Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacker Attack


  • This topic is locked This topic is locked
15 replies to this topic

#1 DESTROYER

DESTROYER

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 26 July 2009 - 04:14 AM

Hello everyone!

I like to write down my story, about whatís happened to me on 2nd of July.
Please be patient if my story is to long you may learn something from it.
I have some problems with my Zone Alarm fire wall, and I turn it off and on to find out whatís the problem with my fire wall. At the time suddenly my computer start slowing down and a couple of minutes later my Panda antivirus scanner is showing an unknown program that wants to access the internet, and shows me which folders and exe file was that. I find 8 folders to nested into c:/ programs. But this was only the beginning.
I delete those files and I restart my computer. I think my computer going to be all right, but the series of attacks just start when I restart my computer, my Panda antivirus program went berserk, stoping all the unknown programs.
I turned off my internet connection and the attacks stopped. I start scanning my computer with Panda, it found nothing, Malware bytes anti malware nothing serious, S&D, nothing, Ad-Aware, nothing serious.
So I decide that the hacker is not going to win this battle. I start my computer in safe mode with network, and start searching through what changed between 2nd of July and I find 1088.MDF files and 1122. Exe files have changed.
The next thing to start a big cleaning. I know the easiest thing to do is to just reformat the HDD and the problem is solved, but I always like a challenge, thatís how you learn. Anyway it took me 1-1 Ĺ weeks to completely restore my computer.
The person who attacked my computer, I trace them down and he or she lives in China.
I used McAfee Visual Trace. This program has a 30 days trial period.
This person, I think has very good knowledge of how to hack into computers I even found in Administrative Tools (Services) 3-4 programs that was on automatic, so I disable it.
When I start a program, the program wants access to that persons IP address.
I have that person IP address just donít know what I can do with that, if the site Admin allow me to post it I will post it in my new topic.
So my computer is running well but I have a feeling that when I check my HJ log there is still something there. If someone can help me check out my log file I will appreciate it very much.
Thank you so much.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 05 August 2009 - 03:37 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 DESTROYER

DESTROYER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 06 August 2009 - 02:27 AM

Hi Net Surfer!

Thanks for the reply. I downloaded those two programs that you suggested to me and I only run the DDS.scr and here is the result.
I know of some other programs that are lurking in my computer, but I was very fortunate to have been able to manage to stop it and I just need to remove it.
Thank you very much for your help

DDS (Ver_09-07-30.01) - NTFSx86
Run by Apuci at 14:43:55.90 on Thu 06/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1023.458 [GMT 10:00]

AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\system32\svchost -k Panda
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Dolores's Files\My Ink Resident.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Apuci\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
uURLSearchHooks: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar2.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: FreshDownload Bar: {ed0e8ca5-42fb-4b18-997b-769e0408e79d} -
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar2.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CursorXP] c:\program files\cursorxp\CursorXP.exe
uRun: [H/PC Connection Agent] "c:\progra~1\mi3aa1~1\wcescomm.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2009\Inicio.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myinkr~1.lnk - d:\dolores's files\My Ink Resident.exe
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-au\msntabres.dll.mui/229?7b4dbfb583bb471eb3363c552c054de3
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-au\msntabres.dll.mui/230?7b4dbfb583bb471eb3363c552c054de3
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\denise\start menu\programs\games\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\hide my ip 2007\ProxyFilter.dll
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25EBFA7E-A624-487D-AD62-BD7EE060B2D7} - hxxp://supernatural.ten.com.au/entriq/cab/NetworkTen_3_5_0_5.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226039343328
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://supernatural.ten.com.au/entriq/cab/Entriq_3_5_2_2_Silent.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avldr - avldr.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system32\srr

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-10 64160]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-7-6 28544]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-2 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-9-27 5504]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-7-6 41144]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-4 353672]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-18 464264]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\IS360srv.exe [2009-7-26 304912]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2009\PsCtrlS.exe [2009-7-6 181504]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-7-6 84024]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2009\PavFnSvr.exe [2009-7-6 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-7-6 179640]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2009-7-6 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2009\PAVSRV51.EXE [2009-7-6 288512]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2009\psksvc.exe [2009-7-6 28928]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S0 cjugm;cjugm; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 1029456]
S2 SDService;SDService; [x]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 AvFlt;Antivirus Filter Driver; [x]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-7-9 13880]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-10 66056]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-26 42000]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]
S4 dnjpingewlk;dnjpingewlk; [x]
S4 sfcvnwmxcvu;sfcvnwmxcvu; [x]
S4 zgwjxiycbnwphz;zgwjxiycbnwphz; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-30 17:25 163,712 a------- c:\windows\system32\drivers\vidstub.sys
2009-07-30 00:57 24 ---sh--- c:\windows\S826C4B08.tmp
2009-07-26 13:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-07-24 22:04 10,841 a------- c:\windows\system32\EPPICResdb0000
2009-07-24 22:04 121 a------- c:\windows\system32\EPPICResdb
2009-07-23 23:23 <DIR> --d----- c:\program files\EPSON Print CD
2009-07-15 02:38 96,768 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-07-14 14:21 81,920 -------- c:\windows\system32\ieencode.dll
2009-07-12 02:24 68,608 ac------ c:\windows\system32\dllcache\plugin.ocx
2009-07-12 01:08 <DIR> --dsh--- c:\documents and settings\apuci\IECompatCache
2009-07-12 01:07 <DIR> --dsh--- c:\documents and settings\apuci\PrivacIE
2009-07-12 01:03 <DIR> --dsh--- c:\documents and settings\apuci\IETldCache
2009-07-12 01:00 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-12 01:00 <DIR> --d----- c:\windows\ie8updates
2009-07-12 00:59 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-12 00:59 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-12 00:56 <DIR> -cd-h--- c:\windows\ie8
2009-07-11 22:26 235,100 a------- c:\windows\system32\drivers\MidiSyn.sys
2009-07-11 22:25 381,056 a------- c:\windows\system32\drivers\senfilt.sys
2009-07-11 22:25 133,200 a------- c:\windows\system32\drivers\aeaudio.sys
2009-07-11 22:25 1,285,632 a------- c:\windows\system32\SMMedia.dll
2009-07-11 22:25 30,208 a------- c:\windows\system32\wdmioctl.dll
2009-07-11 22:25 765,952 a------- c:\windows\system\crlds3d.dll
2009-07-11 22:25 65,536 a------- c:\windows\system32\Audio3d.dll
2009-07-11 22:25 <DIR> --d----- c:\windows\VirtualEar
2009-07-11 22:25 991,232 a------- c:\windows\system32\virtear.dll
2009-07-11 22:25 259,648 a------- c:\windows\system32\drivers\smwdm.sys
2009-07-11 22:25 49,152 a------- c:\windows\system32\DSndUp.exe
2009-07-11 22:25 45,056 a------- c:\windows\system32\CleanUp.exe
2009-07-11 22:25 <DIR> --d----- c:\program files\Analog Devices
2009-07-11 22:22 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-07-11 19:55 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-10 07:36 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-07-10 05:51 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-07-09 23:30 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys

==================== Find3M ====================

2009-08-06 14:29 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-30 23:45 4,389,888 a------- c:\windows\system32\logonuiX.exe
2009-07-07 19:40 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-04 16:48 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-17 00:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-17 00:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-04 05:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 10:36 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-14 17:17 88 ---shr-- c:\docume~1\alluse~1\applic~1\6E98B089BE.sys
2006-10-07 21:01 30,615 a------- c:\documents and settings\apuci\x.exe
2006-05-28 01:34 32 a----r-- c:\documents and settings\all users\hash.dat
2005-07-14 15:38 6,715 a------- c:\program files\Halo Pc Retail Version Modding Tutorial.txt
1999-04-24 08:22 12 a--sh--- c:\windows\system\WININETICMP32.drv

============= FINISH: 14:45:01.21 ===============

Attached Files


Edited by PropagandaPanda, 06 August 2009 - 10:06 AM.


#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 06 August 2009 - 07:10 AM

Hello DESTROYER, and :) to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.

Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.

-----------------------------------------------------------

Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. Hijackthis and DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.


In the meantime Please, Do NOT install any new programs or update anything unless told to do so while we are fixing your problem.

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

Kind regards
Net_Surfer

:thumbup2:

#5 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 06 August 2009 - 03:56 PM

Hello again DESTROYER.:)

Please observe these rules while we work:
  • Please Read All Instructions Carefully
  • Perform all actions in the order given.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :thumbup2:

----------------------------^-------------------------------


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please read the following warnings and follow the steps that I am providing.


Let's start cleaning your computer. :cool:

1.There is a potentially unwanted pieces of software I have detected on your PC called AskBar

Remove Adware.AskBar.a | Spyware Removal Information

It is optional to remove. But, I strongly suggest that you uninstall Ask Toolbar. Some of the bad practices of this toolbar are:

  • Promoting its toolbars on sites targeted to kids. Details.
  • Promoting its toolbars through ads that appear to be part of other companies' sites. Details.
  • Promoting its toolbars through other companies' spyware. Details.
  • Installing without any disclosure whatsoever and without any consent whatsoever. Details.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. Details.
Plesae read the full details HERE.

If you decided to remove Ask Toolbar. Go to Start > Control Panel > Add Remove programs and remove AskBarDis.

Then go to C: > Program Files and delete AskBarDis
folder.


----------------------------^-------------------------------


The following is referring to < RegCure 1.5.2.7 > and < Uniblue RegistryBooster 2 >.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System.
  • Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
  • The point we are trying to make is that the risk of using one far outweighs any benefit.
  • If it does work perfectly you will not see any difference
    If it doesn't work properly you may end up with an expensive doorstop.
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

Registry cleaners should be used with caution and always back up your registry before deleting what it says are invalid entries.
be careful you do not overclean your Registry and come to regret it. What's called invalid may be what your system needs to run correctly.

Please read this blog by: miekiemoes. Link

----------------------------^-------------------------------


Please follow the instructions of the next set of steps:

Step #1.

We need to disable Ad-Watch before we run our fixing tools.

Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both of those boxes.

Instructions how to Disable Ad-Watch if needed. to make sure it won't interfere fixing.



A word of warning if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use
.

Combofix is a very complex and dangerous tool. It is not a one fit all tool and it is not automatically removing what needs to be removed by itself. It is like a scalpel in the hands of a surgeon. A surgeon can remove exactly what is need and no more while an untrained person would either cut too much or not enough.

Combofix is powerful enough to be able to render your computer unbootable if used wrongly or to leave your computer infected if you do not know what you are doing..



You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Please read Combofix's Disclaimer.

ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix




Please ensure that you have disabled your anti-virus program before using the following tool:


Please download ComboFix from one of these locations:
WARNING: This tool is not a toy and not for everyday use!!!.

Link 1
Link 2

**Note: In the event you already have Combofix please delete it, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • *Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Please insert your flash drive and all usb-drives before running Combofix
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • *Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
    Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

-----------------------------------------------------------

  • Double click Posted Image on your desktop & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.
  • Leave your computer alone while ComboFix is running. Do not mouseclick combofix's window while it's running. That may cause it to stall**
    ComboFix will restart your computer if malware is found; allow it to do so.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Step #2.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


Step #3.

We need to see more information about what is happening in your machine. Please perform the following scan:

Run random's system information tool (RSIT)

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download: random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Please post the contents of both here in your next reply.

log.txt
(<<--- will be maximized) and info.txt (<<--- will be minimized)

Summary of the logs I will need in your next reply:
  • The report log of Combofix located at: "C:\ComboFix.txt"
  • The report log of Gmer
  • The two logs of RSIT.
And a description of any remaining problems in your next post.

How is your Computer running now?.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:)

#6 DESTROYER

DESTROYER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 07 August 2009 - 06:40 AM

Hello Net_Surfer,

Thank you for the fast reply. I am always suspicious about AskBar, but the thing is when ever I download Zone Alarm this program it comes with Zone Alarm, and thatís why I install it. Anyway I finish the scanning and here are the log files.
I like to thank you again for helping me out.
Best Regards
DESTROYER.

ComboFix 09-08-06.01 - Apuci 07/08/2009 16:24.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1023.468 [GMT 10:00]
Running from: c:\documents and settings\Apuci\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.SHREK2\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk
c:\documents and settings\All Users\Start Menu\Programs\Windows Live Messenger .lnk
c:\documents and settings\Apuci\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk
c:\documents and settings\Apuci\My Documents\wpabaln.exe
c:\documents and settings\Apuci\x.exe
c:\documents and settings\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk
c:\documents and settings\Diana\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk
c:\documents and settings\Dolores\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2009.lnk
c:\windows\Fonts\acrsec.fon
c:\windows\Installer\109c51.msi
c:\windows\Installer\109c52.msp
c:\windows\Installer\109c53.msp
c:\windows\Installer\109c54.msp
c:\windows\Installer\109c55.msp
c:\windows\Installer\109c56.msp
c:\windows\Installer\109c57.msp
c:\windows\Installer\109c58.msp
c:\windows\Installer\109c59.msp
c:\windows\Installer\109c5a.msp
c:\windows\Installer\1141cbe.msi
c:\windows\Installer\1506dbc.msp
c:\windows\Installer\1506dbd.msp
c:\windows\Installer\1506dbe.msp
c:\windows\Installer\1506dbf.msp
c:\windows\Installer\1506dc0.msp
c:\windows\Installer\1506dc1.msp
c:\windows\Installer\1506dc2.msp
c:\windows\Installer\1506dc3.msp
c:\windows\Installer\1506dc4.msp
c:\windows\Installer\157f904.msi
c:\windows\Installer\1ab793.msp
c:\windows\Installer\1ab794.msp
c:\windows\Installer\1ab795.msp
c:\windows\Installer\1ab796.msp
c:\windows\Installer\1ab797.msp
c:\windows\Installer\1ab798.msp
c:\windows\Installer\1ab799.msp
c:\windows\Installer\1ab79a.msp
c:\windows\Installer\1ab79b.msp
c:\windows\Installer\1db64fe.msp
c:\windows\Installer\1db64ff.msp
c:\windows\Installer\1db6500.msp
c:\windows\Installer\1db6501.msp
c:\windows\Installer\1db6502.msp
c:\windows\Installer\1db6503.msp
c:\windows\Installer\1db6504.msp
c:\windows\Installer\1db6505.msp
c:\windows\Installer\1db6506.msp
c:\windows\Installer\2624217.msp
c:\windows\Installer\262422c.msp
c:\windows\Installer\2624242.msp
c:\windows\Installer\2624258.msp
c:\windows\Installer\2624271.msp
c:\windows\Installer\26efcfd.msp
c:\windows\Installer\26efcfe.msp
c:\windows\Installer\26efcff.msp
c:\windows\Installer\26efd00.msp
c:\windows\Installer\26efd01.msp
c:\windows\Installer\26efd02.msp
c:\windows\Installer\26efd03.msp
c:\windows\Installer\26efd04.msp
c:\windows\Installer\26efd05.msp
c:\windows\Installer\2c434bc.msp
c:\windows\Installer\3230ed8.msi
c:\windows\Installer\34dbcea.msp
c:\windows\Installer\34dbceb.msp
c:\windows\Installer\34dbcec.msp
c:\windows\Installer\34dbced.msp
c:\windows\Installer\34dbcee.msp
c:\windows\Installer\34dbcef.msp
c:\windows\Installer\34dbcf0.msp
c:\windows\Installer\34dbcf1.msp
c:\windows\Installer\34dbcf2.msp
c:\windows\Installer\35364d9.msi
c:\windows\Installer\37b8ba.msi
c:\windows\Installer\37bf0.msi
c:\windows\Installer\4c6c31a.msp
c:\windows\Installer\4c6c31b.msp
c:\windows\Installer\4c6c31c.msp
c:\windows\Installer\4c6c31d.msp
c:\windows\Installer\4c6c31e.msp
c:\windows\Installer\4c6c31f.msp
c:\windows\Installer\4c6c320.msp
c:\windows\Installer\4c6c321.msp
c:\windows\Installer\4c6c322.msp
c:\windows\Installer\595c28.msp
c:\windows\Installer\595c29.msp
c:\windows\Installer\5d86e2.msi
c:\windows\Installer\5d86e7.msi
c:\windows\Installer\86a8ab.msi
c:\windows\Installer\92465.msp
c:\windows\Installer\92466.msp
c:\windows\Installer\92467.msp
c:\windows\Installer\92468.msp
c:\windows\Installer\92469.msp
c:\windows\Installer\9246a.msp
c:\windows\Installer\9246b.msp
c:\windows\Installer\9246c.msp
c:\windows\Installer\9246d.msp
c:\windows\Installer\a7f13.msp
c:\windows\Installer\a7f14.msp
c:\windows\Installer\a7f15.msp
c:\windows\Installer\a7f16.msp
c:\windows\Installer\a7f17.msp
c:\windows\Installer\a7f18.msp
c:\windows\Installer\a7f19.msp
c:\windows\Installer\a7f1a.msp
c:\windows\Installer\a7f1b.msp
c:\windows\Installer\a8177f.msp
c:\windows\Installer\a81780.msp
c:\windows\Installer\a81781.msp
c:\windows\Installer\a81782.msp
c:\windows\Installer\a81783.msp
c:\windows\Installer\a81784.msp
c:\windows\Installer\a81785.msp
c:\windows\Installer\a81786.msp
c:\windows\Installer\a81787.msp
c:\windows\Installer\bd621e.msp
c:\windows\Installer\bd621f.msp
c:\windows\Installer\bd6220.msp
c:\windows\Installer\bd6221.msp
c:\windows\Installer\bd6222.msp
c:\windows\Installer\bd6223.msp
c:\windows\Installer\bd6224.msp
c:\windows\Installer\bd6225.msp
c:\windows\Installer\bd6226.msp
c:\windows\patch.exe
c:\windows\system32\AISvCfhk.ini
c:\windows\system32\Cache
c:\windows\system32\cache329
c:\windows\system32\Data
c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-07-31 06:23 . 2009-07-31 06:23 -------- d-----w- c:\documents and settings\Apuci\Local Settings\Application Data\Mato_Technologies
2009-07-30 07:25 . 2009-07-30 07:26 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-07-29 02:58 . 2009-07-29 02:58 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-29 02:58 . 2009-07-29 02:58 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2009-07-29 02:57 . 2009-07-29 02:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-07-26 03:58 . 2009-07-26 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-25 08:04 . 2009-07-25 08:04 -------- d-----w- c:\program files\FLV Player
2009-07-24 12:04 . 2009-07-24 12:04 -------- d-----w- c:\documents and settings\Apuci\Application Data\EPSON
2009-07-23 13:23 . 2009-07-23 13:23 -------- d-----w- c:\program files\EPSON Print CD
2009-07-17 01:21 . 2009-07-17 01:21 -------- d-sh--w- c:\documents and settings\Denise\IETldCache
2009-07-17 01:21 . 2009-07-17 01:21 -------- d-----w- c:\documents and settings\Denise\Local Settings\Application Data\Panda Security
2009-07-16 05:57 . 2009-07-16 05:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-15 07:19 . 2009-07-15 07:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-14 16:38 . 2004-08-03 14:56 96768 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-07-14 04:21 . 2004-08-03 14:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-07-11 15:08 . 2009-07-11 15:08 -------- d-sh--w- c:\documents and settings\Apuci\IECompatCache
2009-07-11 15:07 . 2009-07-11 15:07 -------- d-sh--w- c:\documents and settings\Apuci\PrivacIE
2009-07-11 15:07 . 2009-07-11 15:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-11 15:03 . 2009-07-11 15:03 -------- d-sh--w- c:\documents and settings\Apuci\IETldCache
2009-07-11 15:00 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-11 15:00 . 2009-07-29 02:52 -------- d-----w- c:\windows\ie8updates
2009-07-11 14:59 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-11 14:59 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-11 14:56 . 2009-07-11 14:58 -------- dc-h--w- c:\windows\ie8
2009-07-11 12:26 . 2002-09-20 01:53 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2009-07-11 12:25 . 2004-05-17 01:23 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2009-07-11 12:25 . 2004-04-26 00:49 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
2009-07-11 12:25 . 2001-09-11 05:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2009-07-11 12:25 . 2001-09-11 05:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2009-07-11 12:25 . 2009-07-11 12:25 -------- d-----w- c:\windows\VirtualEar
2009-07-11 12:25 . 2003-08-19 09:36 65536 ----a-w- c:\windows\system32\Audio3d.dll
2009-07-11 12:25 . 2001-09-19 03:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-07-11 12:25 . 2009-07-11 12:25 -------- d-----w- c:\program files\Analog Devices
2009-07-11 12:25 . 2004-09-01 02:18 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-07-11 12:25 . 2003-06-15 22:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2009-07-11 12:25 . 2002-04-17 05:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2009-07-11 12:25 . 2001-10-04 05:50 991232 ----a-w- c:\windows\system32\virtear.dll
2009-07-11 12:22 . 2009-07-11 12:22 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-11 09:55 . 2009-07-07 09:40 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 21:36 . 2009-07-09 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-07-09 21:36 . 2009-07-09 21:36 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-07-09 19:51 . 2009-07-09 19:51 9158 ----a-r- c:\documents and settings\Apuci\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-07-09 19:51 . 2009-07-09 19:55 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-07-09 13:30 . 2009-07-29 03:03 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 06:39 . 2006-07-24 12:29 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-07 06:33 . 2006-09-20 04:52 36925258 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-06 13:47 . 2008-12-31 11:43 -------- d-----w- c:\documents and settings\Apuci\Application Data\Skype
2009-08-06 11:53 . 2008-12-31 11:46 -------- d-----w- c:\documents and settings\Apuci\Application Data\skypePM
2009-08-05 05:36 . 2008-11-04 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 05:12 . 2008-11-08 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 05:12 . 2008-12-10 13:33 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 03:58 . 2007-12-30 04:28 -------- d-----w- c:\documents and settings\Apuci\Application Data\CyberLink
2009-08-05 03:58 . 2007-03-06 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-05 03:30 . 2009-07-29 14:57 24 --sh--w- c:\windows\S826C4B08.tmp
2009-08-03 04:32 . 2009-08-03 04:33 2132480 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-08-03 03:36 . 2008-11-08 03:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 03:36 . 2008-11-08 03:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 04:50 . 2006-07-25 11:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 01:38 . 2008-06-14 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 13:45 . 2001-08-23 12:00 4389888 ----a-w- c:\windows\system32\logonuiX.exe
2009-07-30 07:25 . 2007-06-06 12:54 -------- d-----w- c:\program files\Common Files\Stardock
2009-07-30 07:25 . 2007-06-25 15:47 -------- d-----w- c:\program files\Stardock
2009-07-29 14:15 . 2009-06-26 04:25 -------- d-----w- c:\program files\VisualTrace
2009-07-29 12:00 . 2008-11-04 17:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 02:59 . 2007-07-14 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-29 02:56 . 2007-07-14 07:18 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-26 03:58 . 2008-12-02 16:43 -------- d-----w- c:\program files\IObit
2009-07-23 13:25 . 2007-07-12 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2009-07-23 13:23 . 2007-07-12 10:46 -------- d-----w- c:\program files\EPSON
2009-07-16 04:30 . 2006-08-16 06:24 -------- d-----w- c:\program files\LimeWire
2009-07-11 12:24 . 2008-07-25 14:47 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2009-07-10 12:17 . 2006-08-03 01:56 -------- d-----w- c:\program files\DivX
2009-07-10 12:17 . 2009-04-02 04:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-10 10:03 . 2006-07-25 02:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-10 09:31 . 2008-07-07 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-10 08:56 . 2008-07-07 02:58 -------- d-----w- c:\program files\NOS
2009-07-10 08:26 . 2006-09-26 10:20 -------- d-----w- c:\program files\QuickTime
2009-07-09 21:15 . 2009-06-30 02:46 -------- d-----w- c:\program files\Power Presenter RE
2009-07-09 19:54 . 2009-04-19 03:14 -------- d-----w- c:\program files\ATI Technologies
2009-07-08 20:37 . 2009-07-02 07:40 -------- d-----w- c:\program files\Web Link Validator
2009-07-07 09:54 . 2009-07-07 09:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 09:54 . 2009-07-07 09:54 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 09:39 . 2009-07-07 09:39 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-07 09:39 . 2009-07-07 09:39 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-07 09:39 . 2009-07-07 09:39 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-07 09:38 . 2009-07-06 20:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 09:38 . 2009-07-06 21:47 -------- d-----w- c:\program files\Lavasoft
2009-07-07 09:38 . 2008-11-03 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-06 13:16 . 2009-07-06 13:16 249 ----a-w- c:\windows\system32\PavCPL.dat
2009-07-06 13:15 . 2009-07-06 13:15 -------- d-----w- c:\documents and settings\Apuci\Application Data\Panda Security
2009-07-06 13:15 . 2009-07-06 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2009-07-06 13:15 . 2008-03-26 12:31 -------- d-----w- c:\program files\Panda Security
2009-07-06 13:13 . 2009-07-06 13:13 -------- d-----w- c:\program files\Common Files\Panda Security
2009-07-05 09:19 . 2007-01-23 14:29 592 ----a-w- c:\windows\chgkey.vbs
2009-07-04 06:48 . 2007-03-04 05:26 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 17:09 . 2001-08-23 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 11:19 . 2007-06-28 04:14 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-07-03 08:03 . 2009-07-03 08:03 25 ----a-w- c:\windows\WinA.bat
2009-07-03 08:03 . 2009-07-03 08:03 143 ----a-w- c:\windows\WinF.bat
2009-07-02 07:40 . 2009-07-02 07:40 -------- d-----w- c:\documents and settings\Apuci\Application Data\REL Software
2009-07-02 07:40 . 2009-07-02 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\REL Software
2009-07-01 12:58 . 2009-07-01 12:58 -------- d-----w- c:\documents and settings\Apuci\Application Data\CoffeeCup Software
2009-07-01 12:58 . 2009-06-29 07:00 -------- d-----w- c:\program files\CoffeeCup Software
2009-06-30 02:44 . 2009-06-30 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Tablet
2009-06-28 16:34 . 2009-06-28 16:34 -------- d-----w- c:\program files\Zone Labs
2009-06-24 11:49 . 2007-07-30 06:42 -------- d-----w- c:\documents and settings\Apuci\Application Data\Uniblue
2009-06-24 11:47 . 2007-07-30 06:42 -------- d-----w- c:\program files\Uniblue
2009-06-23 12:38 . 2006-07-25 12:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-21 14:20 . 2009-06-21 14:20 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-21 14:20 . 2006-08-03 02:04 -------- d-----w- c:\program files\Common Files\Real
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 08:58 . 2009-05-28 12:05 -------- d-----w- c:\documents and settings\Apuci\Application Data\CheckPoint
2009-06-14 08:58 . 2009-05-28 11:53 96 ----a-w- c:\windows\system32\pdfl.dat
2009-06-12 16:51 . 2009-06-04 13:49 -------- d-----w- c:\documents and settings\Apuci\Application Data\Command & Conquer 3 Tiberium Wars
2009-06-10 02:38 . 2006-07-26 11:11 -------- d-----w- c:\program files\Java
2009-06-10 02:35 . 2009-06-10 02:35 152576 ----a-w- c:\documents and settings\Apuci\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:27 . 2006-07-25 02:35 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 11:53 . 2009-05-28 11:53 144 ----a-w- c:\windows\system32\lkfl.dat
2009-05-28 11:53 . 2009-05-28 11:53 80 ----a-w- c:\windows\system32\ibfl.dat
2009-05-21 01:33 . 2008-12-14 06:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2005-07-14 05:38 . 2007-11-30 14:36 6715 ----a-w- c:\program files\Halo Pc Retail Version Modding Tutorial.txt
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-29 2329224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-07-05 9495832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-07 520024]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-21 198160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R230 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE" [2005-03-09 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-07-26 827664]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
My Ink Resident.lnk - d:\dolores's files\My Ink Resident.exe [2009-7-10 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 05:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 06:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Blue_SkyWeather.exe.lnk]
backup=c:\windows\pss\Blue_SkyWeather.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Stickies.lnk]
backup=c:\windows\pss\Stickies.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigPond
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc6_check
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6cw
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slap
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Free HTML Editor\\Coffee.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25055:TCP"= 25055:TCP:BitComet 25055 TCP
"25055:UDP"= 25055:UDP:BitComet 25055 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/03/2009 5:06 AM 64160]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [6/07/2009 11:14 PM 28544]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2/10/2003 3:16 AM 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27/09/2003 2:37 PM 5504]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [6/07/2009 11:13 PM 41144]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [26/07/2009 1:58 PM 304912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 5:06 AM 1029456]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [6/07/2009 11:13 PM 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [6/07/2009 11:15 PM 28928]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S0 cjugm;cjugm; [x]
S2 SDService;SDService; [x]
S3 AvFlt;Antivirus Filter Driver; [x]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [9/07/2009 11:30 PM 13880]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/07/2009 6:56 PM 66056]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/01/2007 3:31 AM 42000]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]
S4 dnjpingewlk;dnjpingewlk; [x]
S4 sfcvnwmxcvu;sfcvnwmxcvu; [x]
S4 zgwjxiycbnwphz;zgwjxiycbnwphz; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 20:51]

2009-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:40]

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2009-07-26 c:\windows\Tasks\IObit Security 360.job
- c:\program files\IObit\IObit Security 360\IObit Security 360.exe [2009-07-26 04:10]

2009-08-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2009-08-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2009-08-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-16 23:22]

2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{391BB6AE-550A-4CF4-B0C1-8F232466A702}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?7b4dbfb583bb471eb3363c552c054de3
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?7b4dbfb583bb471eb3363c552c054de3
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Denise\Start Menu\Programs\Games\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {25EBFA7E-A624-487D-AD62-BD7EE060B2D7} - hxxp://supernatural.ten.com.au/entriq/cab/NetworkTen_3_5_0_5.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Apuci\Application Data\Mozilla\Firefox\Profiles\9mz4wqp7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Apuci\Application Data\Mozilla\Firefox\Profiles\9mz4wqp7.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----

.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 16:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D139C9B0-CD6D-1AE0-F1FE-662776E8FB73}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kagiclnddanfjdbnbomdnh"=hex:62,61,65,64,00,00

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED84164E-6573-66FD-9CE2-3DF56B13D294}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kaimkolipgjpbopclachhe"=hex:62,61,6b,68,00,02

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,0e,6e,ab,6e,43,ef,fa,3d,5b,8d,1a,38,17,60,bb,4b,8f,ff,d3,ff,d4,d4,
6b,c5,a7,f7,39,90,bf,5d,10,ad,52,f0,61,e4,f2,fb,6e,0d,9a,81,e9,f4,21,de,c3,\
"??"=hex:22,1a,c9,e1,5e,0d,3d,e8,63,ee,09,76,21,bf,b9,3a

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp]
@DACL=(02 0000)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp.1]
@DACL=(02 0000)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\System\ControlSet005\Enum\ACPI\PNP0F03\4&35f762c4&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\CursorXP\CurXP0.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\ATWTUSB.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
c:\program files\Common Files\Stardock\SDMCP.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-08-07 17:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-07 07:39

Pre-Run: 4,200,079,360 bytes free
Post-Run: 4,076,277,760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

553 --- E O F --- 2009-07-31 15:46

Attached Files


Edited by PropagandaPanda, 08 August 2009 - 09:18 AM.


#7 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 08 August 2009 - 07:11 PM

Hello DESTROYER,

Sorry for the delay.

Good job following the steps. :thumbup2:

Please when you reply with logs do not attach them. just copy and paste them here, that will make my research faster and easier.
:)

:cool: P2P Warning :)

Your log indicates that you have BitLord 1.1 installed.

ē Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smŲrgŚsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall BitLord 1.1, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.


If you wish to keep it, please do not use it until your computer is cleaned.

----------------------------^-------------------------------


Please follow the instructions of the next set of steps:

Step #1.

We need to run an CFScript by using ComboFix again

Please ensure that you disable any running anti-virus or anti-malware programs. If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
  • Close any open browsers.
  • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it (Do not include the word: "CODE"):

    KILLALL::
    
    Driver::
    askiaamy
    cjugm
    dnjpingewlk
    sfcvnwmxcvu
    zgwjxiycbnwphz
    
    File::
    C:\Documents and Settings\Apuci\Local Settings\Temp\askiaamy.sys 
    c:\windows\S826C4B08.tmp
    c:\windows\Internet Logs\xDB1.tmp
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000000
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    Posted Image

  • Now refering to the picture above, use your mouse to drag CFScript.text on top of ComboFix.exe
  • This will start ComboFix again. Please follow the prompts.
  • When finished, after reboot (in case it asks to reboot), it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

* Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Step #2.

Please download Posted Image ATF Cleaner-3 and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_...refetch-XP.html

Step #3.

Malwarebytes' Anti-Malware

Please download Posted ImageMalwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Tutorial if needed

Step #4.

Please Re-scan with RSIT and post the log here in your next reply.

Summary of the logs I will need in your next reply:
  • The report log of Combofix
  • The report log of MBAM
  • The log of RSIT.
And a description of any remaining problems in your next post.

How are things your end DESTROYER?.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:)

#8 DESTROYER

DESTROYER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 09 August 2009 - 06:57 AM

Hello Net_Surfer

Thank you for the fast reply. My computer is getting better and better every day. Thanks for you. My computer is very fast again, respond very quickly what ever program I click on it. You make me happy. Thank you Net_Surfer.
I finished the scan and here the results.

Best regards
DESTROYER
:thumbup2:

ComboFix 09-08-06.01 - Apuci 09/08/2009 14:36.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1023.418 [GMT 10:00]
Running from: c:\documents and settings\Apuci\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Apuci\Desktop\CFScript.txt
AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\documents and settings\Apuci\Local Settings\Temp\askiaamy.sys"
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\S826C4B08.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Internet Logs\xDB1.tmp
c:\windows\S826C4B08.tmp . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKIAAMY
-------\Legacy_DNJPINGEWLK
-------\Legacy_SFCVNWMXCVU
-------\Legacy_ZGWJXIYCBNWPHZ
-------\Service_cjugm
-------\Service_dnjpingewlk
-------\Service_sfcvnwmxcvu
-------\Service_zgwjxiycbnwphz


((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-07 10:48 . 2009-08-07 10:49 -------- d-----w- C:\rsit
2009-07-31 06:23 . 2009-07-31 06:23 -------- d-----w- c:\documents and settings\Apuci\Local Settings\Application Data\Mato_Technologies
2009-07-30 07:25 . 2009-07-30 07:26 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-07-29 02:58 . 2009-07-29 02:58 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-29 02:58 . 2009-07-29 02:58 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2009-07-29 02:57 . 2009-07-29 02:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-07-26 03:58 . 2009-07-26 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-25 08:04 . 2009-07-25 08:04 -------- d-----w- c:\program files\FLV Player
2009-07-24 12:04 . 2009-07-24 12:04 -------- d-----w- c:\documents and settings\Apuci\Application Data\EPSON
2009-07-23 13:23 . 2009-07-23 13:23 -------- d-----w- c:\program files\EPSON Print CD
2009-07-17 01:21 . 2009-07-17 01:21 -------- d-sh--w- c:\documents and settings\Denise\IETldCache
2009-07-17 01:21 . 2009-07-17 01:21 -------- d-----w- c:\documents and settings\Denise\Local Settings\Application Data\Panda Security
2009-07-16 05:57 . 2009-07-16 05:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-15 07:19 . 2009-07-15 07:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-14 16:38 . 2004-08-03 14:56 96768 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-07-14 04:21 . 2004-08-03 14:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-07-11 15:08 . 2009-07-11 15:08 -------- d-sh--w- c:\documents and settings\Apuci\IECompatCache
2009-07-11 15:07 . 2009-07-11 15:07 -------- d-sh--w- c:\documents and settings\Apuci\PrivacIE
2009-07-11 15:07 . 2009-07-11 15:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-11 15:03 . 2009-07-11 15:03 -------- d-sh--w- c:\documents and settings\Apuci\IETldCache
2009-07-11 15:00 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-11 15:00 . 2009-07-29 02:52 -------- d-----w- c:\windows\ie8updates
2009-07-11 14:59 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-11 14:59 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-11 14:56 . 2009-07-11 14:58 -------- dc-h--w- c:\windows\ie8
2009-07-11 12:26 . 2002-09-20 01:53 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2009-07-11 12:25 . 2004-05-17 01:23 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2009-07-11 12:25 . 2004-04-26 00:49 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
2009-07-11 12:25 . 2001-09-11 05:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2009-07-11 12:25 . 2001-09-11 05:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2009-07-11 12:25 . 2009-07-11 12:25 -------- d-----w- c:\windows\VirtualEar
2009-07-11 12:25 . 2003-08-19 09:36 65536 ----a-w- c:\windows\system32\Audio3d.dll
2009-07-11 12:25 . 2001-09-19 03:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-07-11 12:25 . 2009-07-11 12:25 -------- d-----w- c:\program files\Analog Devices
2009-07-11 12:25 . 2004-09-01 02:18 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-07-11 12:25 . 2003-06-15 22:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2009-07-11 12:25 . 2002-04-17 05:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2009-07-11 12:25 . 2001-10-04 05:50 991232 ----a-w- c:\windows\system32\virtear.dll
2009-07-11 12:22 . 2009-07-11 12:22 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-11 09:55 . 2009-07-07 09:40 15688 ----a-w- c:\windows\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 04:56 . 2006-07-24 12:29 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-09 04:52 . 2009-08-09 04:52 0 ------w- c:\windows\S826C4B08.tmp
2009-08-09 04:52 . 2006-09-20 04:52 37320807 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-09 04:27 . 2006-08-04 14:48 -------- d-----w- c:\program files\BitLord
2009-08-07 15:36 . 2009-08-08 01:58 2163712 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-08-07 13:54 . 2009-08-07 13:55 2163200 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-08-07 13:54 . 2009-08-07 13:55 2640896 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-08-06 13:47 . 2008-12-31 11:43 -------- d-----w- c:\documents and settings\Apuci\Application Data\Skype
2009-08-06 11:53 . 2008-12-31 11:46 -------- d-----w- c:\documents and settings\Apuci\Application Data\skypePM
2009-08-05 05:36 . 2008-11-04 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 05:12 . 2008-11-08 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 05:12 . 2008-12-10 13:33 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 03:58 . 2007-12-30 04:28 -------- d-----w- c:\documents and settings\Apuci\Application Data\CyberLink
2009-08-05 03:58 . 2007-03-06 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-03 03:36 . 2008-11-08 03:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 03:36 . 2008-11-08 03:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 04:50 . 2006-07-25 11:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 01:38 . 2008-06-14 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 13:45 . 2001-08-23 12:00 4389888 ----a-w- c:\windows\system32\logonuiX.exe
2009-07-30 07:25 . 2007-06-06 12:54 -------- d-----w- c:\program files\Common Files\Stardock
2009-07-30 07:25 . 2007-06-25 15:47 -------- d-----w- c:\program files\Stardock
2009-07-29 14:15 . 2009-06-26 04:25 -------- d-----w- c:\program files\VisualTrace
2009-07-29 12:00 . 2008-11-04 17:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 03:03 . 2009-07-09 13:30 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2009-07-29 02:59 . 2007-07-14 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-29 02:56 . 2007-07-14 07:18 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-26 03:58 . 2008-12-02 16:43 -------- d-----w- c:\program files\IObit
2009-07-23 13:25 . 2007-07-12 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2009-07-23 13:23 . 2007-07-12 10:46 -------- d-----w- c:\program files\EPSON
2009-07-16 04:30 . 2006-08-16 06:24 -------- d-----w- c:\program files\LimeWire
2009-07-11 12:24 . 2008-07-25 14:47 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2009-07-10 12:17 . 2006-08-03 01:56 -------- d-----w- c:\program files\DivX
2009-07-10 12:17 . 2009-04-02 04:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-10 10:03 . 2006-07-25 02:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-10 09:31 . 2008-07-07 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-10 08:56 . 2008-07-07 02:58 -------- d-----w- c:\program files\NOS
2009-07-10 08:26 . 2006-09-26 10:20 -------- d-----w- c:\program files\QuickTime
2009-07-09 21:36 . 2009-07-09 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-07-09 21:36 . 2009-07-09 21:36 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-07-09 21:15 . 2009-06-30 02:46 -------- d-----w- c:\program files\Power Presenter RE
2009-07-09 19:55 . 2009-07-09 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-07-09 19:54 . 2009-04-19 03:14 -------- d-----w- c:\program files\ATI Technologies
2009-07-09 19:51 . 2009-07-09 19:51 9158 ----a-r- c:\documents and settings\Apuci\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-07-08 20:37 . 2009-07-02 07:40 -------- d-----w- c:\program files\Web Link Validator
2009-07-07 09:54 . 2009-07-07 09:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 09:54 . 2009-07-07 09:54 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 09:39 . 2009-07-07 09:39 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-07 09:39 . 2009-07-07 09:39 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-07 09:39 . 2009-07-07 09:39 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-07 09:38 . 2009-07-06 20:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 09:38 . 2009-07-06 21:47 -------- d-----w- c:\program files\Lavasoft
2009-07-07 09:38 . 2008-11-03 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-06 13:16 . 2009-07-06 13:16 249 ----a-w- c:\windows\system32\PavCPL.dat
2009-07-06 13:15 . 2009-07-06 13:15 -------- d-----w- c:\documents and settings\Apuci\Application Data\Panda Security
2009-07-06 13:15 . 2009-07-06 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2009-07-06 13:15 . 2008-03-26 12:31 -------- d-----w- c:\program files\Panda Security
2009-07-06 13:13 . 2009-07-06 13:13 -------- d-----w- c:\program files\Common Files\Panda Security
2009-07-05 09:19 . 2007-01-23 14:29 592 ----a-w- c:\windows\chgkey.vbs
2009-07-04 06:48 . 2007-03-04 05:26 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 17:09 . 2001-08-23 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 11:19 . 2007-06-28 04:14 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-07-03 08:03 . 2009-07-03 08:03 25 ----a-w- c:\windows\WinA.bat
2009-07-03 08:03 . 2009-07-03 08:03 143 ----a-w- c:\windows\WinF.bat
2009-07-02 07:40 . 2009-07-02 07:40 -------- d-----w- c:\documents and settings\Apuci\Application Data\REL Software
2009-07-02 07:40 . 2009-07-02 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\REL Software
2009-07-01 12:58 . 2009-07-01 12:58 -------- d-----w- c:\documents and settings\Apuci\Application Data\CoffeeCup Software
2009-07-01 12:58 . 2009-06-29 07:00 -------- d-----w- c:\program files\CoffeeCup Software
2009-06-30 02:44 . 2009-06-30 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Tablet
2009-06-28 16:34 . 2009-06-28 16:34 -------- d-----w- c:\program files\Zone Labs
2009-06-24 11:49 . 2007-07-30 06:42 -------- d-----w- c:\documents and settings\Apuci\Application Data\Uniblue
2009-06-24 11:47 . 2007-07-30 06:42 -------- d-----w- c:\program files\Uniblue
2009-06-23 12:38 . 2006-07-25 12:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-21 14:20 . 2009-06-21 14:20 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-21 14:20 . 2006-08-03 02:04 -------- d-----w- c:\program files\Common Files\Real
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 08:58 . 2009-05-28 12:05 -------- d-----w- c:\documents and settings\Apuci\Application Data\CheckPoint
2009-06-14 08:58 . 2009-05-28 11:53 96 ----a-w- c:\windows\system32\pdfl.dat
2009-06-12 16:51 . 2009-06-04 13:49 -------- d-----w- c:\documents and settings\Apuci\Application Data\Command & Conquer 3 Tiberium Wars
2009-06-10 02:35 . 2009-06-10 02:35 152576 ----a-w- c:\documents and settings\Apuci\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:27 . 2006-07-25 02:35 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 11:53 . 2009-05-28 11:53 144 ----a-w- c:\windows\system32\lkfl.dat
2009-05-28 11:53 . 2009-05-28 11:53 80 ----a-w- c:\windows\system32\ibfl.dat
2009-05-21 01:33 . 2008-12-14 06:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2005-07-14 05:38 . 2007-11-30 14:36 6715 ----a-w- c:\program files\Halo Pc Retail Version Modding Tutorial.txt
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((( SnapShot@2009-08-07_06.35.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 04:52 . 2009-08-09 04:52 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
+ 2009-04-30 16:04 . 2009-08-09 04:52 252045 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-29 2329224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-07-05 9495832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-07 520024]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-21 198160]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R230 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE" [2005-03-09 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-06 941328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
My Ink Resident.lnk - d:\dolores's files\My Ink Resident.exe [2009-7-10 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 05:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 06:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Blue_SkyWeather.exe.lnk]
backup=c:\windows\pss\Blue_SkyWeather.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Stickies.lnk]
backup=c:\windows\pss\Stickies.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Free HTML Editor\\Coffee.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25055:TCP"= 25055:TCP:BitComet 25055 TCP
"25055:UDP"= 25055:UDP:BitComet 25055 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/03/2009 5:06 AM 64160]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [6/07/2009 11:14 PM 28544]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2/10/2003 3:16 AM 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27/09/2003 2:37 PM 5504]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [6/07/2009 11:13 PM 41144]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [26/07/2009 1:58 PM 305936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 5:06 AM 1029456]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [6/07/2009 11:13 PM 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [6/07/2009 11:15 PM 28928]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 SDService;SDService; [x]
S3 AvFlt;Antivirus Filter Driver; [x]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [9/07/2009 11:30 PM 13880]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/07/2009 6:56 PM 66056]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/01/2007 3:31 AM 42000]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 20:51]

2009-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:40]

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2009-08-09 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2009-08-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2009-08-09 c:\windows\Tasks\User_Feed_Synchronization-{391BB6AE-550A-4CF4-B0C1-8F232466A702}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?7b4dbfb583bb471eb3363c552c054de3
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?7b4dbfb583bb471eb3363c552c054de3
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Denise\Start Menu\Programs\Games\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {25EBFA7E-A624-487D-AD62-BD7EE060B2D7} - hxxp://supernatural.ten.com.au/entriq/cab/NetworkTen_3_5_0_5.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Apuci\Application Data\Mozilla\Firefox\Profiles\9mz4wqp7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 14:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D139C9B0-CD6D-1AE0-F1FE-662776E8FB73}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kagiclnddanfjdbnbomdnh"=hex:62,61,65,64,00,00

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED84164E-6573-66FD-9CE2-3DF56B13D294}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kaimkolipgjpbopclachhe"=hex:62,61,6b,68,00,02

[HKEY_USERS\S-1-5-21-839522115-1604221776-2147179587-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,0e,6e,ab,6e,43,ef,fa,3d,5b,8d,1a,38,17,60,bb,4b,8f,ff,d3,ff,d4,d4,
6b,c5,a7,f7,39,90,bf,5d,10,ad,52,f0,61,e4,f2,fb,6e,0d,9a,81,e9,f4,21,de,c3,\
"??"=hex:22,1a,c9,e1,5e,0d,3d,e8,63,ee,09,76,21,bf,b9,3a

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp]
@DACL=(02 0000)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp.1]
@DACL=(02 0000)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\System\ControlSet005\Enum\ACPI\PNP0F03\4&35f762c4&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(4864)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Stardock\SDMCP.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\ATWTUSB.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IObit\IObit Security 360\is360.exe
.
**************************************************************************
.
Completion time: 2009-08-09 15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 05:18
ComboFix2.txt 2009-08-07 07:39

Pre-Run: 4,261,769,216 bytes free
Post-Run: 4,297,297,920 bytes free

405 --- E O F --- 2009-07-31 15:46


Malwarebytes' Anti-Malware 1.40
Database version: 2583
Windows 5.1.2600 Service Pack 2

9/08/2009 9:13:26 PM
mbam-log-2009-08-09 (21-13-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 282622
Time elapsed: 2 hour(s), 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3A34F76C-4F49-4198-9F9A-1D2F0130ED4D}\RP89\A0038390.EXE (Trojan.VBInject) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Apuci at 2009-08-09 21:24:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (16%) free of 26 GB
Total RAM: 1023 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:19 PM, on 9/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Dolores's Files\My Ink Resident.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Apuci\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Apuci.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: My Ink Resident.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?7b4dbfb583bb471eb3363c552c054de3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?7b4dbfb583bb471eb3363c552c054de3
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Denise\Start Menu\Programs\Games\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {25EBFA7E-A624-487D-AD62-BD7EE060B2D7} - http://supernatural.ten.com.au/entriq/cab/...Ten_3_5_0_5.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1226039343328
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://supernatural.ten.com.au/entriq/cab/..._2_2_Silent.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SDService - Macrovision Europe Ltd - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O24 - Desktop Component 1: (no name) - http://www.airsoftretreat.com/features/wal...c_1280_1024.jpg

--
End of file - 16605 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{391BB6AE-550A-4CF4-B0C1-8F232466A702}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-22 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D} - []
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE [2009-07-15 881920]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe [2008-07-07 50432]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-07 520024]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-22 198160]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]
"EPSON Stylus Photo R230 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE [2005-03-09 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"BootSkin Startup Jobs"=C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe [2004-04-26 270336]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2009-08-06 941328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"H/PC Connection Agent"=C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-11-13 1289000]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"Uniblue SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-07-05 9495832]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-12-05 471552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2003-10-02 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-12 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2008-10-09 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2006-07-29 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-22 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-07-03 1859864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-03-12 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-05-25 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Blue_SkyWeather.exe.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\Widgets\BLUE_S~2.EXE [2007-06-21 490496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Stickies.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\Widgets\STICKY~1.EXE [2005-06-09 88576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
My Ink Resident.lnk - D:\Dolores's Files\My Ink Resident.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-03-17 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\system32\avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free HTML Editor\Coffee.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free HTML Editor\Coffee.exe:*:Enabled:CoffeeCup HTML Editor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.js - edit -
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 2 months======

2009-08-09 15:27:17 ----SHD---- C:\RECYCLER
2009-08-09 15:18:50 ----A---- C:\ComboFix.txt
2009-08-09 14:52:37 ----SH---- C:\WINDOWS\S826C4B08.tmp
2009-08-07 20:48:42 ----D---- C:\rsit
2009-08-07 16:21:59 ----A---- C:\Boot.bak
2009-08-07 16:21:50 ----RASHD---- C:\cmdcons
2009-08-07 16:20:31 ----A---- C:\WINDOWS\zip.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\SWSC.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\SWREG.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\sed.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\PEV.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\grep.exe
2009-08-07 16:20:25 ----D---- C:\WINDOWS\ERDNT
2009-08-07 16:20:13 ----D---- C:\Qoobox
2009-08-06 23:09:36 ----A---- C:\WINDOWS\setuplog.txt
2009-07-27 12:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-07-26 13:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-07-25 18:04:40 ----D---- C:\Program Files\FLV Player
2009-07-24 22:04:52 ----D---- C:\Documents and Settings\Apuci\Application Data\EPSON
2009-07-23 23:23:07 ----D---- C:\Program Files\EPSON Print CD
2009-07-23 23:17:19 ----A---- C:\WINDOWS\EPSMTL32.TXT
2009-07-15 23:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 23:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 14:21:41 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-07-12 01:00:10 ----D---- C:\WINDOWS\ie8updates
2009-07-12 00:56:53 ----HDC---- C:\WINDOWS\ie8
2009-07-11 22:25:19 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2009-07-11 22:25:19 ----A---- C:\WINDOWS\system32\SMMedia.dll
2009-07-11 22:25:17 ----D---- C:\WINDOWS\VirtualEar
2009-07-11 22:25:17 ----A---- C:\WINDOWS\system32\Audio3d.dll
2009-07-11 22:25:16 ----D---- C:\Program Files\Analog Devices
2009-07-11 22:25:16 ----A---- C:\WINDOWS\system32\virtear.dll
2009-07-11 22:25:16 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-07-11 22:25:16 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-07-11 22:22:34 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-11 19:55:13 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-11 01:48:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-10 07:36:52 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-07-10 07:36:48 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-07-10 05:51:52 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-07-07 07:47:10 ----D---- C:\Program Files\Lavasoft
2009-07-07 06:13:52 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-06 23:15:32 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\TpUtil.dll
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\PavLspHook.dll
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\pavipc.dll
2009-07-06 23:15:22 ----A---- C:\WINDOWS\system32\PavSHook.dll
2009-07-06 23:15:19 ----D---- C:\WINDOWS\system32\PAV
2009-07-06 23:15:19 ----A---- C:\WINDOWS\system32\avldr.dll
2009-07-06 23:15:18 ----D---- C:\Documents and Settings\Apuci\Application Data\Panda Security
2009-07-06 23:15:18 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2009-07-06 23:13:25 ----D---- C:\Program Files\Common Files\Panda Security
2009-07-04 19:37:03 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-07-04 19:36:59 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-07-04 19:36:59 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-07-04 19:36:53 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-07-04 19:35:47 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-07-04 19:35:47 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-07-04 19:35:47 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-07-03 18:03:07 ----A---- C:\WINDOWS\WinF.bat
2009-07-03 18:03:07 ----A---- C:\WINDOWS\WinA.bat
2009-07-02 17:40:20 ----D---- C:\Documents and Settings\Apuci\Application Data\REL Software
2009-07-02 17:40:15 ----D---- C:\Documents and Settings\All Users\Application Data\REL Software
2009-07-02 17:40:14 ----D---- C:\Program Files\Web Link Validator
2009-07-01 22:58:29 ----D---- C:\Documents and Settings\Apuci\Application Data\CoffeeCup Software
2009-07-01 22:58:14 ----A---- C:\WINDOWS\system32\PolarZIPLight.dll
2009-06-30 12:46:08 ----D---- C:\Program Files\Power Presenter RE
2009-06-30 12:44:15 ----D---- C:\WINDOWS\udtablet
2009-06-30 12:44:15 ----A---- C:\WINDOWS\system32\WINTAB32.DLL
2009-06-30 12:44:15 ----A---- C:\WINDOWS\system32\Tblfunc.dll
2009-06-30 12:44:15 ----A---- C:\WINDOWS\system32\ATWinLog.dll
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\UTBLFILT.DLL
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\TblRes.dll
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\TBLMOUSE.EXE
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\InstallService.exe
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\Funckey.dll
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\ATWTUSB.EXE
2009-06-30 12:44:14 ----A---- C:\WINDOWS\RmTablet.exe
2009-06-30 12:44:12 ----D---- C:\WINDOWS\calib_da
2009-06-30 12:44:12 ----D---- C:\Documents and Settings\All Users\Application Data\Tablet
2009-06-30 12:44:12 ----A---- C:\WINDOWS\aiptbl.ini
2009-06-29 17:00:50 ----A---- C:\WINDOWS\system32\Ilda32.dll
2009-06-29 17:00:50 ----A---- C:\WINDOWS\system32\BORLNDMM.DLL
2009-06-29 17:00:49 ----D---- C:\Program Files\CoffeeCup Software
2009-06-29 02:34:57 ----D---- C:\Program Files\Zone Labs
2009-06-28 17:10:01 ----SHD---- C:\WINDOWS\CSC
2009-06-26 14:25:28 ----D---- C:\Program Files\VisualTrace
2009-06-24 00:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-22 00:20:11 ----D---- C:\Program Files\Common Files\xing shared
2009-06-13 14:10:32 ----D---- C:\WINDOWS\IswTmp
2009-06-11 11:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-06-11 11:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 11:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 11:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 11:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 12:38:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-10 12:38:53 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-10 12:38:53 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 2 months======

2009-08-09 21:25:08 ----D---- C:\WINDOWS\Prefetch
2009-08-09 21:22:46 ----D---- C:\WINDOWS\Internet Logs
2009-08-09 21:21:23 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-09 21:20:49 ----D---- C:\WINDOWS\Temp
2009-08-09 21:20:45 ----D---- C:\WINDOWS
2009-08-09 21:20:03 ----A---- C:\WINDOWS\win.ini
2009-08-09 21:19:42 ----D---- C:\WINDOWS\system32\drivers
2009-08-09 21:17:43 ----D---- C:\WINDOWS\system32
2009-08-09 15:36:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-09 15:16:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-09 14:56:13 ----A---- C:\WINDOWS\system.ini
2009-08-09 14:50:32 ----D---- C:\WINDOWS\system32\config
2009-08-09 14:48:20 ----D---- C:\WINDOWS\AppPatch
2009-08-09 14:48:17 ----D---- C:\Program Files\Common Files
2009-08-09 14:27:57 ----D---- C:\Program Files\BitLord
2009-08-07 17:37:31 ----SD---- C:\WINDOWS\Tasks
2009-08-07 17:37:21 ----D---- C:\WINDOWS\repair
2009-08-07 17:35:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-07 16:30:52 ----SHD---- C:\WINDOWS\Installer
2009-08-07 16:30:19 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 16:21:59 ----RASH---- C:\boot.ini
2009-08-07 13:45:47 ----D---- C:\Program Files
2009-08-06 23:47:50 ----D---- C:\Documents and Settings\Apuci\Application Data\Skype
2009-08-06 23:42:42 ----D---- C:\WINDOWS\security
2009-08-06 21:53:58 ----D---- C:\Documents and Settings\Apuci\Application Data\skypePM
2009-08-05 15:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 13:58:13 ----D---- C:\Documents and Settings\Apuci\Application Data\CyberLink
2009-08-05 13:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-08-02 19:26:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-01 21:54:35 ----A---- C:\WINDOWS\LogonStudio.ini
2009-08-01 14:50:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-01 14:40:39 ----SHD---- C:\Config.Msi
2009-08-01 11:38:03 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 19:22:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-30 23:45:30 ----A---- C:\WINDOWS\system32\logonuiX.exe
2009-07-30 17:25:33 ----D---- C:\Program Files\Common Files\Stardock
2009-07-30 17:25:32 ----D---- C:\Program Files\Stardock
2009-07-30 14:02:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-29 22:00:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-29 13:07:46 ----RSD---- C:\WINDOWS\assembly
2009-07-29 13:07:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-29 12:59:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-29 12:56:59 ----D---- C:\WINDOWS\WinSxS
2009-07-29 12:56:46 ----D---- C:\Program Files\Common Files\Merge Modules
2009-07-29 12:52:23 ----HD---- C:\WINDOWS\inf
2009-07-29 12:52:11 ----D---- C:\Program Files\Internet Explorer
2009-07-29 12:51:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-28 15:08:14 ----D---- C:\WINDOWS\network diagnostic
2009-07-26 13:58:13 ----D---- C:\Program Files\IObit
2009-07-23 23:25:00 ----D---- C:\Documents and Settings\All Users\Application Data\UDL
2009-07-23 23:23:38 ----D---- C:\Program Files\EPSON
2009-07-21 21:08:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-19 23:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-16 17:18:40 ----D---- C:\WINDOWS\Debug
2009-07-16 14:30:56 ----D---- C:\Program Files\LimeWire
2009-07-15 02:34:59 ----D---- C:\WINDOWS\EHome
2009-07-14 14:21:40 ----D---- C:\WINDOWS\Media
2009-07-14 14:21:32 ----D---- C:\WINDOWS\Help
2009-07-12 02:41:11 ----RD---- C:\WINDOWS\Web
2009-07-12 01:02:35 ----D---- C:\WINDOWS\system32\en-US
2009-07-12 00:58:21 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-11 23:52:10 ----D---- C:\Program Files\Mozilla Firefox
2009-07-11 22:25:17 ----D---- C:\WINDOWS\system
2009-07-11 22:24:27 ----D---- C:\Program Files\Intel Desktop Board Audio Driver
2009-07-10 22:17:47 ----D---- C:\Program Files\DivX
2009-07-10 22:17:05 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-10 20:03:51 ----D---- C:\Program Files\Microsoft ActiveSync
2009-07-10 19:31:08 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-10 18:56:49 ----D---- C:\Program Files\NOS
2009-07-10 18:26:26 ----D---- C:\Program Files\QuickTime
2009-07-10 05:54:59 ----D---- C:\Program Files\ATI Technologies
2009-07-09 09:10:28 ----SD---- C:\Documents and Settings\Apuci\Application Data\Microsoft
2009-07-09 08:58:46 ----HD---- C:\Program Files\Uninstall Information
2009-07-08 01:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-07 22:54:13 ----D---- C:\Documents and Settings\Apuci\Application Data\Adobe
2009-07-07 19:38:04 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-07 03:13:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-06 23:15:17 ----D---- C:\Program Files\Panda Security
2009-07-06 01:10:10 ----D---- C:\WINDOWS\system32\Macromed
2009-07-05 21:43:13 ----D---- C:\WINDOWS\system32\oobe
2009-07-05 19:19:50 ----A---- C:\WINDOWS\chgkey.vbs
2009-07-04 19:37:09 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-07-04 16:32:07 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-04 14:49:25 ----SHD---- C:\System Volume Information
2009-07-04 14:49:25 ----D---- C:\WINDOWS\system32\Restore
2009-07-04 05:25:41 ----D---- C:\WINDOWS\Registration
2009-07-04 04:54:55 ----D---- C:\Program Files\Windows Media Player
2009-07-04 03:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-04 03:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-04 03:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-04 03:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-04 03:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-04 03:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-04 03:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-04 03:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-04 03:09:21 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 21:19:24 ----D---- C:\Program Files\TuneUp Utilities 2007
2009-07-03 21:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-30 12:47:15 ----D---- C:\WINDOWS\twain_32
2009-06-24 21:49:46 ----D---- C:\Documents and Settings\Apuci\Application Data\Uniblue
2009-06-24 21:47:43 ----D---- C:\Program Files\Uniblue
2009-06-23 22:38:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-22 17:16:33 ----D---- C:\FreeTV
2009-06-22 00:20:00 ----D---- C:\Program Files\Common Files\Real
2009-06-22 00:19:57 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-22 00:19:36 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-22 00:19:36 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-22 00:19:28 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-17 00:55:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-17 00:55:16 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-14 18:58:42 ----D---- C:\Documents and Settings\Apuci\Application Data\CheckPoint
2009-06-13 02:51:54 ----D---- C:\Documents and Settings\Apuci\Application Data\Command & Conquer 3 Tiberium Wars
2009-06-11 16:05:54 ----D---- C:\WINDOWS\system32\wbem
2009-06-11 16:05:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-11 11:37:32 ----D---- C:\WINDOWS\ie7updates
2009-06-10 12:38:43 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;Compatible Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2004-08-25 4992]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-07-29 30601]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-11-15 55168]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-08-18 20096]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-15 2455040]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-04 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-05-20 54528]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
R3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 Amusbprt;Compatible HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2005-08-31 12800]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\AvFlt.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-09-29 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 catchme;catchme; \??\C:\DOCUME~1\Apuci\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 FreshIO;FreshIO; C:\WINDOWS\system32\drivers\FreshIO.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-26 42000]
S3 P16X;Sound Blaster 5.1; C:\WINDOWS\system32\drivers\P16X.sys [2005-07-22 1275776]
S3 PavSRK.sys;PavSRK.sys; C:\WINDOWS\system32\drivers\PavSRK.sys.sys []
S3 PavTPK.sys;PavTPK.sys; C:\WINDOWS\system32\drivers\PavTPK.sys.sys []
S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2007-06-12 11776]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\System32\drivers\pivotmou.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\drivers\Sntnlusb.sys []
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-18 52384]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-18 6064]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-18 84512]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-01-25 21280]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-01-25 38016]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-01-25 39244]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [2008-07-14 69632]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\WINDOWS\system32\svchost -k Panda []
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2009-08-06 305936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe [2008-07-04 288512]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe [2008-07-17 157440]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-01-09 126976]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 WTService;WTService; C:\WINDOWS\system32\atwtusb.exe [2007-08-17 364192]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-07 1029456]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-10 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-05 655624]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-08 66056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-26 93048]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#9 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 09 August 2009 - 08:08 AM

Hello DESTROYER,:)

Excelent, well done. :thumbup2:

Please follow the next set of steps to ensure that we do not leave anything bad behind:


Step #1.

Your Posted Image Java program is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Step #2.

ESET Online Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
Credit: Billy Oneal for the canned instructions. You can refer to this animation by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Step #3.

Please Re-scan with RSIT and post the log here in your next reply.

Summary of the logs I will need in your next reply:
  • The report log of ESET OnlineScan
  • The log of RSIT.
And a description of any remaining problems in your next post.

How are things your end DESTROYER?.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:)

#10 DESTROYER

DESTROYER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 10 August 2009 - 08:08 AM

Hello Net_Surfer

I finished the scanning, and I was surprised that there were still some viruses left behind in my computer. But thanks for you my computer is getting clean and fast.
Hopefully thatís the last of them. I donít understand why such people doing something like that. Anyway the most important thing is my computer is running very well. And here are the two log files.

Thank you very much
Best Regards
DESTROYER :) :thumbup2:


C:\Documents and Settings\Dolores\Shared\03 Track 3.wma WMA/TrojanDownloader.Wimad.D trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\AISvCfhk.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3A34F76C-4F49-4198-9F9A-1D2F0130ED4D}\RP89\A0038506.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
D:\Adobe Photoshop cs3\Adobe Photoshop CS3\Required\Droplet Template.exe Win32/TrojanDownloader.Agent.PIO trojan cleaned by deleting - quarantined
D:\Adobe Photoshop cs3\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe Win32/TrojanDownloader.Agent.PIO trojan cleaned by deleting - quarantined
D:\Dolores's Files\ZZ TOP\03 Track 3.wma WMA/TrojanDownloader.Wimad.D trojan cleaned by deleting - quarantined
D:\f4d9dec4d7c4c79008bdcb5bc2\Ezt a hecker at irta\Setup.EXE Win32/TrojanDownloader.Agent.PIO trojan cleaned by deleting - quarantined
D:\Intel® PRO 100 VE Network Connection\Hacker at irta\prounstl.exe Win32/TrojanDownloader.Agent.PIO trojan cleaned by deleting - quarantined




Logfile of random's system information tool 1.06 (written by random/random)
Run by Apuci at 2009-08-10 17:16:17
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (12%) free of 26 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:43 PM, on 10/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Dolores's Files\My Ink Resident.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Apuci\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Apuci.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: My Ink Resident.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?7b4dbfb583bb471eb3363c552c054de3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?7b4dbfb583bb471eb3363c552c054de3
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Denise\Start Menu\Programs\Games\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {25EBFA7E-A624-487D-AD62-BD7EE060B2D7} - http://supernatural.ten.com.au/entriq/cab/...Ten_3_5_0_5.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1226039343328
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://supernatural.ten.com.au/entriq/cab/..._2_2_Silent.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SDService - Macrovision Europe Ltd - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O24 - Desktop Component 1: (no name) - http://www.airsoftretreat.com/features/wal...c_1280_1024.jpg

--
End of file - 16907 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{391BB6AE-550A-4CF4-B0C1-8F232466A702}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-22 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D} - []
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE [2009-07-15 881920]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe [2008-07-07 50432]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-07 520024]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-22 198160]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]
"EPSON Stylus Photo R230 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE [2005-03-09 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"BootSkin Startup Jobs"=C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe [2004-04-26 270336]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2009-08-06 941328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-10 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"H/PC Connection Agent"=C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-11-13 1289000]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"Uniblue SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-07-05 9495832]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-12-05 471552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2003-10-02 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-12 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2008-10-09 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2006-07-29 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-22 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-07-03 1859864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-03-12 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-05-25 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Blue_SkyWeather.exe.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\Widgets\BLUE_S~2.EXE [2007-06-21 490496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Apuci^Start Menu^Programs^Startup^Stickies.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\Widgets\STICKY~1.EXE [2005-06-09 88576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
My Ink Resident.lnk - D:\Dolores's Files\My Ink Resident.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-03-17 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\system32\avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free HTML Editor\Coffee.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free HTML Editor\Coffee.exe:*:Enabled:CoffeeCup HTML Editor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.js - edit -
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 2 months======

2009-08-10 13:39:30 ----D---- C:\Program Files\ESET
2009-08-10 13:24:21 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-10 13:24:21 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-10 13:24:21 ----A---- C:\WINDOWS\system32\java.exe
2009-08-09 15:27:17 ----SHD---- C:\RECYCLER
2009-08-09 15:18:50 ----A---- C:\ComboFix.txt
2009-08-09 14:52:37 ----SH---- C:\WINDOWS\S826C4B08.tmp
2009-08-07 20:48:42 ----D---- C:\rsit
2009-08-07 16:21:59 ----A---- C:\Boot.bak
2009-08-07 16:21:50 ----RASHD---- C:\cmdcons
2009-08-07 16:20:31 ----A---- C:\WINDOWS\zip.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\SWSC.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\SWREG.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\sed.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\PEV.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-07 16:20:31 ----A---- C:\WINDOWS\grep.exe
2009-08-07 16:20:25 ----D---- C:\WINDOWS\ERDNT
2009-08-07 16:20:13 ----D---- C:\Qoobox
2009-07-27 12:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-07-26 13:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-07-25 18:04:40 ----D---- C:\Program Files\FLV Player
2009-07-24 22:04:52 ----D---- C:\Documents and Settings\Apuci\Application Data\EPSON
2009-07-23 23:23:07 ----D---- C:\Program Files\EPSON Print CD
2009-07-23 23:17:19 ----A---- C:\WINDOWS\EPSMTL32.TXT
2009-07-15 23:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 23:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 14:21:41 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-07-12 01:00:10 ----D---- C:\WINDOWS\ie8updates
2009-07-12 00:56:53 ----HDC---- C:\WINDOWS\ie8
2009-07-11 22:25:19 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2009-07-11 22:25:19 ----A---- C:\WINDOWS\system32\SMMedia.dll
2009-07-11 22:25:17 ----D---- C:\WINDOWS\VirtualEar
2009-07-11 22:25:17 ----A---- C:\WINDOWS\system32\Audio3d.dll
2009-07-11 22:25:16 ----D---- C:\Program Files\Analog Devices
2009-07-11 22:25:16 ----A---- C:\WINDOWS\system32\virtear.dll
2009-07-11 22:25:16 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-07-11 22:25:16 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-07-11 22:22:34 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-11 19:55:13 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-11 01:48:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-10 07:36:52 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-07-10 07:36:48 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-07-10 05:51:52 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-07-07 07:47:10 ----D---- C:\Program Files\Lavasoft
2009-07-07 06:13:52 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-06 23:15:32 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\TpUtil.dll
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\PavLspHook.dll
2009-07-06 23:15:23 ----A---- C:\WINDOWS\system32\pavipc.dll
2009-07-06 23:15:22 ----A---- C:\WINDOWS\system32\PavSHook.dll
2009-07-06 23:15:19 ----D---- C:\WINDOWS\system32\PAV
2009-07-06 23:15:19 ----A---- C:\WINDOWS\system32\avldr.dll
2009-07-06 23:15:18 ----D---- C:\Documents and Settings\Apuci\Application Data\Panda Security
2009-07-06 23:15:18 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2009-07-06 23:13:25 ----D---- C:\Program Files\Common Files\Panda Security
2009-07-04 19:37:03 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-07-04 19:36:59 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-07-04 19:36:59 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-07-04 19:36:53 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-07-04 19:36:52 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-07-04 19:35:47 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-07-04 19:35:47 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-07-04 19:35:47 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-07-03 18:03:07 ----A---- C:\WINDOWS\WinF.bat
2009-07-03 18:03:07 ----A---- C:\WINDOWS\WinA.bat
2009-07-02 17:40:20 ----D---- C:\Documents and Settings\Apuci\Application Data\REL Software
2009-07-02 17:40:15 ----D---- C:\Documents and Settings\All Users\Application Data\REL Software
2009-07-02 17:40:14 ----D---- C:\Program Files\Web Link Validator
2009-07-01 22:58:29 ----D---- C:\Documents and Settings\Apuci\Application Data\CoffeeCup Software
2009-07-01 22:58:14 ----A---- C:\WINDOWS\system32\PolarZIPLight.dll
2009-06-30 12:46:08 ----D---- C:\Program Files\Power Presenter RE
2009-06-30 12:44:15 ----D---- C:\WINDOWS\udtablet
2009-06-30 12:44:15 ----A---- C:\WINDOWS\system32\WINTAB32.DLL
2009-06-30 12:44:15 ----A---- C:\WINDOWS\system32\Tblfunc.dll
2009-06-30 12:44:15 ----A---- C:\WINDOWS\system32\ATWinLog.dll
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\UTBLFILT.DLL
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\TblRes.dll
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\TBLMOUSE.EXE
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\InstallService.exe
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\Funckey.dll
2009-06-30 12:44:14 ----A---- C:\WINDOWS\system32\ATWTUSB.EXE
2009-06-30 12:44:14 ----A---- C:\WINDOWS\RmTablet.exe
2009-06-30 12:44:12 ----D---- C:\WINDOWS\calib_da
2009-06-30 12:44:12 ----D---- C:\Documents and Settings\All Users\Application Data\Tablet
2009-06-30 12:44:12 ----A---- C:\WINDOWS\aiptbl.ini
2009-06-29 17:00:50 ----A---- C:\WINDOWS\system32\Ilda32.dll
2009-06-29 17:00:50 ----A---- C:\WINDOWS\system32\BORLNDMM.DLL
2009-06-29 17:00:49 ----D---- C:\Program Files\CoffeeCup Software
2009-06-29 02:34:57 ----D---- C:\Program Files\Zone Labs
2009-06-28 17:10:01 ----SHD---- C:\WINDOWS\CSC
2009-06-26 14:25:28 ----D---- C:\Program Files\VisualTrace
2009-06-24 00:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-22 00:20:11 ----D---- C:\Program Files\Common Files\xing shared
2009-06-13 14:10:32 ----D---- C:\WINDOWS\IswTmp
2009-06-11 11:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-06-11 11:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 11:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 11:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 11:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 2 months======

2009-08-10 17:16:07 ----D---- C:\WINDOWS\Internet Logs
2009-08-10 17:00:21 ----D---- C:\WINDOWS\Prefetch
2009-08-10 13:50:19 ----D---- C:\WINDOWS\Temp
2009-08-10 13:50:15 ----D---- C:\WINDOWS
2009-08-10 13:39:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-10 13:39:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-10 13:39:30 ----D---- C:\Program Files
2009-08-10 13:24:27 ----SHD---- C:\WINDOWS\Installer
2009-08-10 13:24:27 ----SHD---- C:\Config.Msi
2009-08-10 13:24:21 ----D---- C:\WINDOWS\system32
2009-08-10 13:23:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-10 13:23:53 ----D---- C:\Program Files\Java
2009-08-10 13:23:49 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-10 12:52:44 ----A---- C:\WINDOWS\win.ini
2009-08-10 12:52:31 ----D---- C:\WINDOWS\system32\drivers
2009-08-10 12:49:18 ----D---- C:\WINDOWS\security
2009-08-10 11:56:42 ----D---- C:\Program Files\Windows Installer Clean Up
2009-08-09 15:36:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-09 14:56:13 ----A---- C:\WINDOWS\system.ini
2009-08-09 14:50:32 ----D---- C:\WINDOWS\system32\config
2009-08-09 14:48:20 ----D---- C:\WINDOWS\AppPatch
2009-08-09 14:48:17 ----D---- C:\Program Files\Common Files
2009-08-09 14:27:57 ----D---- C:\Program Files\BitLord
2009-08-07 17:37:31 ----SD---- C:\WINDOWS\Tasks
2009-08-07 17:37:21 ----D---- C:\WINDOWS\repair
2009-08-07 17:35:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-07 16:30:19 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 16:21:59 ----RASH---- C:\boot.ini
2009-08-06 23:47:50 ----D---- C:\Documents and Settings\Apuci\Application Data\Skype
2009-08-06 21:53:58 ----D---- C:\Documents and Settings\Apuci\Application Data\skypePM
2009-08-05 15:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 13:58:13 ----D---- C:\Documents and Settings\Apuci\Application Data\CyberLink
2009-08-05 13:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-08-02 19:26:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-01 21:54:35 ----A---- C:\WINDOWS\LogonStudio.ini
2009-08-01 14:50:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-01 11:38:03 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 19:22:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-30 23:45:30 ----A---- C:\WINDOWS\system32\logonuiX.exe
2009-07-30 17:25:33 ----D---- C:\Program Files\Common Files\Stardock
2009-07-30 17:25:32 ----D---- C:\Program Files\Stardock
2009-07-29 22:00:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-29 13:07:46 ----RSD---- C:\WINDOWS\assembly
2009-07-29 13:07:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-29 12:59:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-29 12:56:59 ----D---- C:\WINDOWS\WinSxS
2009-07-29 12:56:46 ----D---- C:\Program Files\Common Files\Merge Modules
2009-07-29 12:52:23 ----HD---- C:\WINDOWS\inf
2009-07-29 12:52:11 ----D---- C:\Program Files\Internet Explorer
2009-07-29 12:51:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-28 15:08:14 ----D---- C:\WINDOWS\network diagnostic
2009-07-26 13:58:13 ----D---- C:\Program Files\IObit
2009-07-23 23:25:00 ----D---- C:\Documents and Settings\All Users\Application Data\UDL
2009-07-23 23:23:38 ----D---- C:\Program Files\EPSON
2009-07-21 21:08:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-19 23:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-16 17:18:40 ----D---- C:\WINDOWS\Debug
2009-07-16 14:30:56 ----D---- C:\Program Files\LimeWire
2009-07-15 02:34:59 ----D---- C:\WINDOWS\EHome
2009-07-14 14:21:40 ----D---- C:\WINDOWS\Media
2009-07-14 14:21:32 ----D---- C:\WINDOWS\Help
2009-07-12 02:41:11 ----RD---- C:\WINDOWS\Web
2009-07-12 01:02:35 ----D---- C:\WINDOWS\system32\en-US
2009-07-12 00:58:21 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-11 23:52:10 ----D---- C:\Program Files\Mozilla Firefox
2009-07-11 22:25:17 ----D---- C:\WINDOWS\system
2009-07-11 22:24:27 ----D---- C:\Program Files\Intel Desktop Board Audio Driver
2009-07-10 22:17:47 ----D---- C:\Program Files\DivX
2009-07-10 22:17:05 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-10 20:03:51 ----D---- C:\Program Files\Microsoft ActiveSync
2009-07-10 19:31:08 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-10 18:56:49 ----D---- C:\Program Files\NOS
2009-07-10 18:26:26 ----D---- C:\Program Files\QuickTime
2009-07-10 05:54:59 ----D---- C:\Program Files\ATI Technologies
2009-07-09 09:10:28 ----SD---- C:\Documents and Settings\Apuci\Application Data\Microsoft
2009-07-09 08:58:46 ----HD---- C:\Program Files\Uninstall Information
2009-07-08 01:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-07 22:54:13 ----D---- C:\Documents and Settings\Apuci\Application Data\Adobe
2009-07-07 19:38:04 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-07 03:13:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-06 23:15:17 ----D---- C:\Program Files\Panda Security
2009-07-06 01:10:10 ----D---- C:\WINDOWS\system32\Macromed
2009-07-05 21:43:13 ----D---- C:\WINDOWS\system32\oobe
2009-07-05 19:19:50 ----A---- C:\WINDOWS\chgkey.vbs
2009-07-04 19:37:09 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-07-04 16:32:07 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-04 14:49:25 ----SHD---- C:\System Volume Information
2009-07-04 14:49:25 ----D---- C:\WINDOWS\system32\Restore
2009-07-04 05:25:41 ----D---- C:\WINDOWS\Registration
2009-07-04 04:54:55 ----D---- C:\Program Files\Windows Media Player
2009-07-04 03:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-04 03:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-04 03:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-04 03:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-04 03:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-04 03:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-04 03:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-04 03:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-04 03:09:21 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 21:19:24 ----D---- C:\Program Files\TuneUp Utilities 2007
2009-07-03 21:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-30 12:47:15 ----D---- C:\WINDOWS\twain_32
2009-06-24 21:49:46 ----D---- C:\Documents and Settings\Apuci\Application Data\Uniblue
2009-06-24 21:47:43 ----D---- C:\Program Files\Uniblue
2009-06-23 22:38:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-22 17:16:33 ----D---- C:\FreeTV
2009-06-22 00:20:00 ----D---- C:\Program Files\Common Files\Real
2009-06-22 00:19:57 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-22 00:19:36 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-22 00:19:36 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-22 00:19:28 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-17 00:55:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-17 00:55:16 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-14 18:58:42 ----D---- C:\Documents and Settings\Apuci\Application Data\CheckPoint
2009-06-13 02:51:54 ----D---- C:\Documents and Settings\Apuci\Application Data\Command & Conquer 3 Tiberium Wars
2009-06-11 16:05:54 ----D---- C:\WINDOWS\system32\wbem
2009-06-11 16:05:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-11 11:37:32 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;Compatible Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2004-08-25 4992]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-07-29 30601]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-11-15 55168]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-08-18 20096]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-15 2455040]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-04 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-05-20 54528]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
R3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 Amusbprt;Compatible HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2005-08-31 12800]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\AvFlt.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-09-29 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 catchme;catchme; \??\C:\DOCUME~1\Apuci\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 FreshIO;FreshIO; C:\WINDOWS\system32\drivers\FreshIO.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-26 42000]
S3 P16X;Sound Blaster 5.1; C:\WINDOWS\system32\drivers\P16X.sys [2005-07-22 1275776]
S3 PavSRK.sys;PavSRK.sys; C:\WINDOWS\system32\drivers\PavSRK.sys.sys []
S3 PavTPK.sys;PavTPK.sys; C:\WINDOWS\system32\drivers\PavTPK.sys.sys []
S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2007-06-12 11776]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\System32\drivers\pivotmou.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\drivers\Sntnlusb.sys []
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-18 52384]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-18 6064]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-18 84512]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-01-25 21280]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-01-25 38016]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-01-25 39244]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [2008-07-14 69632]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\WINDOWS\system32\svchost -k Panda []
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2009-08-06 305936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-10 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe [2008-07-04 288512]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe [2008-07-17 157440]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-01-09 126976]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 WTService;WTService; C:\WINDOWS\system32\atwtusb.exe [2007-08-17 364192]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-07 1029456]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-10 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-05 655624]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-08 66056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-26 93048]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#11 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 10 August 2009 - 05:24 PM

Hello DESTROYER, :cool:

Excellent, Eset Onlinescan did his job here. :thumbup2:

I will leave you with this warning again:

We have cleaned your machine but I can't guarantee that it will be 100% secure afterwards. :) Because of the infection's backdoor functionality, your PC was very likely compromised and there is no way to be sure your computer can ever again be trusted. Depending on what the computer is used for, any sensitive information could be compromised: banking information, client names, contact information, policy numbers, treatment recommendations, serial numbers, software keys, etc. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In most cases, a reformat and clean install of the Operating System is the best solution for your (and probably other's) safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:Please think about this one more time before making your decision about whether to reformat or NOT the computer, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection. Should you have any questions, please feel free to ask.


=============================*=============================



Your logs are clean except for a few files that we need to take care of, please follow the next set of steps:


Step #1.

ESET online scan report:
we need to clean up the quarantine bad file, so please follow my instructions to help do that:


For the one(s) that already are quarantine that ESET found, just delete anything related to ESET. And the file will be gone from your computer.


To get rid of the ones in system restore please do the following:

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Step #2.

Follow these steps to uninstall Combofix and tools used in the removal of malware

Delete ComboFix and Clean Up

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of the next step.. Please visit HERE if you don't know how...Please re-enable them back after performing all steps given.


Click Start > Run and type combofix /u click OK (Note the "space" between combofix and /u) <--- It needs to be there.
Posted Image
Please advise if this step is missed for any reason as it performs some important actions:

"This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".


Since the tools we used to scan the computer, as well as tools to delete files and folders are no longer needed, they should be removed, as well as the folders created by these tools.

If you don't plan to use Eset onlinescan again, then uninstall it through Add/Remove Programs.

Step #3.

Download and Run OTC

We will now remove the tools we used during this fix and also the log files that they created by using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

I recommend keeping ATF and use Malwarebyte's Anti-Malware to scan your computer regularly.


If you have done all of the above, Your Computer should be Clean of Malware.
CONGRATULATIONS.
:)

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

=============================*=============================


Now that you appear to be clean is time to update your system to XPSP3.

Your Microsoft Windows installation is out of date
. Using unpatched Windows systems on the Internet are a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.



OK...DESTROYER, I'm not skilled at mincing words but I believe that by now you already figure it out how you got infected.{Using: P2P file sharing programs, Maybe.. So, especially for you I will use my long version of my "All Clean Canned Speech".

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.:

Please take the time to read below to secure your machine and take the necessary steps to keep it Clean, some of the following you may already have, So. just disregard them.
  • Make sure that you keep your anti-virus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your anti-virus program to provide you with the best possible protection from malicious software.
    Note: You should only have one anti-virus installed at a time. Having more than one anti-virus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • If you are using Windows XP or earlier
    • Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

      If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    • Make Internet Explorer More Secure
      You are using Internet Explorer, Therefore please read and follow the recommendations at this SITE
    Recommended Programs

    To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:.
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • McAfee Site Advisor --free version.
    To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
    This is a utility that can be downloaded and installed it from: HERE
  • Posted Image ATF Cleaner
    Good temp file cleaner that could do the job safely and without removing files that are crucial to windows.
    Cleans temporary files from IE and Windows, empties the recycle bin and more.
    Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    This is a utility that can be downloaded and installed it from: HERE
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
  • Posted ImageMalwarebytes' Anti-Malware or SuperAntiSpyware
    These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    You can download SuperAntiSpyware from HERE.
  • Hosts File - Hosts file is one such file that can be used to replace the Hosts file on your computer and help you to avoid accidentally visiting known nasty web sites.
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:

    Stop and Disable the DNS Client Service
    Go to Start, Run and type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK

    Prevention:
    The Hosts file can be made read only and monitored for changes, or attempted changes. Programs such as >WinPatrol< do this very well.

    Cure:
    If your Hosts file becomes infected, it can be reset by installing >HostsXpert<.
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click "Restore Microsoft's Hosts file" and then click "OK".
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  • Backup regularly.
    You never know when your PC will become unstable or get infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
    Alternatively, you can use 3rd-party programs to back up your data. It can be found at Bleeping Computer.

  • To stay secure is to stay updated.
    Calendar of Updates.

  • Practice Safe Internet
    One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

To find out more information about how you got infected in the first place? and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.[/color]

That's it, happy surfing!

Cheers,
Net_Surfer


***If ComboFix tool helped you***, please kindly consider a donation to it's author, As you just experienced for yourself, ComboFix is a very effective tool. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via: Posted Image

Stay clean and be safe :)

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!


:)

I'd be grateful if you could reply to this post so that I know you have read it and if you've no other questions, the thread can be closed.

#12 DESTROYER

DESTROYER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 12 August 2009 - 03:54 AM

Hello Net_Surfer

Iím sorry for the delay but I was busy yesterday, celebrating my Daughterís birthday.
I read everything first and after I followed your instructions. I downloaded a couple of programs that you suggested and I have already installed them. That was a nice guide line that you gave to me and I will try to follow that. Before we close than this threat I like you ask a couple questions.

1. I know my windows security out of date but the reason is I confused about sp3. I herd lots of stories when people installing sp3 the programs or the computer didnít respond wherry well or the worst the computer just hang. I just like to make sure if I install sp3 on my computer nothing bad going too happened.
2. I made a small website for my family. I am using IIS 5.1 on port 80. Itís like a family album website, they using my ip address to get to my website. But I herd hackers like to use port 80 to hack into computers. So how can I protect my computer if I start up IIS 5.1?

I like to thank you very much all the help you given to me that was great and I like to wish you the best of luck on you future.

Thanks again
Best regards
DESTROYER
:thumbup2: :)

#13 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 12 August 2009 - 08:38 AM

1. I know my windows security out of date but the reason is I confused about sp3. I herd lots of stories when people installing sp3 the programs or the computer didnít respond wherry well or the worst the computer just hang. I just like to make sure if I install sp3 on my computer nothing bad going too happened.

Hello Destroyer,

It will be in your best interest to update to xpsp3, but be sure that you create a new system restore point first and also backup with ERUNT and then get your updates so you can patch any security holes in your XP system.

which will help to prevent crippling malware attacks. Without doing this first, you are wide open to re-infection and other high security risks which are prone to an unpatched system and we are just wasting our time. If you are not sure how to do this, see How to use Microsoft Update. By applying all critical updates, you will close many of these security holes which make your computer vulnerable and not keep getting reinfected.

Further, using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure or infected computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more machines become compromised. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer.

Do you know that microsoft plans to provide support for Windows XP until 2014.??... So is better to get all the patches NOW!.
Read this article:
The Future of Windows XP

After you create a new restore point, create a backup of your registry with ERUNT first. Before you update to XPSP3:

Backup Your Registry with ERUNT

Install ERUNT
(This tool will create a complete backup of your registry to ensure we have a safety net If something goes wrong. Do not delete the backup until we are finished).
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program HERE

When you are finished with updating your computer (And everything runs with no problem), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.




2. I made a small website for my family. I am using IIS 5.1 on port 80. Itís like a family album website, they using my ip address to get to my website. But I herd hackers like to use port 80 to hack into computers. So how can I protect my computer if I start up IIS 5.1?

You can open a new thread in the: AntiVirus, Firewall and Privacy Products and Protection Methods Forum and another member with more experience on this will help you.

You can also do some reading and post a question from the following:

Go and check this: A look at IIS 5.1 in XP Pro.

The Official Microsoft IIS Site.


Best regards
Net_Surfer

:thumbup2:

#14 DESTROYER

DESTROYER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 13 August 2009 - 06:45 AM

Hello Net_Surfer

My computer is up to date and itís running well. I backup my registry with ERUNT.
Thanks for the information you given to me that was a good learning experience.
You help me trough a lot of your time and I appreciate that. I think we can close than this treat.

Thank you very much
Best regards
DESTROYER
:thumbup2: :)

#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 13 August 2009 - 02:25 PM

Hello DESTROYER, :) You are very welcome!!!

Glad that I can help you. :thumbup2:

I had a good coach doing the fix with me and I will like to share your thanks with him also.

His nick is: PropagandaPanda, he takes cares that of all my responses to you are well advised.



It's been a pleasure working with you, now best of luck!, and Happy Surfing :cool:

Best regards
Net_Surfer

:)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users