System Checkpoint
RP1259: 14/02/2009 13:28:50 - System Checkpoint
RP1260: 15/02/2009 13:30:31 - System Checkpoint
RP1261: 16/02/2009 18:14:19 - System Checkpoint
RP1262: 17/02/2009 18:40:34 - System Checkpoint
RP1263: 17/02/2009 19:07:04 - SPTD setup V1.53
RP1264: 17/02/2009 19:17:47 - Installed Windows Media Player 10 KB903157.
RP1265: 17/02/2009 19:19:23 - Installed Windows Media Format Runtime
RP1266: 18/02/2009 18:42:17 - Installed Windows Media Player 10 KB903157.
RP1267: 18/02/2009 19:06:07 - Installed Windows Media Player 11
RP1268: 18/02/2009 19:11:57 - Installed Windows XP Wudf01000.
RP1269: 18/02/2009 19:25:04 - Installed Windows XP MSCompPackV1.
RP1270: 27/02/2009 09:45:09 - System Checkpoint
RP1271: 27/02/2009 13:37:37 - free of spyware but still browser hijack
RP1272: 27/02/2009 13:38:00 - Restore Operation
RP1273: 28/02/2009 13:39:18 - System Checkpoint
RP1274: 01/03/2009 18:18:24 - System Checkpoint
RP1275: 02/03/2009 18:28:10 - System Checkpoint
RP1276: 03/03/2009 21:11:33 - System Checkpoint
RP1277: 04/03/2009 18:22:17 - Software Distribution Service 3.0
RP1278: 05/03/2009 18:37:45 - System Checkpoint
RP1279: 09/03/2009 23:04:03 - System Checkpoint
RP1280: 10/03/2009 18:55:15 - ComboFix created restore point
RP1281: 11/03/2009 17:57:35 - Removed J2SE Development Kit 5.0 Update 14
RP1282: 11/03/2009 17:59:26 - Removed J2SE Runtime Environment 5.0 Update 14
RP1283: 11/03/2009 18:00:16 - Removed Java 2 Runtime Environment, SE v1.4.2_04
RP1284: 11/03/2009 18:00:46 - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP1285: 11/03/2009 18:01:18 - Removed Java™ 6 Update 3
RP1286: 11/03/2009 18:02:25 - Removed Java™ 6 Update 5
RP1287: 11/03/2009 18:03:25 - Removed Java™ 6 Update 7
RP1288: 11/03/2009 18:09:35 - Installed Java™ 6 Update 12

==== Installed Programs ======================

3ds max Cg Plugin
3DS Max DDS Plug-In
3dsmax ancillary install
3GP Player 2007
3ivx D4 4.5.1 (remove only)
517142 - ZBrush (Windows) (Shared Components)
7-Zip 4.65
a-squared free 1.5.1
ABBYY FineReader 6.0 Sprint
ABC (remove only)
ACDSee 5.0 Standard Trial
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
Alt-Tab Task Switcher Powertoy for Windows XP
AnswerWorks Runtime
Apple Mobile Device Support
Apple Software Update
AutoBackup
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
AutoUpdate
AVG Free Edition
Backburner
BitTorrent 3.4.2
C-Dilla Licence Management System
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 2.2.3.258
Crazybump Beta Test (remove only)
CuteFTP 8 Professional
DDS Utilities
Direct Folders
DirectShow .SHN FIlter
DivX
DivX Player
Enable S3 for USB Device
EPSON Printer Software
eSupportQFolder
FBX Plugin 2006.08 for Max 9.0
ffdshow [rev 1723] [2007-12-24]
finalShaders SP1
FlashFXP
FLV Player 1.3.3
Fraps
FreeAgent Pro Tools
GdiplusUpgrade
GSpot Codec Information Appliance
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 3900 series
HP Memories Disc
HP Photo and Imaging 2.3 - Scanjet 4600 Series
HP Photosmart Essential
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet3900Series
HPProductAssistant
iPod for Windows 2005-10-12
IrfanView (remove only)
iTunes
Java™ 6 Update 12
K-Lite Codec Pack 2.27 Full
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark 1200 Series
Lexmark Fax Solutions
LogMeIn
Macromedia Flash Player
Macromedia Shockwave Player
Magic Video Converter Trial Version (English) 8.0.3.18
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Windows Media Video 9 VCM
mIRC
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero OEM
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Cg Compiler
NVIDIA Drivers
NVIDIA FX Composer
NVIDIA Photoshop Plug-ins
Opera 9.63
PC Connectivity Solution
PeerGuardian 2.0
Picture Package
PodUtil 2.7.1
QuickTime
RealPlayer
Realtek AC'97 Audio
SDFormatter
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
ShareIns
SkyPaint
SolutionCenter
Sony USB Driver
SoulSeek 157 NS 13
Spybot - Search & Destroy
System Requirements Lab
Tablet
The Haptek Player
Trillian
TVersity Codec Pack 1.2
TVersity Media Server 1.0.0.11 RC7
Tweak UI
TweakNow RegCleaner
Ultra Hal Assistant 6.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Vector Magic
VideoLAN VLC media player 0.8.6i
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VSO CopyToDVD 4
VSO Inspector 1.3.1.82
WebFldrs XP
WebReg
Winamp
Winamp Toolbar for Internet Explorer
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG-4 Video Codec
ZAppLink
ZBrush2
ZBrush3
ZoneAlarm Pro

==== Event Viewer Messages From Past Week ========

09/03/2009 19:11:00, error: Service Control Manager [7000] - The Softimage License Server service failed to start due to the following error: The system cannot find the path specified.
09/03/2009 19:11:00, error: Service Control Manager [7000] - The Sentinel service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:41 AM

Posted 12 March 2009 - 10:10 PM

Hi fat_cap,


Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Initial tests look like the browser hijack has gone which is great!

That sounds good. :thumbup2: The Kas online scan displays mirc was infected. I think it is a False Positive. I'm gonna ignore it.
Other than that, The Quarantine floder in Qoobox will be addressed by uninstalling ComboFix in the following. Since you are clean now, let's do some tidy up.

Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Remember to delete RSIT including the folder in C:\rsit and all the logs we have been used.

Step2

Click Start >> Run and then copy/paste the following into the box and hit Enter:

%userprofile%\Desktop\GooredFix.exe /uninstall

If any of your security programs query a new Registry/AutoStart value being added please allow the changes.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader to your desktop.
    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.

  • Keep your system updated

    Visit Microsoft's Windows Update Site Frequently.

  • Make your Internet Explorer more secure


    Please referring this thread to configure Internet Explorer 7 properly.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

Edited by sundavis, 12 March 2009 - 10:11 PM.


#13 fat_cap

fat_cap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 13 March 2009 - 02:35 PM

Thanks for all your help!

I have followed all the steps you outlined and my computer seems to be acting much better. Thanks again for taking the time to help me - your hard work really is appreciated :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users