Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Malware


  • This topic is locked This topic is locked
30 replies to this topic

#1 invictus005

invictus005

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 22 March 2009 - 08:41 PM

Hello,

My laptop has been infected with malware for more than a month now. I have tried dozens of different programs and methods without success. My browser has been hijacked. When I do a search and click on the results, a new tab automatically opens and takes me to unrelated websites. Also, the search bar on yahoo looks distorted. The computer is constantly doing something in the background as it gets really warm and the fans are always on. Also, my USB cooler pad is not working anymore. I am unable to run Malwarebytes, or SpyBot, even in safe mode and even if I rename the files.

Thanks for all of your help!

Here is my RSIT and HJT report which I just ran:

info.txt logfile of random's system information tool 1.06 2009-03-22 18:24:58

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
After Dark Games-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\After Dark Games\Uninst.isu"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AQUAZONE DESKTOP GARDEN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV Music Morpher Gold-->C:\Program Files\AV Music Morpher Gold\uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D480 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
CopyPod Suite (remove only)-->"C:\Program Files\WindSolutions\CopyPod Suite\uninstall.exe"
Crash Analysis Tool-->MsiExec.exe /X{D5F881C2-B134-474E-AA60-B25DD218AE0D}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Demuxer 2.0-->"C:\Program Files\DVDLogic\DVD Demuxer 2.0\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDAuthorGUI (remove only)-->"C:\Program Files\DVDAuthorGUI\uninstall.exe"
DVD-WMV-->MsiExec.exe /I{19934FC9-A54C-4DEF-ADAD-D3D361C2A595}
FriendAdder Combo Pack-->"C:\Program Files\FriendAdder Combo Pack\uninstall.exe"
Genuine Fractals PrintPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B14FCEE-A1D6-4CF3-B6EF-C0DDA98F978C}\setup.exe" -l0x9 -removeonly
gobeProductive-->MsiExec.exe /I{0DB67C01-CFEA-4DBA-85C8-C15399E3FBE0}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Impossible Golf-->C:\WINDOWS\iun507.exe C:\Program Files\Impossible Golf\irunin.ini
Intel® PROSet-->MsiExec.exe /I{b697396d-4bff-430d-9578-8aa5a549777a}
Internet Explorer Security Plugin 2006-->"C:\Program Files\Video ActiveX Object\iesuninst.exe"
Internet Security Add-On-->"C:\Program Files\Video ActiveX Object\isauninst.exe"
IpWins-->C:\Program Files\Ipwindows\Uninst.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Moyea FLV Downloader version 1.5.0.1-->"C:\Program Files\Moyea\FLV Downloader\unins000.exe"
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition-->MsiExec.exe /I{9C395AAF-F3DB-FA42-2ADF-9CC22B281033}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
O2Micro Smartcard Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
OIN-->"C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
OpenOffice.org 2.0-->MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1}
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PCTEL 2304WT V.9x MDC Modem Drivers-->ptuninst.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Public Messenger ver 2.03-->"C:\Program Files\Video ActiveX Object\pmuninst.exe"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RME Fireface-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\fireface.inf
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Sound Forge 9.0-->MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}
Speaker Workshop-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Audua\Speaker Workshop\Uninst.isu"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase Studio 4-->MsiExec.exe /I{A5FB086B-B602-4452-8FE9-DF6BFBCE3D09}
SWF Toolbox 3.1 (build 3.1.12.153)-->"C:\Program Files\Eltima Software\SWF Toolbox\unins000.exe"
System Alert Popup-->C:\DOCUME~1\USER\LOCALS~1\Temp\lafBC.tmp /del
Ulead DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\Setup.exe" -l0x9
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Video ActiveX Object 2.07-->C:\Program Files\Video ActiveX Object\uninst.exe
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YMPEG: Fast MPEG-1/2/VCD/SVCD Codec-->"C:\WINDOWS\system32\ympguninst.exe"
Zoner Photo Studio 7-->MsiExec.exe /X{17528AC4-E6C2-43CD-8D8D-A62BA476ADC7}

======Security center information======

AV: ESET NOD32 antivirus system 2.70

======System event log======

Computer Name: USER-737A973129
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 32626
Source Name: Tcpip
Time Written: 20090228222206.000000-480
Event Type: warning
User:

Computer Name: USER-737A973129
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 32601
Source Name: Tcpip
Time Written: 20090228175102.000000-480
Event Type: warning
User:

Computer Name: USER-737A973129
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 32600
Source Name: Tcpip
Time Written: 20090228162824.000000-480
Event Type: warning
User:

Computer Name: USER-737A973129
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 32573
Source Name: Tcpip
Time Written: 20090227211434.000000-480
Event Type: warning
User:

Computer Name: USER-737A973129
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 32513
Source Name: Tcpip
Time Written: 20090224215339.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: USER-737A973129
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.25881, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1837
Source Name: Application Hang
Time Written: 20071002001430.000000-420
Event Type: error
User:

Computer Name: USER-737A973129
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.25881, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1794
Source Name: Application Hang
Time Written: 20070920211347.000000-420
Event Type: error
User:

Computer Name: USER-737A973129
Event Code: 1000
Message: Faulting application ipwins.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000111cd.

Record Number: 1642
Source Name: Application Error
Time Written: 20070821180024.000000-420
Event Type: error
User:

Computer Name: USER-737A973129
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20070.6982, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Record Number: 1550
Source Name: Application Error
Time Written: 20070731201300.000000-420
Event Type: error
User:

Computer Name: USER-737A973129
Event Code: 1000
Message: Faulting application ipwins.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003426d.

Record Number: 1504
Source Name: Application Error
Time Written: 20070720194044.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-03-22 18:24:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 511 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:53 PM, on 3/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\USER\New Tiger Cruise\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0331EC40-78DB-077E-897E-0E12E042E6B8} - C:\WINDOWS\system32\kmqkje.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0331EC40-78DB-077E-897E-0E12E042E6B8} - C:\WINDOWS\system32\kmqkje.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Rmn plugin - {ABADC07C-9990-405a-AA24-2C209B50AE79} - svchstb.dll (file missing)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30E0A~1\Bar888.dll (file missing)
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30E0A~1\Bar888.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\system32\YSTEM~1\msdtc.exe" -vt yazr
O4 - HKCU\..\Run: [Vocrc] C:\Program Files\?ppPatch\l?ass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5A3F8A8-34E2-4E1F-A8BB-6175B5DEB85F}: NameServer = 64.81.159.2,216.231.41.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11003 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0331EC40-78DB-077E-897E-0E12E042E6B8}]
C:\WINDOWS\system32\kmqkje.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}]
C:\Program Files\Video ActiveX Object\isaddon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABADC07C-9990-405a-AA24-2C209B50AE79}]
Rmn plugin - svchstb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADECBED6-0366-4377-A739-E69DFBA04663}]
Catcher Class - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1B4DEC2-2623-438e-9CA2-C9043AB28508}]
Bar888 - C:\PROGRA~1\COMMON~1\{30E0A~1\Bar888.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
BHO - C:\WINDOWS\system32\iehelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C1B4DEC2-2623-438e-9CA2-C9043AB28508} - Bar888 - C:\PROGRA~1\COMMON~1\{30E0A~1\Bar888.dll []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"ZCfgSvc.exe"=C:\WINDOWS\system32\ZCfgSvc.exe [2005-07-05 639040]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2005-06-27 135168]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-14 136600]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-01-03 949376]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"FirefaceTray"=C:\WINDOWS\system32\fireface.exe [2008-08-22 74240]
"FirefaceMixTray"=C:\WINDOWS\system32\firefacemix.exe [2008-08-22 305152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"isamonitor.exe"=C:\Program Files\Video ActiveX Object\isamonitor.exe []
"none"=C:\Program Files\Video ActiveX Object\pmsngr.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Tair"=C:\WINDOWS\system32\YSTEM~1\msdtc.exe -vt yazr []
"Vocrc"=C:\Program Files\?ppPatch\l?ass.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"system tool"=C:\WINDOWS\sysguard.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\USER\Start Menu\Programs\Startup
Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2005-07-05 188482]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-03-22 18:24:34 ----D---- C:\Program Files\trend micro
2009-03-22 18:24:32 ----D---- C:\rsit
2009-03-22 16:14:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-22 16:14:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-22 15:30:10 ----D---- C:\Documents and Settings\USER\Application Data\Download Manager
2009-03-16 17:25:42 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-03-15 21:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-15 21:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-15 13:34:35 ----HD---- C:\$AVG8.VAULT$
2009-03-15 13:27:39 ----D---- C:\Program Files\AVG
2009-03-15 13:27:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-15 11:41:36 ----SHD---- C:\WINDOWS\CSC
2009-03-14 18:58:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-14 18:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-14 18:19:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-14 18:19:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-14 18:05:28 ----D---- C:\WINDOWS\Prefetch
2009-03-14 18:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-14 18:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-14 18:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-14 18:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-14 18:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-14 18:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-14 18:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-14 18:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-14 18:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-03-14 18:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-14 18:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-14 18:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-14 18:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-03-14 18:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-14 18:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-14 18:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-03-14 17:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-03-14 17:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-14 17:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-14 17:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-14 17:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-14 17:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-14 17:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-03-14 17:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-14 17:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-14 17:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-14 17:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-03-14 17:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-14 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-03-14 17:54:22 ----A---- C:\WINDOWS\setuplog.txt
2009-03-14 17:52:59 ----D---- C:\WINDOWS\system32\scripting
2009-03-14 17:52:57 ----D---- C:\WINDOWS\l2schemas
2009-03-14 17:52:56 ----D---- C:\WINDOWS\system32\en
2009-03-14 17:52:56 ----D---- C:\WINDOWS\system32\bits
2009-03-14 17:49:30 ----D---- C:\WINDOWS\ServicePackFiles
2009-03-14 17:40:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-14 17:35:17 ----A---- C:\WINDOWS\system32\java.exe
2009-03-14 17:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-14 17:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-14 17:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-13 20:28:28 ----D---- C:\Program Files\Mozilla Firefox
2009-03-12 21:20:10 ----D---- C:\WINDOWS\Minidump
2009-03-12 21:14:48 ----D---- C:\WINDOWS\ie7updates
2009-03-12 21:13:37 ----D---- C:\WINDOWS\WBEM
2009-03-12 21:13:36 ----D---- C:\WINDOWS\system32\en-US
2009-03-12 21:11:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-03-12 21:11:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-03-12 21:07:49 ----D---- C:\WINDOWS\network diagnostic
2009-03-10 22:29:21 ----A---- C:\WINDOWS\system32\schannel.dll
2009-03-09 16:23:20 ----SHD---- C:\WINDOWS\system32\lowsec
2009-03-01 13:53:14 ----A---- C:\Program Files\??.txt
2009-03-01 13:51:46 ----D---- C:\Program Files\LspCAD 6.2 Pro
2009-02-28 19:25:44 ----D---- C:\Program Files\Audua
2009-02-24 23:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$

======List of files/folders modified in the last 1 months======

2009-03-22 18:24:41 ----D---- C:\WINDOWS\Temp
2009-03-22 18:24:34 ----D---- C:\Program Files
2009-03-22 18:07:06 ----D---- C:\WINDOWS\system32
2009-03-22 18:07:01 ----D---- C:\WINDOWS
2009-03-22 17:49:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-22 17:25:08 ----D---- C:\Program Files\Ipwindows
2009-03-22 16:14:44 ----D---- C:\WINDOWS\system32\drivers
2009-03-22 13:15:07 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-15 21:27:35 ----HD---- C:\WINDOWS\inf
2009-03-15 21:27:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-15 21:27:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-15 21:27:22 ----A---- C:\WINDOWS\imsins.BAK
2009-03-15 18:26:46 ----SD---- C:\Documents and Settings\USER\Application Data\Microsoft
2009-03-15 18:25:20 ----SHD---- C:\RECYCLER
2009-03-15 15:43:39 ----D---- C:\Program Files\Common Files\{30E0A844-0577-1033-0629-050408160001}
2009-03-15 13:27:38 ----SHD---- C:\WINDOWS\Installer
2009-03-15 12:54:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-15 12:35:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-15 11:41:43 ----D---- C:\Documents and Settings
2009-03-14 18:53:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-14 18:46:36 ----D---- C:\WINDOWS\WinSxS
2009-03-14 18:07:25 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-03-14 18:04:46 ----D---- C:\WINDOWS\system32\Setup
2009-03-14 18:04:46 ----D---- C:\WINDOWS\AppPatch
2009-03-14 18:04:45 ----RSD---- C:\WINDOWS\Fonts
2009-03-14 18:04:45 ----D---- C:\WINDOWS\system32\wbem
2009-03-14 18:04:45 ----D---- C:\Program Files\Internet Explorer
2009-03-14 18:04:12 ----D---- C:\WINDOWS\security
2009-03-14 18:02:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-14 17:58:20 ----D---- C:\Program Files\Messenger
2009-03-14 17:53:20 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-14 17:53:20 ----D---- C:\WINDOWS\ime
2009-03-14 17:53:20 ----D---- C:\WINDOWS\Help
2009-03-14 17:53:00 ----D---- C:\WINDOWS\system32\usmt
2009-03-14 17:52:56 ----D---- C:\WINDOWS\PeerNet
2009-03-14 17:52:56 ----D---- C:\Program Files\Movie Maker
2009-03-14 17:49:18 ----D---- C:\WINDOWS\system32\Restore
2009-03-14 17:49:18 ----D---- C:\WINDOWS\system32\npp
2009-03-14 17:49:18 ----D---- C:\WINDOWS\mui
2009-03-14 17:49:17 ----D---- C:\WINDOWS\msagent
2009-03-14 17:49:16 ----D---- C:\WINDOWS\srchasst
2009-03-14 17:49:15 ----D---- C:\Program Files\NetMeeting
2009-03-14 17:49:14 ----D---- C:\WINDOWS\system32\Com
2009-03-14 17:49:11 ----D---- C:\Program Files\Windows NT
2009-03-14 17:49:11 ----D---- C:\Program Files\Windows Media Player
2009-03-14 17:49:11 ----D---- C:\Program Files\Outlook Express
2009-03-14 17:49:07 ----D---- C:\Program Files\Common Files\System
2009-03-14 17:48:46 ----D---- C:\WINDOWS\system32\oobe
2009-03-14 17:48:44 ----D---- C:\WINDOWS\system
2009-03-14 17:45:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-14 17:40:48 ----D---- C:\WINDOWS\ehome
2009-03-14 17:34:04 ----D---- C:\Program Files\Java
2009-03-14 17:32:07 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-14 16:04:47 ----D---- C:\Documents and Settings\USER\Application Data\Adobe
2009-03-14 13:35:43 ----D---- C:\Program Files\ESET
2009-03-13 22:18:05 ----D---- C:\Documents and Settings\USER\Application Data\Azureus
2009-03-13 20:34:07 ----D---- C:\Documents and Settings\USER\Application Data\LimeWire
2009-03-13 20:28:41 ----D---- C:\Documents and Settings\USER\Application Data\Mozilla
2009-03-12 21:25:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-12 21:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-12 21:24:45 ----D---- C:\Program Files\Adobe
2009-03-12 21:13:48 ----D---- C:\WINDOWS\system32\config
2009-03-12 21:13:29 ----D---- C:\WINDOWS\Media
2009-03-10 22:28:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-27 17:24:54 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-01-03 15424]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2003-01-23 17217]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-12 17801]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-01-03 512096]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-06-17 10970]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
R3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\system32\DRIVERS\wlluc48.sys [2004-08-03 154624]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-05 132352]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver; C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 fireface;Service for Fireface (WDM); C:\WINDOWS\system32\drivers\fireface.sys [2008-08-22 83072]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2005-07-26 662400]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-14 152984]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-01-03 552064]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2005-07-05 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2005-07-05 421955]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:01 PM

Posted 23 March 2009 - 10:17 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 23 March 2009 - 06:57 PM

Thanks! Here is the log after ComboFix has run. Seems to have fixed the problem. I'm able to run SpyBot and my searches do not seem to be hijacked anymore. Please let me know if there is anything else.

Thank You.



ComboFix 09-03-22.01 - Administrator 2009-03-23 16:40:21.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.336 [GMT -7:00]
Running from: c:\documents and settings\Administrator.USER-737A973129\Desktop\ComboFix2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\USER\Favorites\Online Security Test.url
c:\documents and settings\USER\Start Menu\Programs\Outerinfo
c:\documents and settings\USER\Start Menu\Programs\Outerinfo\Terms.lnk
c:\documents and settings\USER\Start Menu\Programs\Outerinfo\Uninstall.lnk
c:\program files\Common Files\{30E0A~1
c:\program files\Common Files\{90E0A~1
c:\program files\Common Files\{90E0A~2
c:\program files\Common Files\{90E0A~3
c:\program files\Common Files\Yazzle1122OinUninstaller.exe
c:\program files\inetget2
c:\program files\ipwindows
c:\program files\ipwindows\pop11A1.tmp
c:\program files\ipwindows\pop11FB.tmp
c:\program files\ipwindows\pop162C.tmp
c:\program files\ipwindows\pop1656.tmp
c:\program files\ipwindows\pop1848.tmp
c:\program files\ipwindows\pop1976.tmp
c:\program files\ipwindows\pop1F1.tmp
c:\program files\ipwindows\pop1FCF.tmp
c:\program files\ipwindows\pop2506.tmp
c:\program files\ipwindows\pop2A4A.tmp
c:\program files\ipwindows\pop2FF8.tmp
c:\program files\ipwindows\pop3B.tmp
c:\program files\ipwindows\pop4F.tmp
c:\program files\ipwindows\pop58C.tmp
c:\program files\ipwindows\pop602.tmp
c:\program files\ipwindows\pop6C9.tmp
c:\program files\ipwindows\pop81A.tmp
c:\program files\ipwindows\pop8C3.tmp
c:\program files\ipwindows\pop8D8.tmp
c:\program files\ipwindows\popE4F.tmp
c:\program files\ipwindows\popF89.tmp
c:\program files\ipwindows\set1.tmp
c:\program files\ipwindows\set2.tmp
c:\program files\ipwindows\set3.tmp
c:\program files\ipwindows\set4.tmp
c:\program files\ipwindows\set5.tmp
c:\program files\ipwindows\set6.tmp
c:\program files\pppatc~1
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\UACvpyfvamt.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\UACbneolwxy.dll
c:\windows\system32\UACbsapbifk.dll
c:\windows\system32\UACgvsseoep.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClotnepxx.dll
c:\windows\system32\UACqsmccbfd.log
c:\windows\system32\UACtpdwkrrk.dll
c:\windows\system32\UACuxmsntik.log
c:\windows\system32\UACyusivbbf.dat
c:\windows\system32\UACywrqhxdu.dll
c:\windows\system32\unsvchosts.lzma
c:\windows\system32\wnsintsv.exe
c:\windows\system32\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-23 16:06 . 2009-03-23 16:06 <DIR> d-------- c:\documents and settings\Administrator.USER-737A973129\Application Data\Ulead Systems
2009-03-22 18:24 . 2009-03-22 18:24 <DIR> d-------- C:\rsit
2009-03-22 18:24 . 2009-03-22 18:24 <DIR> d-------- c:\program files\trend micro
2009-03-22 16:14 . 2009-03-22 18:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-22 16:14 . 2009-03-22 16:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-22 16:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-22 16:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-22 15:30 . 2009-03-22 16:53 <DIR> d-------- c:\documents and settings\USER\Application Data\Download Manager
2009-03-15 18:52 . 2009-03-15 19:30 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-15 13:34 . 2009-03-15 15:46 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-15 13:27 . 2009-03-15 13:27 <DIR> d-------- c:\program files\AVG
2009-03-15 13:27 . 2009-03-15 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-15 11:41 . 2009-03-15 13:28 <DIR> d-------- c:\documents and settings\Administrator.USER-737A973129
2009-03-14 18:59 . 2009-03-14 18:59 <DIR> d-------- c:\documents and settings\Administrator
2009-03-14 18:19 . 2009-03-22 18:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-14 18:19 . 2009-03-23 15:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-14 17:52 . 2009-03-14 17:52 <DIR> d-------- c:\windows\system32\scripting
2009-03-14 17:52 . 2009-03-14 17:52 <DIR> d-------- c:\windows\system32\en
2009-03-14 17:52 . 2009-03-14 17:52 <DIR> d-------- c:\windows\system32\bits
2009-03-14 17:52 . 2009-03-14 17:52 <DIR> d-------- c:\windows\l2schemas
2009-03-14 17:49 . 2009-03-14 17:53 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-14 17:35 . 2009-03-14 17:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-12 21:14 . 2008-12-20 16:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-12 21:14 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-12 21:14 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-12 21:14 . 2008-12-20 16:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-12 21:14 . 2008-12-20 16:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-12 21:14 . 2008-12-20 16:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-12 21:14 . 2008-12-20 16:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-12 21:14 . 2008-12-20 16:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-12 21:14 . 2008-12-19 02:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-10 22:29 . 2009-02-09 04:13 1,846,784 --a------ c:\windows\system32\win32k.sys
2009-03-10 22:29 . 2008-12-04 23:54 144,896 --a------ c:\windows\system32\schannel.dll
2009-03-01 22:54 . 2009-03-01 23:06 <DIR> d-------- c:\documents and settings\USER\Long Grove
2009-03-01 13:51 . 2009-03-05 17:50 <DIR> d-------- c:\program files\LspCAD 6.2 Pro
2009-02-28 19:29 . 2009-02-28 19:29 263,680 --a------ c:\documents and settings\USER\04_09_0.exe
2009-02-28 19:25 . 2009-02-28 19:25 <DIR> d-------- c:\program files\Audua

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 23:15 --------- d-----w c:\program files\ESET
2009-03-15 00:34 --------- d-----w c:\program files\Java
2009-03-14 05:18 --------- d-----w c:\documents and settings\USER\Application Data\Azureus
2009-03-14 03:34 --------- d-----w c:\documents and settings\USER\Application Data\LimeWire
2009-03-13 04:25 --------- d-----w c:\program files\Common Files\Adobe
2009-03-11 05:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 00:24 --------- d-----w c:\program files\Microsoft Silverlight
2007-01-05 04:17 415,784 ----a-w c:\documents and settings\USER\msgr8us.exe
2007-01-02 04:18 359,112 ----a-w c:\documents and settings\USER\LimeWireWin.exe
2006-01-09 01:35 260 ----a-w c:\program files\??.txt
2006-01-07 07:02 25,173 ----a-w c:\program files\Lz0.nfo
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 136600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCTVOICE"="pctspk.exe" [2003-02-24 c:\windows\system32\pctspk.exe]
"FirefaceTray"="fireface.exe" [2008-08-22 c:\windows\system32\fireface.exe]
"FirefaceMixTray"="firefacemix.exe" [2008-08-22 c:\windows\system32\firefacemix.exe]

c:\documents and settings\USER\Start Menu\Programs\Startup\
Spybot - Search & Destroy.lnk - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-03-15 5365592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Spybot - Search & Destroy.lnk - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-03-15 5365592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 01:33 188482 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.dvsd"= pdvcodec.dll
"VIDC.YMPG"= ympgcdc.dll
"msacm.ympgacm"= ympgacm.acm
"wave1"= fireface_mme.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2005-08-12 92550]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2005-08-11 46108]
S3 fireface;Service for Fireface (WDM);c:\windows\system32\drivers\fireface.sys [2008-10-11 83072]
.
Contents of the 'Scheduled Tasks' folder

2008-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0331EC40-78DB-077E-897E-0E12E042E6B8} - c:\windows\system32\kmqkje.dll
BHO-{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - c:\program files\Video ActiveX Object\isaddon.dll
BHO-{ABADC07C-9990-405a-AA24-2C209B50AE79} - svchstb.dll
BHO-{C1B4DEC2-2623-438e-9CA2-C9043AB28508} - c:\progra~1\COMMON~1\{30E0A~1\Bar888.dll
BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - c:\windows\system32\iehelper.dll
Toolbar-{C1B4DEC2-2623-438e-9CA2-C9043AB28508} - c:\progra~1\COMMON~1\{30E0A~1\Bar888.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.fulldotfind.com/pubac/ac.php?aid=100&sid=v300
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A5A3F8A8-34E2-4E1F-A8BB-6175B5DEB85F} = 64.81.159.2,216.231.41.2
FF - ProfilePath - c:\documents and settings\Administrator.USER-737A973129\Application Data\Mozilla\Firefox\Profiles\s00d8stb.default\
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 16:46:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
.
**************************************************************************
.
Completion time: 2009-03-23 16:51:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-23 23:50:57

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

238 --- E O F --- 2009-03-16 04:27:35

Edited by invictus005, 23 March 2009 - 07:15 PM.


#4 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 23 March 2009 - 10:51 PM

Further observations and a new problem. Ok, the Yahoo bar looks normal now, it was distorted before (only half of it was showing and the text was cut in half). Both MalwareBytes and SpyBot now open and work. In order to run the ComboFix, I had to do it in Safe Mode and I also had to rename the file.

Now here is the problem: My computer no longer has any sound. Under Sound and Audio Devices Properties, it says no Audio Device. I guess ComboFix deleted it. I don't know how to reinstall it.

Thanks again!

Edited by invictus005, 23 March 2009 - 10:54 PM.


#5 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 23 March 2009 - 10:53 PM

Here is the log I got after MalwareBytes ran:

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

3/23/2009 8:51:42 PM
mbam-log-2009-03-23 (20-51-42).txt

Scan type: Quick Scan
Objects scanned: 75739
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abadc07c-9990-405a-aa24-2c209b50ae79} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

Edited by invictus005, 23 March 2009 - 10:55 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:01 PM

Posted 24 March 2009 - 01:32 PM

Combofix should not be run in safe mode.

Click Start -> Run -> devmgmt.msc
Do you see any yellow or red notations that would indicate a problem?

Double click on System devices
Double click on System speaker
At the bottom make sure that "Use this device (enable)" is selected.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 25 March 2009 - 12:23 AM

Hi,

Ok, there are no yellow, or red notations. Once I double click on system location, I get a System Speaker Properties window. Under Device Status, the message says "No drivers are installed for this device." Under Device Usage, "Use this device (enable)" is selected. If I click on the "Driver" tab and click on "Driver Update," I get a message saying "The wizard could not find a better match for your hardware than the software you currently have installed." I do not have the tiny sound/speaker icon that usually appears near the bottom of the screen by the time clock either.

As far as running ComboFix... It would not start in normal mode, even if I renamed it. I was able to rename it and start it in safe mode. As soon as it started, it prompted a computer restart. Once the computer restarted it did the actual system scan in normal mode at that point.

Thanks again!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:01 PM

Posted 25 March 2009 - 02:58 PM

Please post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 25 March 2009 - 10:57 PM

Hi Sam,

Here it is:

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-03-25 20:55:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (35%) free of 38 GB
Total RAM: 511 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:25 PM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\USER\New Tiger Cruise\Desktop\RSIT.exe
C:\Program Files\trend micro\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0331EC40-78DB-077E-897E-0E12E042E6B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\system32\YSTEM~1\msdtc.exe" -vt yazr
O4 - HKCU\..\Run: [Vocrc] C:\Program Files\?ppPatch\l?ass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5A3F8A8-34E2-4E1F-A8BB-6175B5DEB85F}: NameServer = 64.81.159.2,216.231.41.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9026 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADECBED6-0366-4377-A739-E69DFBA04663}]
Catcher Class - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"ZCfgSvc.exe"=C:\WINDOWS\system32\ZCfgSvc.exe [2005-07-05 639040]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2005-06-27 135168]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-14 136600]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"FirefaceTray"=C:\WINDOWS\system32\fireface.exe [2008-08-22 74240]
"FirefaceMixTray"=C:\WINDOWS\system32\firefacemix.exe [2008-08-22 305152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Tair"=C:\WINDOWS\system32\YSTEM~1\msdtc.exe -vt yazr []
"Vocrc"=C:\Program Files\?ppPatch\l?ass.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\USER\Start Menu\Programs\Startup
Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2005-07-05 188482]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-03-24 20:19:42 ----D---- C:\WINDOWS\LastGood.Tmp
2009-03-23 20:45:40 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2009-03-23 16:51:07 ----D---- C:\WINDOWS\temp
2009-03-23 16:51:02 ----A---- C:\ComboFix.txt
2009-03-23 16:33:06 ----A---- C:\Boot.bak
2009-03-23 16:33:00 ----RASHD---- C:\cmdcons
2009-03-23 16:30:12 ----A---- C:\WINDOWS\zip.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\VFIND.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\SWSC.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\SWREG.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\sed.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\grep.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\fdsv.exe
2009-03-23 16:30:08 ----D---- C:\WINDOWS\ERDNT
2009-03-23 16:30:08 ----D---- C:\ComboFix2
2009-03-23 15:59:13 ----D---- C:\Qoobox
2009-03-22 18:24:34 ----D---- C:\Program Files\trend micro
2009-03-22 18:24:32 ----D---- C:\rsit
2009-03-22 16:14:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-22 16:14:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-22 15:30:10 ----D---- C:\Documents and Settings\USER\Application Data\Download Manager
2009-03-15 21:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-15 21:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-15 13:34:35 ----HD---- C:\$AVG8.VAULT$
2009-03-15 13:27:39 ----D---- C:\Program Files\AVG
2009-03-15 13:27:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-15 11:41:36 ----SHD---- C:\WINDOWS\CSC
2009-03-14 18:58:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-14 18:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-14 18:19:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-14 18:19:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-14 18:05:28 ----D---- C:\WINDOWS\Prefetch
2009-03-14 18:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-14 18:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-14 18:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-14 18:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-14 18:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-14 18:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-14 18:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-14 18:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-14 18:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-03-14 18:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-14 18:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-14 18:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-14 18:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-03-14 18:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-14 18:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-14 18:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-03-14 17:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-03-14 17:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-14 17:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-14 17:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-14 17:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-14 17:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-14 17:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-03-14 17:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-14 17:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-14 17:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-14 17:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-03-14 17:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-14 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-03-14 17:54:22 ----A---- C:\WINDOWS\setuplog.txt
2009-03-14 17:52:59 ----D---- C:\WINDOWS\system32\scripting
2009-03-14 17:52:57 ----D---- C:\WINDOWS\l2schemas
2009-03-14 17:52:56 ----D---- C:\WINDOWS\system32\en
2009-03-14 17:52:56 ----D---- C:\WINDOWS\system32\bits
2009-03-14 17:49:30 ----D---- C:\WINDOWS\ServicePackFiles
2009-03-14 17:40:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-14 17:35:17 ----A---- C:\WINDOWS\system32\java.exe
2009-03-14 17:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-14 17:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-14 17:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-13 20:28:28 ----D---- C:\Program Files\Mozilla Firefox
2009-03-12 21:20:10 ----D---- C:\WINDOWS\Minidump
2009-03-12 21:14:48 ----D---- C:\WINDOWS\ie7updates
2009-03-12 21:13:37 ----D---- C:\WINDOWS\WBEM
2009-03-12 21:13:36 ----D---- C:\WINDOWS\system32\en-US
2009-03-12 21:11:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-03-12 21:11:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-03-12 21:07:49 ----D---- C:\WINDOWS\network diagnostic
2009-03-10 22:29:21 ----A---- C:\WINDOWS\system32\schannel.dll
2009-03-01 13:53:14 ----A---- C:\Program Files\??.txt
2009-03-01 13:51:46 ----D---- C:\Program Files\LspCAD 6.2 Pro
2009-02-28 19:25:44 ----D---- C:\Program Files\Audua

======List of files/folders modified in the last 1 months======

2009-03-24 22:13:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-24 20:48:22 ----D---- C:\WINDOWS
2009-03-24 20:19:45 ----D---- C:\WINDOWS\system32\drivers
2009-03-24 20:19:45 ----D---- C:\WINDOWS\system32
2009-03-24 20:03:55 ----HD---- C:\WINDOWS\inf
2009-03-23 16:46:58 ----A---- C:\WINDOWS\system.ini
2009-03-23 16:43:04 ----D---- C:\WINDOWS\AppPatch
2009-03-23 16:42:49 ----D---- C:\Program Files\Common Files
2009-03-23 16:41:04 ----D---- C:\Program Files
2009-03-23 16:33:07 ----RASH---- C:\boot.ini
2009-03-23 16:15:34 ----D---- C:\Program Files\ESET
2009-03-23 16:04:50 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-03-22 22:40:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-22 13:15:07 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-15 21:27:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-15 21:27:22 ----A---- C:\WINDOWS\imsins.BAK
2009-03-15 18:26:46 ----SD---- C:\Documents and Settings\USER\Application Data\Microsoft
2009-03-15 18:25:20 ----SHD---- C:\RECYCLER
2009-03-15 13:27:38 ----SHD---- C:\WINDOWS\Installer
2009-03-15 12:54:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-15 12:35:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-15 11:41:43 ----D---- C:\Documents and Settings
2009-03-14 18:53:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-14 18:46:36 ----D---- C:\WINDOWS\WinSxS
2009-03-14 18:04:46 ----D---- C:\WINDOWS\system32\Setup
2009-03-14 18:04:45 ----RSD---- C:\WINDOWS\Fonts
2009-03-14 18:04:45 ----D---- C:\WINDOWS\system32\wbem
2009-03-14 18:04:45 ----D---- C:\Program Files\Internet Explorer
2009-03-14 18:04:12 ----D---- C:\WINDOWS\security
2009-03-14 18:02:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-14 17:58:20 ----D---- C:\Program Files\Messenger
2009-03-14 17:53:20 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-14 17:53:20 ----D---- C:\WINDOWS\ime
2009-03-14 17:53:20 ----D---- C:\WINDOWS\Help
2009-03-14 17:53:00 ----D---- C:\WINDOWS\system32\usmt
2009-03-14 17:52:56 ----D---- C:\WINDOWS\PeerNet
2009-03-14 17:52:56 ----D---- C:\Program Files\Movie Maker
2009-03-14 17:49:18 ----D---- C:\WINDOWS\system32\Restore
2009-03-14 17:49:18 ----D---- C:\WINDOWS\system32\npp
2009-03-14 17:49:18 ----D---- C:\WINDOWS\mui
2009-03-14 17:49:17 ----D---- C:\WINDOWS\msagent
2009-03-14 17:49:16 ----D---- C:\WINDOWS\srchasst
2009-03-14 17:49:15 ----D---- C:\Program Files\NetMeeting
2009-03-14 17:49:14 ----D---- C:\WINDOWS\system32\Com
2009-03-14 17:49:11 ----D---- C:\Program Files\Windows NT
2009-03-14 17:49:11 ----D---- C:\Program Files\Windows Media Player
2009-03-14 17:49:11 ----D---- C:\Program Files\Outlook Express
2009-03-14 17:49:07 ----D---- C:\Program Files\Common Files\System
2009-03-14 17:48:46 ----D---- C:\WINDOWS\system32\oobe
2009-03-14 17:48:44 ----D---- C:\WINDOWS\system
2009-03-14 17:45:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-14 17:40:48 ----D---- C:\WINDOWS\ehome
2009-03-14 17:34:04 ----D---- C:\Program Files\Java
2009-03-14 17:32:07 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-14 16:04:47 ----D---- C:\Documents and Settings\USER\Application Data\Adobe
2009-03-13 22:18:05 ----D---- C:\Documents and Settings\USER\Application Data\Azureus
2009-03-13 20:34:07 ----D---- C:\Documents and Settings\USER\Application Data\LimeWire
2009-03-13 20:28:41 ----D---- C:\Documents and Settings\USER\Application Data\Mozilla
2009-03-12 21:25:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-12 21:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-12 21:24:45 ----D---- C:\Program Files\Adobe
2009-03-12 21:13:48 ----D---- C:\WINDOWS\system32\config
2009-03-12 21:13:29 ----D---- C:\WINDOWS\Media
2009-03-10 22:28:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-27 17:24:54 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2003-01-23 17217]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
R3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\system32\DRIVERS\wlluc48.sys [2004-08-03 154624]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-12 17801]
S2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-06-17 10970]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-05 132352]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver; C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 fireface;Service for Fireface (WDM); C:\WINDOWS\system32\drivers\fireface.sys [2008-08-22 83072]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2005-07-26 662400]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-14 152984]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
S2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2005-07-05 122880]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2005-07-05 421955]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:01 PM

Posted 26 March 2009 - 02:29 PM

From what I can tell it looks like your audio drivers are no longer loading as they should.

O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe


If these were preloaded when you bought the computer you may have a disc where you can reinstall the driver. Otherwise you will need to determine exactly which driver you need for your computer and then download them to reinstall.


For this next step you will need to disable Spybot's Teatimer or it will interfere with Hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.



Run Hijackthis, located here: C:\Program Files\trend micro\USER.exe

Click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {0331EC40-78DB-077E-897E-0E12E042E6B8} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (file missing)
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\system32\YSTEM~1\msdtc.exe" -vt yazr
O4 - HKCU\..\Run: [Vocrc] C:\Program Files\?ppPatch\l?ass.exe




Reboot your computer and post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 27 March 2009 - 12:40 AM

Here is the new RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-03-26 22:36:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (34%) free of 38 GB
Total RAM: 511 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:56 PM, on 3/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\New Tiger Cruise\Desktop\RSIT.exe
C:\Program Files\trend micro\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5A3F8A8-34E2-4E1F-A8BB-6175B5DEB85F}: NameServer = 64.81.159.2,216.231.41.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8212 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"ZCfgSvc.exe"=C:\WINDOWS\system32\ZCfgSvc.exe [2005-07-05 639040]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2005-06-27 135168]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-14 136600]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"FirefaceTray"=C:\WINDOWS\system32\fireface.exe [2008-08-22 74240]
"FirefaceMixTray"=C:\WINDOWS\system32\firefacemix.exe [2008-08-22 305152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\USER\Start Menu\Programs\Startup
Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2005-07-05 188482]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-03-24 20:19:42 ----D---- C:\WINDOWS\LastGood.Tmp
2009-03-23 20:45:40 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2009-03-23 16:51:07 ----D---- C:\WINDOWS\temp
2009-03-23 16:51:02 ----A---- C:\ComboFix.txt
2009-03-23 16:33:06 ----A---- C:\Boot.bak
2009-03-23 16:33:00 ----RASHD---- C:\cmdcons
2009-03-23 16:30:12 ----A---- C:\WINDOWS\zip.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\VFIND.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\SWSC.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\SWREG.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\sed.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\grep.exe
2009-03-23 16:30:12 ----A---- C:\WINDOWS\fdsv.exe
2009-03-23 16:30:08 ----D---- C:\WINDOWS\ERDNT
2009-03-23 16:30:08 ----D---- C:\ComboFix2
2009-03-23 15:59:13 ----D---- C:\Qoobox
2009-03-22 18:24:34 ----D---- C:\Program Files\trend micro
2009-03-22 18:24:32 ----D---- C:\rsit
2009-03-22 16:14:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-22 16:14:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-22 15:30:10 ----D---- C:\Documents and Settings\USER\Application Data\Download Manager
2009-03-15 21:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-15 21:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-15 13:34:35 ----HD---- C:\$AVG8.VAULT$
2009-03-15 13:27:39 ----D---- C:\Program Files\AVG
2009-03-15 13:27:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-15 11:41:36 ----SHD---- C:\WINDOWS\CSC
2009-03-14 18:58:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-14 18:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-14 18:19:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-14 18:19:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-14 18:05:28 ----D---- C:\WINDOWS\Prefetch
2009-03-14 18:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-14 18:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-14 18:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-14 18:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-14 18:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-14 18:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-14 18:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-14 18:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-14 18:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-03-14 18:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-14 18:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-14 18:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-14 18:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-03-14 18:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-14 18:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-14 18:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-03-14 17:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-03-14 17:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-14 17:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-14 17:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-14 17:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-14 17:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-14 17:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-03-14 17:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-14 17:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-14 17:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-14 17:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-03-14 17:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-14 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-03-14 17:54:22 ----A---- C:\WINDOWS\setuplog.txt
2009-03-14 17:52:59 ----D---- C:\WINDOWS\system32\scripting
2009-03-14 17:52:57 ----D---- C:\WINDOWS\l2schemas
2009-03-14 17:52:56 ----D---- C:\WINDOWS\system32\en
2009-03-14 17:52:56 ----D---- C:\WINDOWS\system32\bits
2009-03-14 17:49:30 ----D---- C:\WINDOWS\ServicePackFiles
2009-03-14 17:40:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-14 17:35:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-14 17:35:17 ----A---- C:\WINDOWS\system32\java.exe
2009-03-14 17:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-14 17:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-14 17:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-13 20:28:28 ----D---- C:\Program Files\Mozilla Firefox
2009-03-12 21:20:10 ----D---- C:\WINDOWS\Minidump
2009-03-12 21:14:48 ----D---- C:\WINDOWS\ie7updates
2009-03-12 21:13:37 ----D---- C:\WINDOWS\WBEM
2009-03-12 21:13:36 ----D---- C:\WINDOWS\system32\en-US
2009-03-12 21:11:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-03-12 21:11:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-03-12 21:07:49 ----D---- C:\WINDOWS\network diagnostic
2009-03-10 22:29:21 ----A---- C:\WINDOWS\system32\schannel.dll
2009-03-01 13:53:14 ----A---- C:\Program Files\??.txt
2009-03-01 13:51:46 ----D---- C:\Program Files\LspCAD 6.2 Pro
2009-02-28 19:25:44 ----D---- C:\Program Files\Audua

======List of files/folders modified in the last 1 months======

2009-03-24 22:13:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-24 20:48:22 ----D---- C:\WINDOWS
2009-03-24 20:19:45 ----D---- C:\WINDOWS\system32\drivers
2009-03-24 20:19:45 ----D---- C:\WINDOWS\system32
2009-03-24 20:03:55 ----HD---- C:\WINDOWS\inf
2009-03-23 16:46:58 ----A---- C:\WINDOWS\system.ini
2009-03-23 16:43:04 ----D---- C:\WINDOWS\AppPatch
2009-03-23 16:42:49 ----D---- C:\Program Files\Common Files
2009-03-23 16:41:04 ----D---- C:\Program Files
2009-03-23 16:33:07 ----RASH---- C:\boot.ini
2009-03-23 16:15:34 ----D---- C:\Program Files\ESET
2009-03-23 16:04:50 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-03-22 22:40:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-22 13:15:07 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-15 21:27:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-15 21:27:22 ----A---- C:\WINDOWS\imsins.BAK
2009-03-15 18:26:46 ----SD---- C:\Documents and Settings\USER\Application Data\Microsoft
2009-03-15 18:25:20 ----SHD---- C:\RECYCLER
2009-03-15 13:27:38 ----SHD---- C:\WINDOWS\Installer
2009-03-15 12:54:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-15 12:35:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-15 11:41:43 ----D---- C:\Documents and Settings
2009-03-14 18:53:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-14 18:46:36 ----D---- C:\WINDOWS\WinSxS
2009-03-14 18:04:46 ----D---- C:\WINDOWS\system32\Setup
2009-03-14 18:04:45 ----RSD---- C:\WINDOWS\Fonts
2009-03-14 18:04:45 ----D---- C:\WINDOWS\system32\wbem
2009-03-14 18:04:45 ----D---- C:\Program Files\Internet Explorer
2009-03-14 18:04:12 ----D---- C:\WINDOWS\security
2009-03-14 18:02:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-14 17:58:20 ----D---- C:\Program Files\Messenger
2009-03-14 17:53:20 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-14 17:53:20 ----D---- C:\WINDOWS\ime
2009-03-14 17:53:20 ----D---- C:\WINDOWS\Help
2009-03-14 17:53:00 ----D---- C:\WINDOWS\system32\usmt
2009-03-14 17:52:56 ----D---- C:\WINDOWS\PeerNet
2009-03-14 17:52:56 ----D---- C:\Program Files\Movie Maker
2009-03-14 17:49:18 ----D---- C:\WINDOWS\system32\Restore
2009-03-14 17:49:18 ----D---- C:\WINDOWS\system32\npp
2009-03-14 17:49:18 ----D---- C:\WINDOWS\mui
2009-03-14 17:49:17 ----D---- C:\WINDOWS\msagent
2009-03-14 17:49:16 ----D---- C:\WINDOWS\srchasst
2009-03-14 17:49:15 ----D---- C:\Program Files\NetMeeting
2009-03-14 17:49:14 ----D---- C:\WINDOWS\system32\Com
2009-03-14 17:49:11 ----D---- C:\Program Files\Windows NT
2009-03-14 17:49:11 ----D---- C:\Program Files\Windows Media Player
2009-03-14 17:49:11 ----D---- C:\Program Files\Outlook Express
2009-03-14 17:49:07 ----D---- C:\Program Files\Common Files\System
2009-03-14 17:48:46 ----D---- C:\WINDOWS\system32\oobe
2009-03-14 17:48:44 ----D---- C:\WINDOWS\system
2009-03-14 17:45:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-14 17:40:48 ----D---- C:\WINDOWS\ehome
2009-03-14 17:34:04 ----D---- C:\Program Files\Java
2009-03-14 17:32:07 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-14 16:04:47 ----D---- C:\Documents and Settings\USER\Application Data\Adobe
2009-03-13 22:18:05 ----D---- C:\Documents and Settings\USER\Application Data\Azureus
2009-03-13 20:34:07 ----D---- C:\Documents and Settings\USER\Application Data\LimeWire
2009-03-13 20:28:41 ----D---- C:\Documents and Settings\USER\Application Data\Mozilla
2009-03-12 21:25:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-12 21:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-12 21:24:45 ----D---- C:\Program Files\Adobe
2009-03-12 21:13:48 ----D---- C:\WINDOWS\system32\config
2009-03-12 21:13:29 ----D---- C:\WINDOWS\Media
2009-03-10 22:28:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-27 17:24:54 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2003-01-23 17217]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
R3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\system32\DRIVERS\wlluc48.sys [2004-08-03 154624]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-12 17801]
S2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-06-17 10970]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-05 132352]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver; C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 fireface;Service for Fireface (WDM); C:\WINDOWS\system32\drivers\fireface.sys [2008-08-22 83072]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2005-07-26 662400]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-14 152984]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
S2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2005-07-05 122880]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2005-07-05 421955]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:01 PM

Posted 27 March 2009 - 06:11 PM

That log looks pretty good to me. How are things on your end?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 28 March 2009 - 12:40 AM

Everything seems to be working 100% except for sound. I haven't been able to download the correct driver yet. But as far as the browser hijacking, etc. It is definitely fixed. Thank you very much for your help.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:01 PM

Posted 28 March 2009 - 10:56 AM

Glad I could help! :)


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


==================



Let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 invictus005

invictus005
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 28 March 2009 - 08:05 PM

Hi Sam,

I downloaded the sound driver directly from Dell, SIGMATEL STAC 9750 AC97, it installed but it still wont work. Also, I can no longer install many different programs because an error window comes up saying "The system administrator has set policies to prevent this installation." Also, I cannot run certain programs because I get this error message: "Error 1084: The service cannot be started in safe mode." Now I'm not in safe mode anymore, but it sure is acting that way. It seems like a lot of setting have been changed...

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users