Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had Trojan_fakealert .Denied permissions


  • This topic is locked This topic is locked
18 replies to this topic

#1 ropat

ropat

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 02 September 2009 - 07:53 PM

Partial clean with spy doctor.Cannot run Superantispyware. Malwarebytes found nothing.

DDS (Ver_09-07-30.01) - NTFSx86
Run by roy at 9:24:45.29 on Wed 09/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1530 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\roy\My Documents\Bleeping comp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wlwt.com/index.html
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [muBlinder] d:\mublinder\mublinder\muBlinder.exe -startup
StartupFolder: c:\docume~1\roy\startm~1\programs\startup\fsllau~1.lnk - c:\program files\fsl\fsl_launcher\FSL_Launcher.exe
StartupFolder: c:\docume~1\roy\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250561865703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {856D7FDE-D648-4312-B328-6AD21D5ECF45} = 208.67.222.222,208.67.222.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roy\applic~1\mozilla\firefox\profiles\clht4yar.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.local12.com/default.aspx
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-17 130936]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2009-8-17 19240]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-8-18 902592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-30 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-8-17 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-30 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-30 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-30 55656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-8-17 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-8-17 146800]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-8-17 95640]
S2 gupdate1ca1fee298fa43c;Google Update Service (gupdate1ca1fee298fa43c);c:\program files\google\update\GoogleUpdate.exe [2009-8-18 133104]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-1 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-1 1097096]

=============== Created Last 30 ================

2009-09-02 06:46 <DIR> --d----- c:\docume~1\roy\applic~1\OpenOffice.org
2009-09-01 22:34 <DIR> --d----- c:\program files\JRE
2009-09-01 22:34 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-09-01 22:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-01 11:13 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 11:13 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-01 11:13 <DIR> --d----- c:\docume~1\roy\applic~1\PC Tools
2009-09-01 11:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-01 09:17 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-01 08:42 132,096 -c------ c:\windows\system32\dllcache\wkssvc.dll
2009-09-01 08:40 58,880 -c------ c:\windows\system32\dllcache\atl.dll
2009-09-01 07:57 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-09-01 07:57 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-09-01 07:57 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-09-01 07:57 10,752 -------- c:\windows\system32\smtpapi.dll
2009-09-01 07:57 9,728 -------- c:\windows\system32\rwnh.dll
2009-09-01 07:52 19,569 a------- c:\windows\006356_.tmp
2009-09-01 07:38 78,336 -c------ c:\windows\system32\dllcache\ieencode.dll
2009-09-01 07:37 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-09-01 07:37 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-09-01 07:37 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-09-01 07:37 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-09-01 07:37 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-09-01 07:37 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-01 07:37 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-09-01 07:37 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-09-01 07:37 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-01 07:37 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-01 07:36 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-09-01 07:36 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-09-01 07:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-09-01 07:36 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-09-01 07:36 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-09-01 07:36 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-09-01 07:30 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-01 07:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-31 22:47 380,416 -------- c:\windows\system32\irprops.cpl
2009-08-31 22:47 213,528 ac------ c:\windows\system32\dllcache\wuaucpl.cpl
2009-08-31 22:47 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-08-31 22:45 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-31 22:43 19,528 a------- c:\windows\002882_.tmp
2009-08-31 21:01 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-08-31 21:01 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-08-31 21:01 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-08-31 21:01 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-08-31 21:01 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-08-31 21:01 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2009-08-31 21:01 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-08-31 21:01 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-08-31 21:01 53,760 ac------ c:\windows\system32\dllcache\wiamsmud.dll
2009-08-31 21:01 701,386 ac------ c:\windows\system32\dllcache\wdhaalba.sys
2009-08-31 21:01 35,871 ac------ c:\windows\system32\dllcache\wbfirdma.sys
2009-08-31 20:59 23,936 ac------ c:\windows\system32\dllcache\sccmusbm.sys
2009-08-31 20:58 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-08-31 20:57 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-08-31 20:56 55,999 ac------ c:\windows\system32\dllcache\el556nd5.sys
2009-08-31 20:55 382,592 ac------ c:\windows\system32\dllcache\atidrab.dll
2009-08-31 20:16 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-08-31 20:15 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-08-31 20:14 49,664 ac------ c:\windows\system32\dllcache\adrot.dll
2009-08-31 20:14 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-08-31 20:14 6,144 ac------ c:\windows\system32\dllcache\admxprox.dll
2009-08-31 20:14 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-08-31 20:14 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-08-31 20:14 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-08-31 20:14 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-08-31 20:14 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-08-31 20:14 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-08-31 20:14 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-08-31 20:14 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-08-31 20:09 184,320 a------- c:\windows\system32\accwiz.exe
2009-08-31 20:02 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-08-31 20:02 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-08-31 19:59 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-08-31 19:59 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-31 19:55 53,760 a------- c:\windows\system32\nvopenal.dll
2009-08-31 19:55 30,208 a------- c:\windows\system32\nvasio.dll
2009-08-31 19:55 21,504 a------- c:\windows\system32\OpenAL32.dll
2009-08-31 19:55 7,168 a------- c:\windows\system32\nvack.dll
2009-08-31 19:55 5,120 a------- c:\windows\system32\ALut.dll
2009-08-31 19:55 962,560 a------- c:\windows\system32\drivers\nvmcp.sys
2009-08-31 19:55 396,032 a------- c:\windows\system32\drivers\nvapu.sys
2009-08-31 19:55 66,688 a------- c:\windows\system32\drivers\nvarm.sys
2009-08-31 19:55 48,640 a------- c:\windows\system32\drivers\nvax.sys
2009-08-31 19:54 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-31 19:54 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-08-31 19:54 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-08-31 18:19 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-08-31 18:11 <DIR> --d----- c:\program files\Trend Micro
2009-08-31 11:54 <DIR> --d----- c:\program files\Enigma Software Group
2009-08-31 07:11 <DIR> --d----- C:\UBCD4Win
2009-08-31 06:09 <DIR> --d----- C:\ubcd4win35
2009-08-31 06:08 <DIR> --d----- C:\DrWeb
2009-08-30 23:10 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-30 23:10 <DIR> --d----- c:\program files\Avira
2009-08-30 23:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-30 21:43 <DIR> --d----- c:\documents and settings\roy\DoctorWeb
2009-08-30 20:38 3,940 a------- c:\windows\system32\tmp.reg
2009-08-30 06:53 <DIR> --d----- c:\docume~1\roy\applic~1\Desktopicon
2009-08-30 06:53 <DIR> --d----- c:\program files\Unlocker
2009-08-30 06:18 <DIR> --d----- c:\windows\pss
2009-08-30 04:22 <DIR> --d----- c:\program files\Yahoo!
2009-08-30 04:22 <DIR> --d----- c:\program files\CCleaner
2009-08-30 03:47 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-29 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-08-29 22:55 <DIR> --d----- c:\documents and settings\roy\.housecall6.6
2009-08-29 15:05 <DIR> --d----- c:\docume~1\roy\applic~1\Movienizer
2009-08-29 15:04 <DIR> --d----- c:\program files\Movienizer
2009-08-29 09:28 <DIR> --d----- c:\program files\Real Alternative
2009-08-29 03:21 <DIR> --d----- c:\docume~1\roy\applic~1\JockerSoft
2009-08-29 03:14 <DIR> --d----- c:\program files\JockerSoft
2009-08-27 08:04 <DIR> --d----- c:\documents and settings\roy\FSL
2009-08-27 08:04 <DIR> --d----- c:\program files\FSL
2009-08-27 04:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-27 04:50 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-27 04:50 <DIR> --d----- c:\docume~1\roy\applic~1\SUPERAntiSpyware.com
2009-08-27 04:49 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-26 11:11 <DIR> --d----- c:\docume~1\roy\applic~1\DivXMuxGui
2009-08-26 11:01 <DIR> --d----- c:\program files\Atomic Clock Sync
2009-08-25 22:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MumboJumbo
2009-08-25 22:23 <DIR> --d----- c:\windows\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-08-25 22:23 <DIR> --d----- c:\program files\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-08-25 13:53 <DIR> --d----- c:\windows\Curse of the Pharaoh Napoleons Secret
2009-08-25 13:53 <DIR> --d----- c:\program files\Curse of the Pharaoh Napoleons Secret
2009-08-25 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-08-24 17:51 7,680 a--sh--- c:\windows\Thumbs.db
2009-08-24 13:55 376 a------- c:\windows\ODBC.INI
2009-08-24 13:54 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-08-24 13:53 <DIR> --d-h--- c:\windows\ShellNew
2009-08-24 13:49 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-24 12:42 <DIR> --d----- c:\docume~1\roy\applic~1\NeroDCTemplates
2009-08-24 09:38 87,608 a------- c:\docume~1\roy\applic~1\inst.exe
2009-08-24 09:38 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-08-24 09:38 47,360 a------- c:\docume~1\roy\applic~1\pcouffin.sys
2009-08-24 09:38 217,127 a------- c:\windows\system32\drv43260.dll
2009-08-24 09:38 208,935 a------- c:\windows\system32\drv33260.dll
2009-08-24 09:38 102,439 a------- c:\windows\system32\sipr3260.dll
2009-08-24 09:38 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-08-24 09:38 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-08-24 09:38 176,165 a------- c:\windows\system32\drv23260.dll
2009-08-24 09:38 65,602 a------- c:\windows\system32\cook3260.dll
2009-08-24 08:56 <DIR> --d----- c:\program files\vso
2009-08-24 08:45 <DIR> --d----- c:\program files\DVD Shrink
2009-08-23 17:15 <DIR> --d----- c:\program files\LopeSoft
2009-08-23 16:59 266,360 a------- c:\windows\system32\TweakUI.exe
2009-08-23 16:59 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-08-23 16:21 <DIR> --d----- c:\program files\Raxco
2009-08-23 13:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-08-23 09:12 <DIR> --d----- c:\program files\LightScribe
2009-08-23 09:04 <DIR> --d----- c:\program files\LightScribe Template Labeler
2009-08-22 12:27 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-08-22 09:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Elaborate Bytes
2009-08-22 09:48 24 a--sh--- c:\windows\SA2D2F9F2.tmp
2009-08-22 09:48 <DIR> --d----- c:\program files\Elaborate Bytes
2009-08-22 09:47 <DIR> --d----- c:\program files\SlySoft
2009-08-22 08:45 212,240 a------- c:\windows\system32\RichTx32.ocx
2009-08-22 08:45 124,688 a------- c:\windows\system32\MSWinSck.ocx
2009-08-22 08:45 1,753,088 a------- c:\windows\system32\ExGrid.dll
2009-08-22 08:45 614,400 a------- c:\windows\system32\ExButton.dll
2009-08-22 08:45 602,112 a------- c:\windows\system32\ExMenu.dll
2009-08-22 08:45 307,200 a------- c:\windows\system32\ExPMenu.dll
2009-08-22 08:45 516,096 a------- c:\windows\system32\ExTab.dll
2009-08-22 08:45 356,352 a------- c:\windows\system32\eSellerateEngine.dll
2009-08-22 08:45 118,784 a------- c:\windows\system32\eWebControl.dll
2009-08-22 08:45 <DIR> --d----- c:\program files\common files\eSellerate
2009-08-22 08:45 368,912 a------- c:\windows\system32\vbar332.dll
2009-08-22 08:45 <DIR> --d----- c:\program files\AnswersThatWork
2009-08-21 21:47 <DIR> --d----- c:\docume~1\roy\applic~1\LEAPS
2009-08-21 21:22 <DIR> --d----- c:\docume~1\roy\applic~1\Pegasys Inc
2009-08-21 21:18 145,504 a------- c:\windows\system32\bgsvcgen.exe
2009-08-21 21:18 59,488 a------- c:\windows\system32\GenSvcInst.exe
2009-08-21 21:18 33,408 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-08-21 21:18 <DIR> --d----- c:\program files\Pegasys Inc
2009-08-20 12:03 <DIR> --d----- c:\program files\Fast AVI MPEG Joiner
2009-08-19 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Slapdash Games
2009-08-19 22:10 <DIR> --d----- c:\windows\Yard Sale Hidden Treasures - Lucky Junction
2009-08-19 22:10 <DIR> --d----- c:\program files\Yard Sale Hidden Treasures - Lucky Junction
2009-08-19 20:46 <DIR> --d----- c:\docume~1\roy\applic~1\3 Days Zoo Mystery
2009-08-19 15:25 <DIR> --d----- c:\docume~1\roy\applic~1\ifns
2009-08-19 15:24 <DIR> --d----- c:\program files\ifns
2009-08-19 11:52 <DIR> --d----- c:\program files\Jigsaw Puzzle Platinum Edition
2009-08-19 11:15 <DIR> --d----- c:\program files\Seagate
2009-08-19 11:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-08-19 11:14 <DIR> --d----- c:\windows\Downloaded Installations
2009-08-19 10:21 <DIR> --d----- c:\windows\system32\NtmsData
2009-08-19 06:05 <DIR> --d----- c:\program files\DVD Profiler
2009-08-19 05:36 <DIR> --d----- c:\program files\EMDB
2009-08-18 22:21 <DIR> --d----- c:\program files\CD Storage Master
2009-08-18 21:08 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-18 19:43 <DIR> --d----- c:\docume~1\roy\applic~1\Malwarebytes
2009-08-18 19:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-18 19:27 <DIR> --d----- c:\program files\Collectorz.com
2009-08-18 16:50 <DIR> --d----- c:\docume~1\roy\applic~1\SpinTop Games
2009-08-18 14:24 <DIR> --d----- C:\AltBins Downloads
2009-08-18 13:01 <DIR> --d----- c:\program files\DAMN NFO Viewer
2009-08-18 11:36 902,592 a------- c:\windows\system32\drivers\tdrpm228.sys
2009-08-18 11:36 540,000 a------- c:\windows\system32\drivers\timntr.sys
2009-08-18 11:36 44,704 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-08-18 11:36 138,208 a------- c:\windows\system32\drivers\snapman.sys
2009-08-18 10:53 <DIR> --d----- c:\program files\QuickPar
2009-08-18 10:39 <DIR> --d----- c:\program files\MSECache
2009-08-18 09:50 747,008 a------- c:\windows\system32\Indeo4.qtx
2009-08-18 09:50 675,328 a------- c:\windows\system32\ir50_32.qtx
2009-08-18 09:50 6,676,480 a------- c:\windows\system32\QuickTime.qts
2009-08-18 09:50 430,592 a------- c:\windows\system32\QuickTimeVR.qtx
2009-08-18 09:50 360,504 a------- c:\windows\system32\QTPlugin.ocx
2009-08-18 09:50 323,072 a------- c:\windows\system32\QuickTime.cpl
2009-08-18 09:50 86,016 a------- c:\windows\system32\QuickTime.ax
2009-08-18 09:50 70,144 a------- c:\windows\system32\QuickTimeCheck.ocx
2009-08-18 09:50 <DIR> --d----- c:\windows\system32\QuickTime
2009-08-18 09:50 <DIR> --d----- c:\program files\QuickTime Alternative
2009-08-18 09:50 <DIR> --d----- c:\program files\Media Player Classic
2009-08-18 09:46 <DIR> --d----- c:\program files\WinAVI Video Converter
2009-08-18 09:43 69 a------- c:\windows\NeroDigital.ini
2009-08-18 09:30 <DIR> --d----- c:\program files\Nero
2009-08-18 09:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-08-18 09:05 105,984 a------- c:\windows\system32\CNMLM58.DLL
2009-08-18 09:05 6,656 a------- c:\windows\system32\CNMVS58.DLL
2009-08-18 09:05 86,016 a------- c:\windows\system32\CNMCP58.exe
2009-08-18 09:05 <DIR> --d-h--- C:\BJPrinter
2009-08-18 08:53 <DIR> --d----- C:\Downloads
2009-08-18 08:33 <DIR> --d-h--- c:\windows\PIF
2009-08-18 06:25 <DIR> --d----- c:\program files\common files\DivX Shared
2009-08-18 06:24 <DIR> --d----- c:\program files\DivX
2009-08-18 06:01 <DIR> --d----- c:\program files\uTorrent
2009-08-18 06:00 <DIR> --d----- c:\docume~1\roy\applic~1\uTorrent
2009-08-18 05:51 <DIR> --d----- c:\docume~1\roy\applic~1\Windows Search
2009-08-17 23:00 <DIR> --d----- c:\docume~1\roy\applic~1\Aisle 5 Games, Inc
2009-08-17 22:57 4,096 a------- c:\windows\d3dx.dat
2009-08-17 22:38 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-17 22:37 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-17 22:37 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-17 22:37 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-17 22:32 <DIR> --d----- c:\program files\Windows Desktop Search
2009-08-17 22:32 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-08-17 22:31 172,032 a------- c:\windows\system32\nvuaudio.exe
2009-08-17 22:31 3,787 a------- c:\windows\system32\nvaudio.nvu
2009-08-17 22:31 <DIR> --d----- c:\windows\system32\URTTEMP
2009-08-17 20:40 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-17 20:39 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-17 19:54 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-17 18:37 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-08-17 18:37 <DIR> --d----- c:\program files\Belarc
2009-08-17 18:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-17 16:54 <DIR> --d----- c:\docume~1\roy\applic~1\Gamers Digital
2009-08-17 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Gamers Digital
2009-08-17 16:40 <DIR> --d----- c:\windows\3 Days Zoo Mystery
2009-08-17 16:40 <DIR> --d----- c:\program files\3 Days Zoo Mystery
2009-08-17 16:38 <DIR> --d----- c:\windows\Mystery P I The New York Fortune
2009-08-17 16:38 <DIR> --d----- c:\program files\Mystery P I The New York Fortune
2009-08-17 16:36 <DIR> --d----- c:\windows\Amazing Heists - Dillinger
2009-08-17 16:36 <DIR> --d----- c:\program files\Amazing Heists - Dillinger
2009-08-17 16:36 <DIR> --d----- c:\windows\Tahiti Hidden Pearl
2009-08-17 16:36 <DIR> --d----- c:\program files\Tahiti Hidden Pearl
2009-08-17 16:32 <DIR> --d----- c:\windows\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
2009-08-17 16:32 <DIR> --d----- c:\program files\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
2009-08-17 16:12 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2009-08-17 15:58 <DIR> --d----- c:\program files\AVIcodec
2009-08-17 15:44 421,888 a------- c:\windows\system32\ac3filter.acm
2009-08-17 15:44 <DIR> --d----- c:\program files\XP Codec Pack
2009-08-17 15:41 819,200 a------- c:\windows\system32\xvidcore.dll
2009-08-17 15:41 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-08-17 15:41 77,824 a------- c:\windows\system32\xvid.ax
2009-08-17 15:41 <DIR> --d----- c:\program files\Xvid
2009-08-17 12:42 <DIR> --d----- c:\program files\AVG
2009-08-17 12:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-17 12:02 218,112 a------- c:\windows\system32\c_g18030.dll
2009-08-17 12:01 <DIR> --d----- c:\windows\network diagnostic
2009-08-17 12:01 144,384 -------- c:\windows\system32\drivers\hdaudbus.sys
2009-08-17 12:01 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-08-17 12:00 19,569 a------- c:\windows\005439_.tmp
2009-08-17 11:40 <DIR> --d----- c:\windows\system32\PreInstall
2009-08-17 11:40 <DIR> --d-h--- c:\windows\$hf_mig$
2009-08-17 11:32 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-08-17 11:31 <DIR> --d----- c:\docume~1\roy\applic~1\PCToolsFirewallPlus
2009-08-17 11:30 1,324 a------- c:\windows\system32\d3d9caps.dat
2009-08-17 11:30 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-08-17 11:30 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-17 11:27 316,640 a------- c:\windows\WMSysPr9.prx
2009-08-17 11:24 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-08-17 11:24 19,528 a------- c:\windows\002365_.tmp
2009-08-17 11:24 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-08-17 11:23 <DIR> --d----- c:\windows\EHome
2009-08-17 11:19 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-17 11:19 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-17 11:19 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-17 11:19 97,408 a------- c:\windows\system32\drivers\pctfw.sys
2009-08-17 11:19 <DIR> --d----- c:\program files\common files\PC Tools
2009-08-17 11:19 95,640 a------- c:\windows\system32\drivers\pctplfw.sys
2009-08-17 11:19 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-08-17 10:40 210,919 a------- c:\windows\system32\nvapps.xml
2009-08-17 10:40 453,152 a------- c:\windows\system32\nvudisp.exe
2009-08-17 10:40 18,795 a------- c:\windows\system32\nvdisp.nvu
2009-08-17 10:40 <DIR> --d----- c:\windows\nview
2009-08-17 10:39 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-08-17 10:35 <DIR> --d----- c:\windows\system32\Adobe
2009-08-17 10:35 306,688 a------- c:\windows\IsUninst.exe
2009-08-17 10:34 996,872 a------- c:\windows\system\CP3240MT.DLL
2009-08-17 10:34 458,752 a------- c:\windows\system\COMCTL32.DLL
2009-08-17 10:34 245,912 a------- c:\windows\system\VCLX35.BPL
2009-08-17 10:34 187,392 a------- c:\windows\system\BCBSMP35.BPL
2009-08-17 10:34 29,952 a------- c:\windows\system\BORLNDMM.DLL
2009-08-17 10:34 1,455,736 a------- c:\windows\system\VCL35.BPL
2009-08-17 10:33 6,272 a------- c:\windows\system32\drivers\ASLM75.SYS
2009-08-17 10:33 <DIR> --d----- c:\program files\ASUS
2009-08-17 10:33 299,008 a------- c:\windows\uninst.exe
2009-08-17 10:33 <DIR> --d----- c:\documents and settings\roy\WINDOWS
2009-08-17 10:33 80,896 a----r-- c:\windows\system32\drivers\NVENET.sys
2009-08-17 10:33 1,024 a----r-- c:\windows\system32\drivers\jedih2rx.bin
2009-08-17 10:33 122 a----r-- c:\windows\system32\drivers\ramsed.bin
2009-08-17 10:33 42 a----r-- c:\windows\system32\drivers\jedireg.pat
2009-08-17 10:33 13,568 a----r-- c:\windows\system32\drivers\nv_agp.SYS
2009-08-17 10:33 126,976 -------- c:\windows\system32\NVNFINST.DLL
2009-08-17 10:32 3,260 a------- c:\windows\Ascd_tmp.ini
2009-08-17 10:32 5,824 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-08-17 10:12 160 a------- c:\windows\MyDrivers.ini
2009-08-17 10:09 <DIR> --d----- c:\program files\My Drivers
2009-08-17 10:05 <DIR> --dsh--- c:\windows\Installer
2009-08-17 10:04 <DIR> --d----- c:\documents and settings\roy
2009-08-17 10:03 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-17 10:00 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-17 09:59 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-17 09:59 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-17 09:59 <DIR> --d----- c:\program files\Online Services
2009-08-17 09:59 <DIR> --d----- c:\program files\Messenger
2009-08-17 09:58 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-08-17 09:58 <DIR> --d----- c:\program files\Windows NT
2009-08-17 05:43 <DIR> --d----- c:\program files\common files\ODBC
2009-08-17 05:43 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-08-17 05:43 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-08-31 20:09 23,348 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-31 08:47 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-31 08:47 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:10 232,200 a------- c:\windows\system32\PDBoot.exe
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-13 20:17 129,784 -------- c:\windows\system32\pxafs.dll
2009-07-13 20:17 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-07-13 20:17 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-07-13 20:17 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-07-13 20:17 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-07-13 20:17 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-13 20:15 90,112 a------- c:\windows\system32\dpl100.dll
2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-07-13 20:15 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-07-13 20:15 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-07-13 20:15 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-07-13 20:15 685,056 a------- c:\windows\system32\DivX.dll
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-29 12:12 78,336 -------- c:\windows\system32\ieencode.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll

============= FINISH: 9:25:03.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 September 2009 - 04:56 PM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 ropat

ropat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 September 2009 - 06:13 PM

Here are the files you requested. The Pc is working pretty good. there are still some hidden files that I could not find.
Thanks.
ropat

#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 September 2009 - 07:52 PM

Hi ropat,

You need to re-scan with DDS again and copy and paste the report logs back here do not attach them so it is easy for us to research each one of the files on those logs.

Thanks

Net_Surfer

#5 ropat

ropat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 September 2009 - 09:26 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by roy at 22:24:12.39 on Sat 09/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1551 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2009 8:16:28 PM
System Uptime: 9/19/2009 6:52:34 PM (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-X
Processor: AMD Athlon™ XP 2700+ | Socket A | 2162/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 74.177 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 60.364 GiB free.
E: is FIXED (NTFS) - 562 GiB total, 391.238 GiB free.
F: is FIXED (NTFS) - 79 GiB total, 64.498 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is FIXED (NTFS) - 466 GiB total, 268.231 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP15: 9/1/2009 10:35:41 PM - Installed OpenOffice.org 3.1
RP16: 9/2/2009 8:40:32 AM - System Checkpoint
RP17: 9/3/2009 8:41:05 AM - System Checkpoint
RP18: 9/4/2009 11:58:42 AM - System Checkpoint
RP19: 9/5/2009 12:00:33 PM - System Checkpoint
RP20: 9/6/2009 12:26:11 PM - System Checkpoint
RP21: 9/7/2009 2:30:41 PM - System Checkpoint
RP22: 9/7/2009 10:41:32 PM - Made by Registry Mechanic O
RP23: 9/9/2009 4:25:57 AM - System Checkpoint
RP24: 9/9/2009 12:02:53 PM - RegRun Virus Scan
RP25: 9/9/2009 6:05:12 PM - RegRun Virus Scan
RP26: 9/10/2009 12:27:27 PM - Software Distribution Service 3.0
RP27: 9/10/2009 12:42:16 PM - Software Distribution Service 3.0
RP28: 9/10/2009 12:47:32 PM - Software Distribution Service 3.0
RP29: 9/10/2009 1:04:19 PM - Installed Windows XP KB915800-v4.
RP30: 9/11/2009 2:44:10 PM - System Checkpoint
RP31: 9/12/2009 3:07:06 PM - System Checkpoint
RP32: 9/13/2009 4:16:10 PM - System Checkpoint
RP33: 9/14/2009 5:19:05 PM - System Checkpoint
RP34: 9/15/2009 6:04:58 PM - System Checkpoint
RP35: 9/16/2009 6:41:55 PM - System Checkpoint
RP36: 9/19/2009 9:11:41 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
3 Days Zoo Mystery
7-Zip 4.65
AAC Decoder
Acrobat.com
Acronis True Image Home
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player 11.5
Amazing Heists - Dillinger
Atomic Clock Sync
Auslogics Duplicate File Finder
AutoUpdate
AVIcodec (remove only)
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.1
BulkEdit 1.24
CCleaner (remove only)
CloneCD
CloneDVD2
CodecInstaller 2.10.2
Collectorz.com Movie Collector
ConvertXtoDVD 3 english manual
ConvertXtoDVD 3.8.0.193d
Curse of the Pharaoh Napoleons Secret
DivX Codec
DivX Codec 3.1alpha release
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DivXMuxGUI
DivxToDVD 0.5.2b
Drive Manager
DVD Shrink 3.2
EMDB 0.86
ERUNT 1.1j
Fast AVI MPEG Joiner 1.1.2
FileMenu Tools
FSL Launcher 1.1.4.4 SR1
G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
Google Chrome
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Instant File Name Search 1.7.5
Java™ 6 Update 16
JeniuS
Jigsaw Puzzle Platinum Edition
LightScribe Applications
LightScribe System Software
LightScribe Template Labeler
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Midnight Mysteries - The Edgar Allan Poe Conspiracy
MKV Splitter
Movienizer 2.1
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB954430)
My Drivers 3.11
Mystery P I The New York Fortune
Nero 8
neroxml
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
PC Tools Firewall Plus 5.0
PerfectDisk 10 Professional
QuickPar 0.9
QuickTime Alternative 1.47
Real Alternative 1.9.0 Lite
Registry Mechanic 8.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB971961)
SpyHunter
Spyware Doctor 6.0
SUPERAntiSpyware Free Edition
Tahiti Hidden Pearl
The Ultimate Troubleshooter
TMPGEnc 4.0 XPress
TMPGEnc DVD Author 3 with DivX Authoring
Tweak UI
UBCD4Win 3.50
UnHackMe 4.80 beta
Uniblue ProcessScanner
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
WebFldrs XP
WinAVI Video Converter
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack
Xvid 1.2.2 final uninstall
Yard Sale Hidden Treasures - Lucky Junction

==== End Of File ===========================


C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\DDS\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wlwt.com/index.html
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [muBlinder] d:\mublinder\mublinder\muBlinder.exe -startup
StartupFolder: c:\docume~1\roy\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\roy\startm~1\programs\startup\fsllau~1.lnk - c:\program files\fsl\fsl_launcher\FSL_Launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250561865703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {856D7FDE-D648-4312-B328-6AD21D5ECF45} = 208.67.222.222,208.67.222.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roy\applic~1\mozilla\firefox\profiles\clht4yar.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.local12.com/default.aspx
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-17 206256]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2009-8-17 19240]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-8-18 902592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-30 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-8-17 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-30 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-30 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-30 55656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-8-17 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-8-17 146800]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-8-17 95640]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\roy\local settings\temporary internet files\content.ie5\u67eg8t3\sabkutil.sys --> c:\documents and settings\roy\local settings\temporary internet files\content.ie5\u67eg8t3\SABKUTIL.sys [?]
S2 gupdate1ca1fee298fa43c;Google Update Service (gupdate1ca1fee298fa43c);c:\program files\google\update\GoogleUpdate.exe [2009-8-18 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-2 38160]
S3 mbr;mbr;\??\c:\docume~1\roy\locals~1\temp\mbr.sys --> c:\docume~1\roy\locals~1\temp\mbr.sys [?]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-1 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-1 1097096]

=============== Created Last 30 ================

2009-09-17 07:27 <DIR> --d----- c:\program files\Uniblue
2009-09-13 08:07 <DIR> --d----- c:\program files\Auslogics
2009-09-12 06:37 <DIR> --d----- c:\windows\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-12 06:37 <DIR> --d----- c:\program files\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-10 18:49 <DIR> --d----- c:\docume~1\roy\applic~1\Office Genuine Advantage
2009-09-10 13:04 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-09-10 13:04 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-09-10 13:04 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-09-09 18:08 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-09 12:25 <DIR> a-dshr-- C:\cmdcons
2009-09-09 12:24 230,912 a------- c:\windows\PEV.exe
2009-09-09 12:24 161,792 a------- c:\windows\SWREG.exe
2009-09-09 12:24 98,816 a------- c:\windows\sed.exe
2009-09-09 11:59 2 a--shrot c:\windows\winstart.bat
2009-09-09 11:59 8,944 a------- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-09-09 11:59 <DIR> --d----- c:\program files\UnHackMe
2009-09-02 21:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2009-09-02 10:52 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 10:52 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-02 10:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 10:07 <DIR> --d----- C:\HiJackThis
2009-09-02 10:05 <DIR> --d----- C:\HJT
2009-09-02 06:46 <DIR> --d----- c:\docume~1\roy\applic~1\OpenOffice.org
2009-09-01 22:34 <DIR> --d----- c:\program files\JRE
2009-09-01 22:34 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-09-01 22:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-01 11:13 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 11:13 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-01 11:13 <DIR> --d----- c:\docume~1\roy\applic~1\PC Tools
2009-09-01 11:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-01 09:17 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-01 08:42 132,096 -c------ c:\windows\system32\dllcache\wkssvc.dll
2009-09-01 08:40 58,880 -c------ c:\windows\system32\dllcache\atl.dll
2009-09-01 07:57 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-09-01 07:57 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-09-01 07:57 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-09-01 07:57 10,752 -------- c:\windows\system32\smtpapi.dll
2009-09-01 07:57 9,728 -------- c:\windows\system32\rwnh.dll
2009-09-01 07:52 19,569 a------- c:\windows\006356_.tmp
2009-09-01 07:38 78,336 -c------ c:\windows\system32\dllcache\ieencode.dll
2009-09-01 07:37 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-09-01 07:37 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-09-01 07:37 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-09-01 07:37 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-09-01 07:37 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-09-01 07:37 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-01 07:37 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-09-01 07:37 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-09-01 07:37 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-01 07:37 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-01 07:36 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-09-01 07:36 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-09-01 07:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-09-01 07:36 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-09-01 07:36 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-09-01 07:36 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-09-01 07:30 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-01 07:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-31 22:46 482,304 ac------ c:\windows\system32\dllcache\pintlgnt.ime
2009-08-31 22:46 480,256 ac------ c:\windows\system32\dllcache\cintsetp.exe
2009-08-31 22:46 455,168 ac------ c:\windows\system32\dllcache\tintsetp.exe
2009-08-31 22:46 198,656 ac------ c:\windows\system32\dllcache\cintime.dll
2009-08-31 22:46 70,144 ac------ c:\windows\system32\dllcache\pintlphr.exe
2009-08-31 22:46 482,304 a------- c:\windows\system32\PINTLGNT.IME
2009-08-31 22:45 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-31 22:43 19,528 a------- c:\windows\002882_.tmp
2009-08-31 21:01 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-08-31 21:01 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-08-31 21:01 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-08-31 21:01 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-08-31 21:01 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-08-31 21:01 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2009-08-31 21:01 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-08-31 21:01 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-08-31 21:01 53,760 ac------ c:\windows\system32\dllcache\wiamsmud.dll
2009-08-31 21:01 701,386 ac------ c:\windows\system32\dllcache\wdhaalba.sys
2009-08-31 21:01 35,871 ac------ c:\windows\system32\dllcache\wbfirdma.sys
2009-08-31 20:59 23,936 ac------ c:\windows\system32\dllcache\sccmusbm.sys
2009-08-31 20:58 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-08-31 20:57 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-08-31 20:56 55,999 ac------ c:\windows\system32\dllcache\el556nd5.sys
2009-08-31 20:55 382,592 ac------ c:\windows\system32\dllcache\atidrab.dll
2009-08-31 20:16 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-08-31 20:15 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-08-31 20:14 49,664 ac------ c:\windows\system32\dllcache\adrot.dll
2009-08-31 20:14 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-08-31 20:14 6,144 ac------ c:\windows\system32\dllcache\admxprox.dll
2009-08-31 20:14 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-08-31 20:14 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-08-31 20:14 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-08-31 20:14 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-08-31 20:14 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-08-31 20:14 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-08-31 20:14 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-08-31 20:14 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-08-31 20:09 184,320 a------- c:\windows\system32\accwiz.exe
2009-08-31 20:02 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-08-31 20:02 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-08-31 19:59 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-08-31 19:59 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-31 19:55 53,760 a------- c:\windows\system32\nvopenal.dll
2009-08-31 19:55 30,208 a------- c:\windows\system32\nvasio.dll
2009-08-31 19:55 21,504 a------- c:\windows\system32\OpenAL32.dll
2009-08-31 19:55 7,168 a------- c:\windows\system32\nvack.dll
2009-08-31 19:55 5,120 a------- c:\windows\system32\ALut.dll
2009-08-31 19:55 962,560 a------- c:\windows\system32\drivers\nvmcp.sys
2009-08-31 19:55 396,032 a------- c:\windows\system32\drivers\nvapu.sys
2009-08-31 19:55 66,688 a------- c:\windows\system32\drivers\nvarm.sys
2009-08-31 19:55 48,640 a------- c:\windows\system32\drivers\nvax.sys
2009-08-31 19:54 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-31 19:54 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-08-31 19:54 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-08-31 18:19 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-08-31 18:11 <DIR> --d----- c:\program files\Trend Micro
2009-08-31 11:54 <DIR> --d----- c:\program files\Enigma Software Group
2009-08-31 07:11 <DIR> --d----- C:\UBCD4Win
2009-08-31 06:09 <DIR> --d----- C:\ubcd4win35
2009-08-31 06:08 <DIR> --d----- C:\DrWeb
2009-08-30 23:10 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-30 23:10 <DIR> --d----- c:\program files\Avira
2009-08-30 23:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-30 21:43 <DIR> --d----- c:\documents and settings\roy\DoctorWeb
2009-08-30 06:53 <DIR> --d----- c:\docume~1\roy\applic~1\Desktopicon
2009-08-30 06:53 <DIR> --d----- c:\program files\Unlocker
2009-08-30 06:18 <DIR> --d----- c:\windows\pss
2009-08-30 04:22 <DIR> --d----- c:\program files\Yahoo!
2009-08-30 04:22 <DIR> --d----- c:\program files\CCleaner
2009-08-30 03:47 <DIR> --d----- C:\$AVG8.VAULT$
2009-08-29 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-08-29 22:55 <DIR> --d----- c:\documents and settings\roy\.housecall6.6
2009-08-29 15:05 <DIR> --d----- c:\docume~1\roy\applic~1\Movienizer
2009-08-29 15:04 <DIR> --d----- c:\program files\Movienizer
2009-08-29 09:28 <DIR> --d----- c:\program files\Real Alternative
2009-08-29 03:21 <DIR> --d----- c:\docume~1\roy\applic~1\JockerSoft
2009-08-29 03:14 <DIR> --d----- c:\program files\JockerSoft
2009-08-27 08:04 <DIR> --d----- c:\documents and settings\roy\FSL
2009-08-27 08:04 <DIR> --d----- c:\program files\FSL
2009-08-27 04:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-27 04:50 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-27 04:50 <DIR> --d----- c:\docume~1\roy\applic~1\SUPERAntiSpyware.com
2009-08-27 04:49 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-26 11:11 <DIR> --d----- c:\docume~1\roy\applic~1\DivXMuxGui
2009-08-26 11:01 <DIR> --d----- c:\program files\Atomic Clock Sync
2009-08-25 22:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MumboJumbo
2009-08-25 13:53 <DIR> --d----- c:\windows\Curse of the Pharaoh Napoleons Secret
2009-08-25 13:53 <DIR> --d----- c:\program files\Curse of the Pharaoh Napoleons Secret
2009-08-25 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-08-24 17:51 7,680 a--sh--- c:\windows\Thumbs.db
2009-08-24 13:55 376 a------- c:\windows\ODBC.INI
2009-08-24 13:54 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-08-24 13:53 <DIR> --d-h--- c:\windows\ShellNew
2009-08-24 13:49 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-24 12:42 <DIR> --d----- c:\docume~1\roy\applic~1\NeroDCTemplates
2009-08-24 09:38 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-08-24 09:38 47,360 a------- c:\docume~1\roy\applic~1\pcouffin.sys
2009-08-24 09:38 217,127 a------- c:\windows\system32\drv43260.dll
2009-08-24 09:38 208,935 a------- c:\windows\system32\drv33260.dll
2009-08-24 09:38 102,439 a------- c:\windows\system32\sipr3260.dll
2009-08-24 09:38 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-08-24 09:38 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-08-24 09:38 176,165 a------- c:\windows\system32\drv23260.dll
2009-08-24 09:38 65,602 a------- c:\windows\system32\cook3260.dll
2009-08-24 08:56 <DIR> --d----- c:\program files\vso
2009-08-24 08:45 <DIR> --d----- c:\program files\DVD Shrink
2009-08-23 17:15 <DIR> --d----- c:\program files\LopeSoft
2009-08-23 16:59 266,360 a------- c:\windows\system32\TweakUI.exe
2009-08-23 16:59 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-08-23 16:21 <DIR> --d----- c:\program files\Raxco
2009-08-23 13:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-08-23 09:12 <DIR> --d----- c:\program files\LightScribe
2009-08-23 09:04 <DIR> --d----- c:\program files\LightScribe Template Labeler
2009-08-22 12:27 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-08-22 09:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Elaborate Bytes
2009-08-22 09:48 24 a--sh--- c:\windows\SA2D2F9F2.tmp
2009-08-22 09:48 <DIR> --d----- c:\program files\Elaborate Bytes
2009-08-22 09:47 <DIR> --d----- c:\program files\SlySoft
2009-08-22 08:45 212,240 a------- c:\windows\system32\RichTx32.ocx
2009-08-22 08:45 124,688 a------- c:\windows\system32\MSWinSck.ocx
2009-08-22 08:45 1,753,088 a------- c:\windows\system32\ExGrid.dll
2009-08-22 08:45 614,400 a------- c:\windows\system32\ExButton.dll
2009-08-22 08:45 602,112 a------- c:\windows\system32\ExMenu.dll
2009-08-22 08:45 307,200 a------- c:\windows\system32\ExPMenu.dll
2009-08-22 08:45 516,096 a------- c:\windows\system32\ExTab.dll
2009-08-22 08:45 356,352 a------- c:\windows\system32\eSellerateEngine.dll
2009-08-22 08:45 118,784 a------- c:\windows\system32\eWebControl.dll
2009-08-22 08:45 <DIR> --d----- c:\program files\common files\eSellerate
2009-08-22 08:45 368,912 a------- c:\windows\system32\vbar332.dll
2009-08-22 08:45 <DIR> --d----- c:\program files\AnswersThatWork
2009-08-21 21:47 <DIR> --d----- c:\docume~1\roy\applic~1\LEAPS
2009-08-21 21:22 <DIR> --d----- c:\docume~1\roy\applic~1\Pegasys Inc
2009-08-21 21:18 145,504 a------- c:\windows\system32\bgsvcgen.exe
2009-08-21 21:18 59,488 a------- c:\windows\system32\GenSvcInst.exe
2009-08-21 21:18 33,408 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-08-21 21:18 <DIR> --d----- c:\program files\Pegasys Inc

==================== Find3M ====================

2009-09-06 22:09 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-01 22:34 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-31 20:09 23,348 a------- c:\windows\system32\emptyregdb.dat
2009-08-18 11:36 902,592 a------- c:\windows\system32\drivers\tdrpm228.sys
2009-08-18 11:36 540,000 a------- c:\windows\system32\drivers\timntr.sys
2009-08-18 11:36 44,704 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-08-18 11:36 138,208 a------- c:\windows\system32\drivers\snapman.sys
2009-08-17 22:57 4,096 a------- c:\windows\d3dx.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-31 08:47 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-31 08:47 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:10 232,200 a------- c:\windows\system32\PDBoot.exe
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-13 20:17 129,784 -------- c:\windows\system32\pxafs.dll
2009-07-13 20:17 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-07-13 20:17 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-07-13 20:15 90,112 a------- c:\windows\system32\dpl100.dll
2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-07-13 20:15 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-07-13 20:15 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-07-13 20:15 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-07-13 20:15 685,056 a------- c:\windows\system32\DivX.dll
2009-06-29 12:12 827,392 -------- c:\windows\system32\wininet.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-29 12:12 78,336 -------- c:\windows\system32\ieencode.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll

============= FINISH: 22:24:29.04 ===============

#6 ropat

ropat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 September 2009 - 09:37 PM

Is this what you needed?
It's late for me, Am about ready for bed.
Let me know if you need anything else.
Thanks

#7 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 September 2009 - 09:38 PM

Hello ropat, and :( to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems, seems that you have a MBR infection here.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.

Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.

-----------------------------------------------------------

Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult..

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

Kind regards
Net_Surfer

:(

Edited by Net_Surfer, 19 September 2009 - 09:39 PM.


#8 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 23 September 2009 - 11:22 AM

Hello ropat again, :(

Sorry for the delay. The forum is exceptionally busy. I have reviewed your logs and proposed a fix. I am patiently waiting for my coach to approve the clean-up and it can be another few hours, please be patient.
If possible I would encourage you to minimize use of that computer until we can get it cleaned up. I appreciate your patience.

Regards,
Net_Surfer

:(

#9 ropat

ropat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 23 September 2009 - 05:16 PM

Thanks surfer.
your help is appreciated.

#10 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 24 September 2009 - 10:00 AM



Hello again ropat,:)


Sorry for the delay but since we got this going the replies will be faster from now on.


Ok..ropat.. , please observe these rules while we work
:
  • Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :(

-----------------------------------*--------------------------------

Going over your logs I noticed a few programs installed in your computer and I need you to please read and take action in the following:

:) P2P Warning :)

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case: µTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

-----------------------------------**--------------------------------

Registry Mechanic Warning!

The following is referring to < Registry Mechanic 8.0 >.

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System.
  • Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
  • The point we are trying to make is that the risk of using one far outweighs any benefit.
  • If it does work perfectly you will not see any difference
    If it doesn't work properly you may end up with an expensive doorstop.
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

NOTE: Registry cleaners should be used with caution and always back up your registry before deleting what it says are invalid entries.
be careful you do not overclean your Registry and come to regret it. What's called invalid may be what your system needs to run correctly.

Please read this blog by: miekiemoes. Link

-----------------------------------***--------------------------------

Beware Unlocker 1.8.7 Warning

I can see that you have the Unlocker 1.8.7 program installed in your system.

Unlocker is an extremely useful utility that allows you to remove file locks on files and directories. In the past I've downloaded and installed this program without incident, it appears to be the latest release (1.8.7) which is problematic.

The problem with this version is that it installs a program called eBayShortcut.exe. The installer even gives you the option to deselect this but unfortunately it gets installed anyways. What makes it worse is that it is not uninstalled correctly by the installer which is a big problem.

You can read more about it: HERE.<--And--> HERE.

I uploaded the ebayshortcuts.exe file to threatexpert. This is their report: http://www.threatexpert.com/report.aspx?md...dbfadfbc1299136.

Apparently, the program tries to connect to www.adon-demand.de and download additional files. I suggest everyone delete this program.

The only ebay shortcut I need is when I point my browser to www.ebay.com. lol , but if you are going to provide links to a revenue generating site, you should do so with actual shortcuts, not via executables. This just reeks of bad judgement on the part of the Unlocker folks and I hope they do a better job with this in the future.


**I would recommend that you uninstall Unlocker 1.8.7, or you can go back and install 1.8.5, which seems to be the most recent version without the ebay links.

However that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

----------------------------^-------------------------------


Please carefully follow the instructions:

:step1: Please download: mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.(The program will check the Master Boot Record and will produce a report).
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
:) Please note: There are signs that you had ran combofix on yor own.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Since you already ran the tool, I need to see the log it created. Please locate this file C:\Combofix.txt and include its contents in your next reply along with the mbr.log.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:(

#11 ropat

ropat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 24 September 2009 - 10:29 AM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
ComboFix 09-09-08.09 - roy 09/09/2009 12:26.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1658 [GMT -4:00]
Running from: c:\documents and settings\roy\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\roy\Application Data\inst.exe
c:\documents and settings\roy\My Documents\remove trojan.reg
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\system32\tmp.reg
I:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 15:59 . 2009-09-09 15:59 30946 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-09-09 15:59 . 2009-09-09 15:59 28672 ----a-w- c:\windows\system32\Partizan.exe
2009-09-09 15:59 . 2009-09-09 15:59 2 --shatr- c:\windows\winstart.bat
2009-09-09 15:59 . 2005-04-03 19:02 8944 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-09-09 15:59 . 2009-09-09 16:00 -------- d-----w- c:\program files\UnHackMe
2009-09-08 16:35 . 2009-09-08 16:35 -------- d-----w- c:\program files\ERUNT
2009-09-07 01:00 . 2009-09-07 01:04 -------- d-----w- C:\rsit
2009-09-04 14:33 . 2009-09-04 14:33 -------- d-----w- c:\documents and settings\pat\Application Data\Nero
2009-09-03 01:36 . 2009-09-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-02 14:52 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 14:52 . 2009-09-02 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 14:52 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 14:07 . 2009-09-09 12:38 -------- d-----w- C:\HiJackThis
2009-09-02 14:05 . 2009-09-09 13:27 -------- d-----w- C:\HJT
2009-09-02 10:46 . 2009-09-02 10:46 -------- d-----w- c:\documents and settings\roy\Application Data\OpenOffice.org
2009-09-02 02:34 . 2009-09-02 02:34 -------- d-----w- c:\program files\JRE
2009-09-02 02:34 . 2009-09-02 02:34 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-01 15:13 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 15:13 . 2009-09-07 02:23 -------- d-----w- c:\program files\Spyware Doctor
2009-09-01 15:13 . 2009-09-01 15:13 -------- d-----w- c:\documents and settings\roy\Application Data\PC Tools
2009-09-01 15:13 . 2009-09-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-01 12:42 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-09-01 12:40 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-09-01 11:57 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-09-01 11:57 . 2008-04-14 09:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-09-01 11:57 . 2008-04-14 02:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-09-01 11:57 . 2008-04-14 09:42 10752 ------w- c:\windows\system32\smtpapi.dll
2009-09-01 11:57 . 2008-04-14 09:42 9728 ------w- c:\windows\system32\rwnh.dll
2009-09-01 11:38 . 2009-06-29 16:12 78336 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-09-01 11:37 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-09-01 11:37 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-09-01 11:37 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-01 11:37 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-01 11:37 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-01 11:37 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-01 11:37 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-01 11:37 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-01 11:37 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-01 11:36 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-01 11:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-01 11:36 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-01 11:36 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-01 11:36 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-01 11:36 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-09-01 11:30 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-01 02:47 . 2008-04-14 09:40 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2009-09-01 02:47 . 2004-08-04 02:32 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2009-09-01 02:47 . 2004-08-04 02:31 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2009-09-01 02:47 . 2008-04-14 09:41 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2009-09-01 02:47 . 2008-04-14 09:39 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
2009-09-01 02:47 . 2008-04-14 09:39 56320 -c--a-w- c:\windows\system32\dllcache\chtskdic.dll
2009-09-01 02:47 . 2008-04-14 09:39 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll
2009-09-01 02:46 . 2008-04-14 09:39 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-09-01 02:46 . 2008-04-14 02:13 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2009-09-01 02:46 . 2004-08-04 02:32 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2009-09-01 02:46 . 2004-08-04 02:31 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2009-09-01 02:45 . 2009-09-01 11:57 -------- d-----w- c:\windows\ServicePackFiles
2009-09-01 01:01 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-09-01 01:01 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-01 01:01 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-09-01 01:01 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-09-01 01:01 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-09-01 01:01 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-09-01 01:01 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-09-01 01:01 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-09-01 01:01 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-09-01 01:01 . 2001-08-17 17:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-09-01 01:01 . 2001-08-17 16:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-09-01 00:59 . 2001-08-17 17:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-09-01 00:58 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-09-01 00:57 . 2001-08-17 17:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2009-09-01 00:56 . 2001-08-17 16:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2009-09-01 00:55 . 2001-08-17 18:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2009-09-01 00:16 . 2001-08-23 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2009-09-01 00:15 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-09-01 00:14 . 2001-08-23 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-09-01 00:14 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-09-01 00:14 . 2001-08-23 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-09-01 00:14 . 2001-08-23 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-09-01 00:14 . 2001-08-23 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-09-01 00:14 . 2001-08-23 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-09-01 00:14 . 2001-08-23 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-09-01 00:14 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-09-01 00:14 . 2001-08-23 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-09-01 00:14 . 2001-08-23 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-09-01 00:13 . 2009-09-01 00:13 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2009-09-01 00:09 . 2008-04-14 09:42 131584 ----a-w- c:\windows\system32\sndrec32.exe
2009-09-01 00:02 . 2008-04-14 04:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-09-01 00:02 . 2008-04-14 04:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-08-31 23:59 . 2008-04-14 04:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-31 23:59 . 2008-04-14 04:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-08-31 23:55 . 2004-05-25 19:58 7168 ----a-w- c:\windows\system32\nvack.dll
2009-08-31 23:55 . 2004-05-25 19:58 30208 ----a-w- c:\windows\system32\nvasio.dll
2009-08-31 23:55 . 2004-05-25 19:58 53760 ----a-w- c:\windows\system32\nvopenal.dll
2009-08-31 23:55 . 2004-05-25 19:58 5120 ----a-w- c:\windows\system32\ALut.dll
2009-08-31 23:55 . 2004-05-25 19:58 21504 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-31 23:55 . 2004-05-25 19:58 962560 ----a-w- c:\windows\system32\drivers\nvmcp.sys
2009-08-31 23:55 . 2004-05-25 19:58 396032 ----a-w- c:\windows\system32\drivers\nvapu.sys
2009-08-31 23:55 . 2004-05-25 19:58 66688 ----a-w- c:\windows\system32\drivers\nvarm.sys
2009-08-31 23:55 . 2004-05-25 19:58 48640 ----a-w- c:\windows\system32\drivers\nvax.sys
2009-08-31 23:54 . 2008-04-14 09:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-08-31 23:54 . 2008-04-14 04:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-08-31 23:53 . 2008-04-14 04:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-08-31 23:53 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-08-31 23:53 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-08-31 23:53 . 2008-04-14 09:42 146432 ----a-w- c:\windows\system\winspool.drv
2009-08-31 23:53 . 2008-04-14 09:42 74752 ----a-w- c:\windows\system32\storprop.dll
2009-08-31 23:53 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-08-31 23:53 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-08-31 22:19 . 2009-08-31 22:19 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-31 22:11 . 2009-08-31 22:11 -------- d-----w- c:\program files\Trend Micro
2009-08-31 15:54 . 2009-08-31 15:54 -------- d-----w- c:\program files\Enigma Software Group
2009-08-31 14:31 . 2009-08-31 14:31 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-08-31 11:11 . 2009-08-31 12:01 -------- d-----w- C:\UBCD4Win
2009-08-31 10:09 . 2009-08-31 10:09 -------- d-----w- C:\ubcd4win35
2009-08-31 10:08 . 2009-08-31 10:14 -------- d-----w- C:\DrWeb
2009-08-31 03:10 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-31 03:10 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 03:10 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-31 03:10 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-31 03:10 . 2009-08-31 03:10 -------- d-----w- c:\program files\Avira
2009-08-31 03:10 . 2009-08-31 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 01:43 . 2009-08-31 01:43 -------- d-----w- c:\documents and settings\roy\DoctorWeb
2009-08-30 10:53 . 2009-08-30 10:53 -------- d-----w- c:\documents and settings\roy\Application Data\Desktopicon
2009-08-30 10:53 . 2009-08-31 02:23 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 14:33 . 2009-08-30 10:08 26312 ----a-w- c:\documents and settings\pat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 13:17 . 2009-09-01 13:17 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-01 00:09 . 2009-08-17 13:59 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-30 10:08 . 2009-08-30 10:08 -------- d-----w- c:\documents and settings\pat\Application Data\PCToolsFirewallPlus
2009-08-24 13:38 . 2009-08-24 13:38 47360 ----a-w- c:\documents and settings\roy\Application Data\pcouffin.sys
2009-08-22 14:34 . 2009-08-22 13:48 24 --sha-w- c:\windows\SA2D2F9F2.tmp
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-06-29 16:12 . 2001-08-23 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-08-17 15:26 78336 ------w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2001-08-23 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2001-08-23 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2001-08-23 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2001-08-23 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2001-08-23 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2001-08-23 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2007-09-17 228352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-02-09 13680640]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-02-09 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-02 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"muBlinder"="d:\mublinder\muBlinder\muBlinder.exe" [2009-04-01 1464320]

c:\documents and settings\roy\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
FSL Launcher.lnk - c:\program files\FSL\FSL_Launcher\FSL_Launcher.exe [2009-8-27 1287168]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0Partizan\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/17/2009 11:19 AM 206256]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [8/17/2009 4:25 AM 19240]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8/18/2009 11:36 AM 902592]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/17/2009 11:19 AM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/30/2009 11:10 PM 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/17/2009 11:19 AM 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/17/2009 11:19 AM 95640]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/9/2009 11:59 AM 30946]
S2 gupdate1ca1fee298fa43c;Google Update Service (gupdate1ca1fee298fa43c);c:\program files\Google\Update\GoogleUpdate.exe [8/18/2009 6:25 AM 133104]
S3 pbfilter;pbfilter;\??\c:\program files\PeerBlock\pbfilter.sys --> c:\program files\PeerBlock\pbfilter.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/1/2009 11:13 AM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 10:25]

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 10:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wlwt.com/index.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {856D7FDE-D648-4312-B328-6AD21D5ECF45} = 208.67.222.222,208.67.222.220
FF - ProfilePath - c:\documents and settings\roy\Application Data\Mozilla\Firefox\Profiles\clht4yar.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.local12.com/default.aspx
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ASUS Probe V2.20.03 - c:\windows\uninst.exe -fc:\program files\ASUS\Probe\DeIsL1.isu
AddRemove-CANONBJ_Deinstall_CNMCP58.DLL - c:\windows\system32\CNMCP58.exe -PRINTERNAMECanon i560 -HELPERDLLc:\bjprinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmis.dll
AddRemove-G.H.O.S.T - c:\windows\G.H.O.S.T



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 12:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\roy\LOCALS~1\Temp\RGI5.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-09-09 12:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-09 16:39

Pre-Run: 79,153,078,272 bytes free
Post-Run: 80,832,372,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

327 --- E O F --- 2009-08-26 03:15

#12 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 25 September 2009 - 02:19 AM



Hello again ropat,

The MBR log shows not rootkit infection, can you tell me if you had ran mbr.exe on your own and the command: mbr.exe -f from the command prompt to clean the rootkit???


-------------------------*-------------------------


Ok ropat.. Please carefully follow the next set of steps:

:) >>>You already have Combofix, I need you to delete previous copy(s) and download the latest version to your desktop.<<<

Download ComboFix from one of these locations:

Link 1
Link 2


Save ComboFix.exe to your Desktop Do not run it just yet <---- VERY IMPORTANT

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before continuing the scan. They can interfere with ComboFix and may cause unpredictable results. Note: Combofix will disconnect you from the Internet, then restore your connection as it finishes.

:) We need to run a CF Script by using ComboFix again
  • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it (Do not include the word: CODE):

    killall::
    
    Driver::
    mbr
    
    File::
    c:\docume~1\roy\locals~1\temp\mbr.sys
    
    DDS::
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    
    Rootkit::
    c:\docume~1\roy\LOCALS~1\Temp\RGI5.tmp
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    Posted Image

  • Now refering to the picture above, use your mouse to drag CFScript.text on top of ComboFix.exe
  • This will start ComboFix again. Please follow the prompts.
  • When finished, after reboot (in case it asks to reboot), it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
CAUTION: Do not mouseclick combofix's window while it is running. That may cause it to stall.

* Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


:( Lets clean up the temp files and make sure there are not any other leftovers.

Download: Posted Image to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
NOTE:
_It's normal after running TFC cleaner that the PC will be slower to boot the first time.
_TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


:) Update Malwarebytes' Anti-Malware and run a Full scan.
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
You can also find the log in the Logs tab. The bottom most log is the newest.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.Tutorial if needed

:) We need to see more information about what is happening in your machine. Please perform the following scan:

Run random's system information tool (RSIT)

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.

Download: random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Copy/Paste the contents of both log.txt and info.txt into your next post.

( Default location for both files is C:\rsit\ )

Summary of the logs I will need in your next reply:
  • The report log of ComboFix
  • The report log of MBAM.
  • The two logs of RSIT.
  • The answer to my question if you had ran mbr.exe on your own.
And a description of any remaining problems in your next post.

How is your Computer running now?.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:(

Edited by Net_Surfer, 25 September 2009 - 02:28 AM.


#13 ropat

ropat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 25 September 2009 - 07:17 AM

ComboFix 09-09-23.02 - roy 09/25/2009 5:55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1645 [GMT -4:00]
Running from: c:\documents and settings\roy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\roy\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\docume~1\roy\locals~1\temp\mbr.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MBR
-------\Service_mbr


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-24 15:25 . 2009-09-24 15:25 71680 ----a-w- C:\mbr.exe
2009-09-17 11:27 . 2009-09-17 11:27 -------- d-----w- c:\program files\Uniblue
2009-09-13 12:07 . 2009-09-13 12:07 -------- d-----w- c:\program files\Auslogics
2009-09-12 10:37 . 2009-09-12 10:38 -------- d-----w- c:\program files\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-12 10:37 . 2009-09-12 10:37 -------- d-----w- c:\windows\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-10 22:49 . 2009-09-10 22:49 -------- d-----w- c:\documents and settings\roy\Application Data\Office Genuine Advantage
2009-09-10 19:12 . 2009-09-10 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-10 17:04 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-10 17:04 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-09-10 17:04 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-09-09 22:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 15:59 . 2009-09-09 15:59 2 --shatr- c:\windows\winstart.bat
2009-09-09 15:59 . 2005-04-03 19:02 8944 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-09-09 15:59 . 2009-09-10 02:21 -------- d-----w- c:\program files\UnHackMe
2009-09-08 16:35 . 2009-09-08 16:35 -------- d-----w- c:\program files\ERUNT
2009-09-07 01:00 . 2009-09-10 10:40 -------- d-----w- C:\rsit
2009-09-04 14:33 . 2009-09-04 14:33 -------- d-----w- c:\documents and settings\pat\Application Data\Nero
2009-09-03 01:36 . 2009-09-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-02 14:52 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 14:52 . 2009-09-02 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 14:52 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 14:07 . 2009-09-10 10:40 -------- d-----w- C:\HiJackThis
2009-09-02 14:05 . 2009-09-19 23:14 -------- d-----w- C:\HJT
2009-09-02 10:46 . 2009-09-02 10:46 -------- d-----w- c:\documents and settings\roy\Application Data\OpenOffice.org
2009-09-02 02:34 . 2009-09-02 02:34 -------- d-----w- c:\program files\JRE
2009-09-02 02:34 . 2009-09-02 02:34 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-01 15:13 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 15:13 . 2009-09-13 21:50 -------- d-----w- c:\program files\Spyware Doctor
2009-09-01 15:13 . 2009-09-01 15:13 -------- d-----w- c:\documents and settings\roy\Application Data\PC Tools
2009-09-01 15:13 . 2009-09-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-01 12:42 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-09-01 12:40 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-09-01 11:57 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-09-01 11:57 . 2008-04-14 09:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-09-01 11:57 . 2008-04-14 02:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-09-01 11:57 . 2008-04-14 09:42 10752 ------w- c:\windows\system32\smtpapi.dll
2009-09-01 11:57 . 2008-04-14 09:42 9728 ------w- c:\windows\system32\rwnh.dll
2009-09-01 11:38 . 2009-06-29 16:12 78336 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-09-01 11:37 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-09-01 11:37 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-09-01 11:37 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-01 11:37 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-01 11:37 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-01 11:37 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-01 11:37 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-01 11:37 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-01 11:37 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-01 11:36 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-01 11:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-01 11:36 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-01 11:36 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-01 11:36 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-01 11:36 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-09-01 11:30 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-01 02:47 . 2008-04-14 09:40 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2009-09-01 02:47 . 2004-08-04 02:32 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2009-09-01 02:47 . 2004-08-04 02:31 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2009-09-01 02:47 . 2008-04-14 09:41 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2009-09-01 02:47 . 2008-04-14 09:39 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
2009-09-01 02:47 . 2008-04-14 09:39 56320 -c--a-w- c:\windows\system32\dllcache\chtskdic.dll
2009-09-01 02:47 . 2008-04-14 09:39 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll
2009-09-01 02:46 . 2008-04-14 09:39 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-09-01 02:46 . 2008-04-14 02:13 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2009-09-01 02:46 . 2004-08-04 02:32 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2009-09-01 02:46 . 2004-08-04 02:31 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2009-09-01 02:45 . 2009-09-01 11:57 -------- d-----w- c:\windows\ServicePackFiles
2009-09-01 01:01 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-09-01 01:01 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-01 01:01 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-09-01 01:01 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-09-01 01:01 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-09-01 01:01 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-09-01 01:01 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-09-01 01:01 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-09-01 01:01 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-09-01 01:01 . 2001-08-17 17:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-09-01 01:01 . 2001-08-17 16:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-09-01 00:59 . 2001-08-17 17:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-09-01 00:58 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-09-01 00:57 . 2001-08-17 17:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2009-09-01 00:56 . 2001-08-17 16:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2009-09-01 00:55 . 2001-08-17 18:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2009-09-01 00:16 . 2001-08-23 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2009-09-01 00:15 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-09-01 00:14 . 2001-08-23 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-09-01 00:14 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-09-01 00:14 . 2001-08-23 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-09-01 00:14 . 2001-08-23 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-09-01 00:14 . 2001-08-23 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-09-01 00:14 . 2001-08-23 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-09-01 00:14 . 2001-08-23 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-09-01 00:14 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-09-01 00:14 . 2001-08-23 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-09-01 00:14 . 2001-08-23 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-09-01 00:13 . 2009-09-01 00:13 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2009-09-01 00:09 . 2008-04-14 09:42 131584 ----a-w- c:\windows\system32\sndrec32.exe
2009-09-01 00:02 . 2008-04-14 04:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-09-01 00:02 . 2008-04-14 04:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-08-31 23:59 . 2008-04-14 04:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-31 23:59 . 2008-04-14 04:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-08-31 23:55 . 2004-05-25 19:58 7168 ----a-w- c:\windows\system32\nvack.dll
2009-08-31 23:55 . 2004-05-25 19:58 30208 ----a-w- c:\windows\system32\nvasio.dll
2009-08-31 23:55 . 2004-05-25 19:58 53760 ----a-w- c:\windows\system32\nvopenal.dll
2009-08-31 23:55 . 2004-05-25 19:58 5120 ----a-w- c:\windows\system32\ALut.dll
2009-08-31 23:55 . 2004-05-25 19:58 21504 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-31 23:55 . 2004-05-25 19:58 962560 ----a-w- c:\windows\system32\drivers\nvmcp.sys
2009-08-31 23:55 . 2004-05-25 19:58 396032 ----a-w- c:\windows\system32\drivers\nvapu.sys
2009-08-31 23:55 . 2004-05-25 19:58 66688 ----a-w- c:\windows\system32\drivers\nvarm.sys
2009-08-31 23:55 . 2004-05-25 19:58 48640 ----a-w- c:\windows\system32\drivers\nvax.sys
2009-08-31 23:54 . 2008-04-14 09:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-08-31 23:54 . 2008-04-14 04:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-08-31 23:53 . 2008-04-14 04:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-08-31 23:53 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-08-31 23:53 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-08-31 23:53 . 2008-04-14 09:42 146432 ----a-w- c:\windows\system\winspool.drv
2009-08-31 23:53 . 2008-04-14 09:42 74752 ----a-w- c:\windows\system32\storprop.dll
2009-08-31 23:53 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-08-31 23:53 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-08-31 22:19 . 2009-08-31 22:19 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-31 22:11 . 2009-08-31 22:11 -------- d-----w- c:\program files\Trend Micro
2009-08-31 15:54 . 2009-08-31 15:54 -------- d-----w- c:\program files\Enigma Software Group
2009-08-31 14:31 . 2009-08-31 14:31 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-08-31 11:11 . 2009-08-31 12:01 -------- d-----w- C:\UBCD4Win
2009-08-31 10:09 . 2009-08-31 10:09 -------- d-----w- C:\ubcd4win35
2009-08-31 10:08 . 2009-08-31 10:14 -------- d-----w- C:\DrWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 10:02 . 2009-08-17 15:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 17:48 . 2009-08-18 10:00 -------- d-----w- c:\documents and settings\roy\Application Data\uTorrent
2009-09-10 19:09 . 2009-09-10 16:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 16:43 . 2009-08-17 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-07 02:09 . 2009-08-17 15:19 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-04 14:33 . 2009-08-30 10:08 26312 ----a-w- c:\documents and settings\pat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 09:44 . 2009-08-17 15:19 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-09-02 09:28 . 2009-08-17 15:30 26312 ----a-w- c:\documents and settings\roy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 02:34 . 2009-08-17 22:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-01 15:08 . 2009-08-17 15:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-01 13:17 . 2009-09-01 13:17 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-01 00:09 . 2009-08-17 13:59 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-31 02:57 . 2009-08-17 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-30 10:08 . 2009-08-30 10:08 -------- d-----w- c:\documents and settings\pat\Application Data\PCToolsFirewallPlus
2009-08-30 10:08 . 2009-08-17 15:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-30 02:19 . 2009-08-19 10:05 -------- d-----w- c:\program files\DVD Profiler
2009-08-27 12:26 . 2009-08-17 14:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-27 01:16 . 2009-08-22 01:22 -------- d-----w- c:\documents and settings\roy\Application Data\Pegasys Inc
2009-08-27 01:15 . 2009-08-22 01:18 -------- d-----w- c:\program files\Pegasys Inc
2009-08-27 01:15 . 2009-08-22 01:18 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2009-08-27 01:15 . 2009-08-22 01:18 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2009-08-26 22:17 . 2009-08-18 10:24 -------- d-----w- c:\program files\DivX
2009-08-26 02:25 . 2009-08-26 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-08-25 17:53 . 2009-08-25 17:53 -------- d-----w- c:\program files\Curse of the Pharaoh Napoleons Secret
2009-08-25 13:13 . 2009-08-24 13:38 -------- d-----w- c:\documents and settings\roy\Application Data\Vso
2009-08-25 13:09 . 2009-08-25 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-24 23:04 . 2009-08-24 23:04 232712 ----a-w- c:\windows\system32\PDBoot.exe
2009-08-24 17:54 . 2009-08-24 17:54 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-24 16:43 . 2009-08-24 16:42 -------- d-----w- c:\documents and settings\roy\Application Data\NeroDCTemplates
2009-08-24 16:03 . 2009-08-24 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-24 13:38 . 2009-08-24 13:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-24 13:38 . 2009-08-24 13:38 47360 ----a-w- c:\documents and settings\roy\Application Data\pcouffin.sys
2009-08-24 13:38 . 2009-08-24 12:56 -------- d-----w- c:\program files\vso
2009-08-24 12:45 . 2009-08-24 12:45 -------- d-----w- c:\program files\DVD Shrink
2009-08-23 21:15 . 2009-08-23 21:15 -------- d-----w- c:\program files\LopeSoft
2009-08-23 20:21 . 2009-08-23 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-08-23 20:21 . 2009-08-23 20:21 -------- d-----w- c:\program files\Raxco
2009-08-23 17:10 . 2009-08-23 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-23 13:12 . 2009-08-23 13:12 -------- d-----w- c:\program files\LightScribe
2009-08-23 13:04 . 2009-08-23 13:04 -------- d-----w- c:\program files\LightScribe Template Labeler
2009-08-23 12:59 . 2009-08-23 12:59 -------- d-----w- c:\program files\Common Files\LightScribe
2009-08-22 16:27 . 2009-08-22 16:27 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-22 14:34 . 2009-08-22 13:48 24 --sha-w- c:\windows\SA2D2F9F2.tmp
2009-08-22 13:52 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Elaborate Bytes
2009-08-22 13:48 . 2009-08-22 13:48 -------- d-----w- c:\program files\Elaborate Bytes
2009-08-22 13:47 . 2009-08-22 13:47 -------- d-----w- c:\program files\SlySoft
2009-08-22 12:45 . 2009-08-22 12:45 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-22 12:45 . 2009-08-22 12:45 -------- d-----w- c:\program files\AnswersThatWork
2009-08-22 01:47 . 2009-08-22 01:47 -------- d-----w- c:\documents and settings\roy\Application Data\LEAPS
2009-08-22 01:18 . 2009-08-22 01:18 33408 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-08-22 01:18 . 2009-08-17 14:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-20 16:05 . 2009-08-20 16:03 -------- d-----w- c:\program files\Fast AVI MPEG Joiner
2009-08-20 15:11 . 2009-08-20 15:11 73232 ----a-w- c:\windows\system32\drivers\DefragFs.sys
2009-08-20 12:58 . 2009-08-19 09:36 -------- d-----w- c:\program files\EMDB
2009-08-20 02:23 . 2009-08-20 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-08-20 02:10 . 2009-08-20 02:10 -------- d-----w- c:\program files\Yard Sale Hidden Treasures - Lucky Junction
2009-08-20 00:46 . 2009-08-20 00:46 -------- d-----w- c:\documents and settings\roy\Application Data\3 Days Zoo Mystery
2009-08-19 19:27 . 2009-08-19 19:25 -------- d-----w- c:\documents and settings\roy\Application Data\ifns
2009-08-19 19:24 . 2009-08-19 19:24 -------- d-----w- c:\program files\ifns
2009-08-19 15:52 . 2009-08-19 15:52 -------- d-----w- c:\program files\Jigsaw Puzzle Platinum Edition
2009-08-19 15:15 . 2009-08-19 15:15 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-19 15:15 . 2009-08-19 15:15 -------- d-----w- c:\program files\Seagate
2009-08-19 15:15 . 2009-08-19 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-08-19 03:27 . 2009-08-19 02:21 -------- d-----w- c:\program files\CD Storage Master
2009-08-19 01:08 . 2009-08-19 01:08 -------- d-----w- c:\program files\MSXML 4.0
2009-08-18 23:43 . 2009-08-18 23:43 -------- d-----w- c:\documents and settings\roy\Application Data\Malwarebytes
2009-08-18 23:43 . 2009-08-18 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 23:27 . 2009-08-18 23:27 -------- d-----w- c:\program files\Collectorz.com
2009-08-18 20:50 . 2009-08-18 20:50 -------- d-----w- c:\documents and settings\roy\Application Data\SpinTop Games
2009-08-18 17:01 . 2009-08-18 17:01 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-08-18 15:36 . 2009-08-18 15:36 902592 ----a-w- c:\windows\system32\drivers\tdrpm228.sys
2009-08-18 15:36 . 2009-08-18 15:36 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-18 15:36 . 2009-08-18 15:36 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-18 15:36 . 2009-08-18 15:36 138208 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-18 15:36 . 2009-08-18 15:36 -------- d-----w- c:\program files\Common Files\Acronis
2009-08-18 15:36 . 2009-08-18 15:36 -------- d-----w- c:\program files\Acronis
2009-08-18 14:53 . 2009-08-18 14:53 -------- d-----w- c:\program files\QuickPar
2009-08-18 14:39 . 2009-08-18 14:39 -------- d-----w- c:\program files\MSECache
2009-08-18 13:50 . 2009-08-18 13:50 -------- d-----w- c:\program files\QuickTime Alternative
2009-08-18 13:50 . 2009-08-18 13:50 -------- d-----w- c:\program files\Media Player Classic
2009-08-18 13:46 . 2009-08-18 13:46 -------- d-----w- c:\program files\WinAVI Video Converter
2009-08-18 13:31 . 2009-08-18 13:31 -------- d-----w- c:\documents and settings\roy\Application Data\Nero
2009-08-18 13:30 . 2009-08-18 13:30 -------- d-----w- c:\program files\Common Files\Nero
2009-08-18 13:30 . 2009-08-18 13:30 -------- d-----w- c:\program files\Nero
2009-08-18 13:30 . 2009-08-18 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-18 13:06 . 2009-08-18 13:06 -------- d-----w- c:\documents and settings\roy\Application Data\DivX
2009-08-18 13:01 . 2009-08-18 02:32 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-18 10:53 . 2009-08-18 10:53 0 ----a-w- c:\windows\nsreg.dat
2009-08-18 10:25 . 2009-08-18 10:25 -------- d-----w- c:\program files\Google
2009-08-18 10:25 . 2009-08-18 10:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-18 10:01 . 2009-08-18 10:01 -------- d-----w- c:\program files\uTorrent
2009-08-18 09:51 . 2009-08-18 09:51 -------- d-----w- c:\documents and settings\roy\Application Data\Windows Search
2009-08-18 03:00 . 2009-08-18 03:00 -------- d-----w- c:\documents and settings\roy\Application Data\Aisle 5 Games, Inc
2009-08-18 02:57 . 2009-08-18 02:57 4096 ----a-w- c:\windows\d3dx.dat
2009-08-18 02:57 . 2009-08-17 20:32 -------- d-----w- c:\program files\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
2009-08-18 02:38 . 2009-08-18 02:38 -------- d-----w- c:\program files\MSBuild
2009-08-18 02:37 . 2009-08-18 02:37 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 22:37 . 2009-08-17 22:37 -------- d-----w- c:\program files\Belarc
2009-08-17 22:19 . 2009-08-17 22:19 -------- d-----w- c:\program files\7-Zip
2009-08-17 21:59 . 2009-08-17 21:59 -------- d-----w- c:\program files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-02-09 13680640]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-02-09 86016]
"muBlinder"="d:\mublinder\muBlinder\muBlinder.exe" [2009-04-01 1464320]

c:\documents and settings\roy\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
FSL Launcher.lnk - c:\program files\FSL\FSL_Launcher\FSL_Launcher.exe [2009-8-27 1287168]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/17/2009 11:19 AM 206256]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [8/17/2009 4:25 AM 19240]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8/18/2009 11:36 AM 902592]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/17/2009 11:19 AM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/30/2009 11:10 PM 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/17/2009 11:19 AM 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/17/2009 11:19 AM 95640]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\roy\Local Settings\Temporary Internet Files\Content.IE5\U67EG8T3\SABKUTIL.sys --> c:\documents and settings\roy\Local Settings\Temporary Internet Files\Content.IE5\U67EG8T3\SABKUTIL.sys [?]
S2 gupdate1ca1fee298fa43c;Google Update Service (gupdate1ca1fee298fa43c);c:\program files\Google\Update\GoogleUpdate.exe [8/18/2009 6:25 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/2/2009 10:52 AM 38160]
S3 pbfilter;pbfilter;\??\c:\program files\PeerBlock\pbfilter.sys --> c:\program files\PeerBlock\pbfilter.sys [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/1/2009 11:13 AM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 10:25]

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 10:25]

2009-09-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wlwt.com/index.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {856D7FDE-D648-4312-B328-6AD21D5ECF45} = 208.67.222.222,208.67.222.220
FF - ProfilePath - c:\documents and settings\roy\Application Data\Mozilla\Firefox\Profiles\clht4yar.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.local12.com/default.aspx
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-G.H.O.S.T - c:\windows\G.H.O.S.T



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 06:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-09-25 6:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 10:04
ComboFix2.txt 2009-09-09 16:39

Pre-Run: 79,356,116,992 bytes free
Post-Run: 79,535,747,072 bytes free

389 --- E O F --- 2009-09-10 16:42
info.txt logfile of random's system information tool 1.06 2009-09-25 07:43:37

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3 Days Zoo Mystery-->"C:\WINDOWS\3 Days Zoo Mystery\uninstall.exe" "/U:C:\Program Files\3 Days Zoo Mystery\Uninstall\uninstall.xml"
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acronis True Image Home-->MsiExec.exe /X{D1E0E859-F46D-4708-A41D-ED90C0C1822A}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Amazing Heists - Dillinger-->"C:\WINDOWS\Amazing Heists - Dillinger\uninstall.exe" "/U:C:\Program Files\Amazing Heists - Dillinger\Uninstall\uninstall.xml"
Atomic Clock Sync-->C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
Auslogics Duplicate File Finder-->"C:\Program Files\Auslogics\Auslogics Duplicate File Finder\unins000.exe"
AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
BulkEdit 1.24-->"C:\Program Files\DVD Profiler\plugins\BulkEdit\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CodecInstaller 2.10.2-->C:\Program Files\JockerSoft\CodecInstaller\uninst.exe
Collectorz.com Movie Collector-->C:\PROGRA~1\COLLEC~1.COM\MOVIEC~1\UNWISE.EXE C:\PROGRA~1\COLLEC~1.COM\MOVIEC~1\install.log
ConvertXtoDVD 3 english manual-->"C:\Program Files\vso\convertx\3\unins001.exe"
ConvertXtoDVD 3.8.0.193d-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Curse of the Pharaoh Napoleons Secret-->"C:\WINDOWS\Curse of the Pharaoh Napoleons Secret\uninstall.exe" "/U:C:\Program Files\Curse of the Pharaoh Napoleons Secret\Uninstall\uninstall.xml"
DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivXMuxGUI-->MsiExec.exe /I{554D8A8E-55F6-4755-8939-E634273476F4}
DivxToDVD 0.5.2b-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
Drive Manager-->"C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager-->MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EMDB 0.86-->"C:\Program Files\EMDB\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fast AVI MPEG Joiner 1.1.2-->"C:\Program Files\Fast AVI MPEG Joiner\unins000.exe"
FileMenu Tools-->"C:\Program Files\LopeSoft\FileMenu Tools\unins000.exe"
FSL Launcher 1.1.4.4 SR1-->"C:\Program Files\FSL\FSL_Launcher\unins000.exe"
G.H.O.S.T Chronicles - Phantom of the Renaissance Faire-->"C:\WINDOWS\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire\uninstall.exe" "/U:C:\Program Files\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire\Uninstall\uninstall.xml"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.21\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Instant File Name Search 1.7.5-->"C:\Program Files\ifns\UnRun.exe" "C:\Program Files\ifns\Uninst.exe"
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JeniuS-->"C:\Program Files\JockerSoft\JeniuS\UninsHs.exe" /u={0ED6FD58-C3D5-4BD8-95CD-A1D84D3AA1A5}
Jigsaw Puzzle Platinum Edition-->C:\PROGRA~1\JIGSAW~1\UNWISE.EXE C:\PROGRA~1\JIGSAW~1\INSTALL.LOG
LightScribe Applications-->MsiExec.exe /X{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}
LightScribe System Software-->MsiExec.exe /X{82EF29B1-9B60-4142-A155-0599216DD053}
LightScribe Template Labeler-->MsiExec.exe /X{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Midnight Mysteries - The Edgar Allan Poe Conspiracy-->"C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy\uninstall.exe" "/U:C:\Program Files\Midnight Mysteries - The Edgar Allan Poe Conspiracy\Uninstall\uninstall.xml"
Movienizer 2.1-->"C:\Program Files\Movienizer\unins000.exe"
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Drivers 3.11-->C:\PROGRA~1\MYDRIV~1\UNWISE.EXE C:\PROGRA~1\MYDRIV~1\INSTALL.LOG
Mystery P I The New York Fortune-->"C:\WINDOWS\Mystery P I The New York Fortune\uninstall.exe" "/U:C:\Program Files\Mystery P I The New York Fortune\Uninstall\uninstall.xml"
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Windows 2000/XP nForce Drivers-->rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
PC Tools Firewall Plus 5.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
PerfectDisk 10 Professional-->MsiExec.exe /I{7B738CD9-D107-48C7-8E65-2E6639A39C8D}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime Alternative 1.47-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.9.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tahiti Hidden Pearl-->"C:\WINDOWS\Tahiti Hidden Pearl\uninstall.exe" "/U:C:\Program Files\Tahiti Hidden Pearl\Uninstall\uninstall.xml"
The Ultimate Troubleshooter-->C:\PROGRA~1\ANSWER~1\TROUBL~1\UNWISE.EXE C:\PROGRA~1\ANSWER~1\TROUBL~1\INSTALL.LOG
TMPGEnc 4.0 XPress-->MsiExec.exe /I{AB212B59-FF45-4C18-B369-F630CB268DAF}
TMPGEnc DVD Author 3 with DivX Authoring-->MsiExec.exe /I{4EF35707-7052-4331-B8FD-549DB3922AD7}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UBCD4Win 3.50-->"C:\UBCD4Win\unins000.exe"
UnHackMe 4.80 beta-->"C:\Program Files\UnHackMe\unins000.exe"
Uniblue ProcessScanner-->"C:\Program Files\Uniblue\ProcessScanner\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yard Sale Hidden Treasures - Lucky Junction-->"C:\WINDOWS\Yard Sale Hidden Treasures - Lucky Junction\uninstall.exe" "/U:C:\Program Files\Yard Sale Hidden Treasures - Lucky Junction\Uninstall\uninstall.xml"

=====HijackThis Backups=====

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) [2009-09-08]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) [2009-09-08]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-09-08]
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) [2009-09-08]

======Security center information======

AV: AntiVir Desktop
FW: PC Tools Firewall Plus

======System event log======

Computer Name: MYCOMPUTER
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
AmdK7
avgio
avipbb
BANTExt
ElbyCDIO
Fips
SASDIFSV
SASKUTIL
ssmdrv

Record Number: 1108
Source Name: Service Control Manager
Time Written: 20090901103609.000000-240
Event Type: error
User:

Computer Name: MYCOMPUTER
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 1107
Source Name: DCOM
Time Written: 20090901103438.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MYCOMPUTER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 1100
Source Name: Tcpip
Time Written: 20090901103312.000000-240
Event Type: warning
User:

Computer Name: MYCOMPUTER
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Genuine Advantage Notification (KB905474).

Record Number: 938
Source Name: Windows Update Agent
Time Written: 20090901082025.000000-240
Event Type: error
User:

Computer Name: MYCOMPUTER
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 888
Source Name: Print
Time Written: 20090901080350.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: MYCOMPUTER
Event Code: 4113
Message: AntiVir has detected 'TR/Renaz.193521'
in the file
E:\System Volume Information\_restore{3B6ECD32-8CD7-4D57-9043-BBBCEDCF51EE}\RP1\A0000034.exe

Record Number: 758
Source Name: Avira AntiVir
Time Written: 20090831162228.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MYCOMPUTER
Event Code: 4113
Message: AntiVir has detected 'TR/Renaz.193521'
in the file
E:\System Volume Information\_restore{3B6ECD32-8CD7-4D57-9043-BBBCEDCF51EE}\RP1\A0000034.exe

Record Number: 757
Source Name: Avira AntiVir
Time Written: 20090831151201.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MYCOMPUTER
Event Code: 4113
Message: AntiVir has detected 'TR/Renaz.193521'
in the file
E:\System Volume Information\_restore{3B6ECD32-8CD7-4D57-9043-BBBCEDCF51EE}\RP1\A0000034.exe

Record Number: 756
Source Name: Avira AntiVir
Time Written: 20090831145157.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MYCOMPUTER
Event Code: 1001
Message: Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{A6C8A50F-4808-43A4-A147-ACAA2598DE52}'

Record Number: 743
Source Name: MsiInstaller
Time Written: 20090831134856.000000-240
Event Type: warning
User: MYCOMPUTER\roy

Computer Name: MYCOMPUTER
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16876, faulting module 690970de.x86.dll, version 0.0.0.0, fault address 0x00004182.

Record Number: 731
Source Name: Application Error
Time Written: 20090831112941.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\DivX Shared;C:\Program Files\Common Files\Acronis\SnapAPI;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by roy at 2009-09-25 07:43:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 76 GB (69%) free of 111 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43:36, on 9/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\RSIT.exe
C:\HiJackThis\roy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlwt.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [muBlinder] D:\MUBlinder\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: FSL Launcher.lnk = C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1250561865703
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{856D7FDE-D648-4312-B328-6AD21D5ECF45}: NameServer = 208.67.222.222,208.67.222.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Update Service (gupdate1ca1fee298fa43c) (gupdate1ca1fee298fa43c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8510 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-01 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-06-22 4355464]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2009-02-09 13680640]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"basicsmssmenu"=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2009-06-22 960568]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-06-22 377248]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2009-02-09 86016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"muBlinder"=D:\MUBlinder\muBlinder\muBlinder.exe [2009-04-01 1464320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\roy\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
FSL Launcher.lnk - C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-25 06:05:35 ----SHD---- C:\RECYCLER
2009-09-25 06:04:38 ----A---- C:\ComboFix.txt
2009-09-25 05:59:26 ----D---- C:\WINDOWS\temp
2009-09-25 05:54:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-25 05:54:27 ----D---- C:\ComboFix
2009-09-24 11:25:46 ----A---- C:\mbr.exe
2009-09-17 07:27:45 ----D---- C:\Program Files\Uniblue
2009-09-13 08:07:48 ----D---- C:\Program Files\Auslogics
2009-09-12 06:37:48 ----D---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-12 06:37:48 ----D---- C:\Program Files\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-12 06:37:12 ----A---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy Uninstall Log.txt
2009-09-10 18:49:39 ----D---- C:\Documents and Settings\roy\Application Data\Office Genuine Advantage
2009-09-10 15:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-09-10 12:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 12:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-10 12:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\zh-TW
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\zh-HK
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\tr-TR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\sv-SE
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\pt-BR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\nl-NL
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\nb-NO
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\ko-KR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\it-IT
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\he-IL
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\fr-FR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\fi-FI
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\es-ES
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\el-GR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\de-DE
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\da-DK
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\ar-SA
2009-09-10 12:27:35 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 12:47:39 ----A---- C:\RootRepeal report 09-09-09 (12-47-39).txt
2009-09-09 12:25:48 ----A---- C:\Boot.bak
2009-09-09 12:25:45 ----RASHD---- C:\cmdcons
2009-09-09 12:24:57 ----A---- C:\WINDOWS\zip.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\SWSC.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\SWREG.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\sed.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\PEV.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\grep.exe
2009-09-09 12:24:34 ----AD---- C:\Qoobox
2009-09-09 12:01:47 ----A---- C:\WINDOWS\Partizan.txt
2009-09-09 12:01:26 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2009-09-09 11:59:16 ----RASHOT---- C:\WINDOWS\winstart.bat
2009-09-09 11:59:02 ----D---- C:\Program Files\UnHackMe
2009-09-09 08:49:56 ----A---- C:\RootRepeal report 09-09-09 (08-49-56).txt
2009-09-08 12:36:53 ----D---- C:\WINDOWS\ERDNT
2009-09-08 12:35:18 ----D---- C:\Program Files\ERUNT
2009-09-08 10:06:25 ----A---- C:\RootRepeal report 09-08-09 (10-06-25).txt
2009-09-08 10:01:24 ----A---- C:\RootRepeal report 09-08-09 (10-01-24).txt
2009-09-06 21:00:16 ----D---- C:\rsit
2009-09-02 21:36:02 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2009-09-02 10:52:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-02 10:07:26 ----D---- C:\HiJackThis
2009-09-02 10:05:32 ----D---- C:\HJT
2009-09-02 09:34:59 ----A---- C:\RootRepeal report 09-02-09 (09-34-59).txt
2009-09-02 06:46:40 ----D---- C:\Documents and Settings\roy\Application Data\OpenOffice.org
2009-09-01 22:34:39 ----D---- C:\Program Files\JRE
2009-09-01 22:34:35 ----D---- C:\Program Files\OpenOffice.org 3
2009-09-01 22:34:21 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-01 22:34:21 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-01 22:34:21 ----A---- C:\WINDOWS\system32\java.exe
2009-09-01 11:39:07 ----A---- C:\WINDOWS\system32\KDSInterface.txt
2009-09-01 11:13:21 ----D---- C:\Program Files\Spyware Doctor
2009-09-01 11:13:21 ----D---- C:\Documents and Settings\roy\Application Data\PC Tools
2009-09-01 11:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-09-01 08:02:41 ----D---- C:\WINDOWS\Prefetch
2009-09-01 07:57:04 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-09-01 07:57:04 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-09-01 07:30:35 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-01 07:30:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-31 23:14:06 ----HDC---- C:\WINDOWS\ie7
2009-08-31 23:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-08-31 22:45:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-31 22:42:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-08-31 20:10:44 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-31 20:10:23 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-08-31 20:10:23 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-31 20:10:17 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-08-31 20:10:17 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-31 20:10:17 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-31 20:10:14 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-31 20:10:14 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-31 20:10:13 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-31 20:10:12 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-08-31 20:10:12 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-31 20:09:34 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-31 20:09:34 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-31 20:09:32 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-31 20:09:31 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-31 20:09:23 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-31 20:09:23 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-31 20:09:23 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-31 20:09:22 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\nvopenal.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\nvasio.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\nvack.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\ALut.dll
2009-08-31 19:54:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-31 19:53:44 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-31 19:53:43 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-31 19:53:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-31 18:11:59 ----D---- C:\Program Files\Trend Micro
2009-08-31 14:07:27 ----A---- C:\avenger.txt
2009-08-31 11:54:24 ----D---- C:\Program Files\Enigma Software Group
2009-08-31 07:11:22 ----D---- C:\UBCD4Win
2009-08-31 06:09:29 ----D---- C:\ubcd4win35
2009-08-31 06:08:17 ----D---- C:\DrWeb
2009-08-30 23:10:54 ----D---- C:\Program Files\Avira
2009-08-30 23:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-30 20:38:26 ----A---- C:\WINDOWS\system32\tmp.txt
2009-08-30 20:38:22 ----A---- C:\rapport.txt
2009-08-30 06:53:41 ----D---- C:\Documents and Settings\roy\Application Data\Desktopicon
2009-08-30 06:53:39 ----D---- C:\Program Files\Unlocker
2009-08-30 06:18:38 ----D---- C:\WINDOWS\pss
2009-08-30 04:22:56 ----D---- C:\Documents and Settings\roy\Application Data\Yahoo!
2009-08-30 04:22:54 ----D---- C:\Program Files\Yahoo!
2009-08-30 04:22:49 ----D---- C:\Program Files\CCleaner
2009-08-30 03:47:17 ----D---- C:\$AVG8.VAULT$
2009-08-29 23:06:28 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-29 23:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2009-08-29 23:04:05 ----A---- C:\caisslog.txt
2009-08-29 15:05:02 ----D---- C:\Documents and Settings\roy\Application Data\Movienizer
2009-08-29 15:04:59 ----D---- C:\Program Files\Movienizer
2009-08-29 09:28:35 ----D---- C:\Program Files\Real Alternative
2009-08-29 09:28:35 ----D---- C:\Documents and Settings\roy\Application Data\Real
2009-08-29 09:28:35 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-08-29 09:28:35 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-08-29 09:28:35 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-08-29 09:28:35 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-08-29 03:21:52 ----D---- C:\Documents and Settings\roy\Application Data\JockerSoft
2009-08-29 03:14:43 ----D---- C:\Program Files\JockerSoft
2009-08-27 08:04:15 ----D---- C:\Program Files\FSL
2009-08-27 04:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 04:50:04 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-27 04:50:03 ----D---- C:\Documents and Settings\roy\Application Data\SUPERAntiSpyware.com
2009-08-27 04:49:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-26 11:11:01 ----D---- C:\Documents and Settings\roy\Application Data\DivXMuxGui
2009-08-26 11:01:32 ----D---- C:\Program Files\Atomic Clock Sync

======List of files/folders modified in the last 1 months======

2009-09-25 07:36:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-25 07:32:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-25 07:31:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-25 06:19:40 ----D---- C:\WINDOWS\system32\drivers
2009-09-25 06:05:35 ----D---- C:\WINDOWS\system32
2009-09-25 06:05:35 ----AD---- C:\WINDOWS
2009-09-25 06:02:18 ----A---- C:\WINDOWS\system.ini
2009-09-25 06:00:53 ----D---- C:\WINDOWS\system32\config
2009-09-25 05:58:17 ----D---- C:\WINDOWS\AppPatch
2009-09-25 05:58:12 ----D---- C:\Program Files\Common Files
2009-09-23 13:48:45 ----D---- C:\Documents and Settings\roy\Application Data\uTorrent
2009-09-20 18:03:12 ----SHD---- C:\WINDOWS\Installer
2009-09-17 07:27:45 ----RD---- C:\Program Files
2009-09-17 07:22:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-17 04:19:43 ----D---- C:\Program Files\Mozilla Firefox
2009-09-12 06:38:18 ----A---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy Setup Log.txt
2009-09-10 15:08:20 ----D---- C:\WINDOWS\security
2009-09-10 13:04:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-10 13:04:20 ----HD---- C:\WINDOWS\inf
2009-09-10 13:04:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-10 12:28:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 12:27:54 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 12:27:41 ----SD---- C:\WINDOWS\Tasks
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\en-us
2009-09-09 12:52:48 ----D---- C:\Downloads
2009-09-09 12:25:48 ----RASH---- C:\boot.ini
2009-09-08 12:43:11 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-07 22:45:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-07 22:41:34 ----D---- C:\Program Files\Registry Mechanic
2009-09-07 12:00:06 ----D---- C:\WINDOWS\Help
2009-09-07 12:00:01 ----RSD---- C:\WINDOWS\Fonts
2009-09-03 05:44:37 ----D---- C:\Program Files\PC Tools Firewall Plus
2009-09-01 22:35:15 ----RSD---- C:\WINDOWS\assembly
2009-09-01 22:34:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-01 11:08:51 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-01 08:39:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-01 08:31:21 ----A---- C:\WINDOWS\win.ini
2009-09-01 08:30:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-01 08:23:03 ----D---- C:\Program Files\Internet Explorer
2009-09-01 08:21:21 ----D---- C:\WINDOWS\WinSxS
2009-09-01 08:21:00 ----D---- C:\WINDOWS\ie7updates
2009-09-01 08:15:55 ----D---- C:\Program Files\Messenger
2009-09-01 08:02:58 ----A---- C:\WINDOWS\setuplog.txt
2009-09-01 08:02:21 ----D---- C:\WINDOWS\system32\wbem
2009-09-01 08:02:21 ----D---- C:\WINDOWS\system32\Setup
2009-09-01 07:57:04 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-01 07:57:00 ----D---- C:\WINDOWS\peernet
2009-09-01 07:57:00 ----D---- C:\Program Files\Movie Maker
2009-09-01 07:54:34 ----D---- C:\WINDOWS\system32\Restore
2009-09-01 07:54:34 ----D---- C:\WINDOWS\system32\npp
2009-09-01 07:54:32 ----D---- C:\WINDOWS\msagent
2009-09-01 07:54:31 ----D---- C:\WINDOWS\srchasst
2009-09-01 07:54:30 ----D---- C:\WINDOWS\ime
2009-09-01 07:54:29 ----D---- C:\Program Files\NetMeeting
2009-09-01 07:54:28 ----D---- C:\WINDOWS\system32\Com
2009-09-01 07:54:26 ----D---- C:\Program Files\Windows NT
2009-09-01 07:54:26 ----D---- C:\Program Files\Windows Media Player
2009-09-01 07:54:26 ----D---- C:\Program Files\Outlook Express
2009-09-01 07:54:24 ----D---- C:\Program Files\Common Files\System
2009-09-01 07:54:12 ----D---- C:\WINDOWS\system32\oobe
2009-09-01 07:54:11 ----D---- C:\WINDOWS\system32\usmt
2009-09-01 07:54:10 ----D---- C:\WINDOWS\system
2009-09-01 07:50:12 ----D---- C:\WINDOWS\EHome
2009-09-01 07:31:21 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-01 07:29:38 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-01 07:29:11 ----HD---- C:\Program Files\WindowsUpdate
2009-08-31 23:14:28 ----D---- C:\WINDOWS\WBEM
2009-08-31 23:14:24 ----D---- C:\WINDOWS\Media
2009-08-31 23:00:16 ----D---- C:\WINDOWS\Debug
2009-08-31 22:44:29 ----RD---- C:\WINDOWS\Web
2009-08-31 22:44:22 ----RASH---- C:\NTDETECT.COM
2009-08-31 20:47:24 ----D---- C:\WINDOWS\Registration
2009-08-31 20:14:16 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-31 20:13:44 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-31 20:10:39 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-31 19:53:36 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-08-31 15:48:44 ----D---- C:\WINDOWS\twain_32
2009-08-31 15:48:22 ----D---- C:\WINDOWS\system32\icsxml
2009-08-31 15:47:43 ----D---- C:\WINDOWS\system32\ias
2009-08-31 15:47:36 ----D---- C:\WINDOWS\system32\1033
2009-08-31 15:45:06 ----D---- C:\WINDOWS\OemDir
2009-08-31 15:42:59 ----D---- C:\WINDOWS\Driver Cache
2009-08-31 05:44:54 ----D---- C:\WINDOWS\network diagnostic
2009-08-30 22:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-30 21:00:16 ----SHD---- C:\System Volume Information
2009-08-30 08:27:44 ----D---- C:\Documents and Settings
2009-08-30 05:33:56 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-08-29 22:19:01 ----D---- C:\Program Files\DVD Profiler
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\xircom
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\wins
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\export
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\dhcp
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\3076
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\2052
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1054
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1042
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1041
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1037
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1031
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1028
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1025
2009-08-29 18:04:52 ----HD---- C:\WINDOWS\PIF
2009-08-29 18:04:52 ----D---- C:\WINDOWS\mui
2009-08-29 18:04:45 ----D---- C:\WINDOWS\Connection Wizard
2009-08-29 18:04:45 ----D---- C:\WINDOWS\Config
2009-08-29 18:04:24 ----D---- C:\WINDOWS\addins
2009-08-29 09:35:23 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-08-29 03:14:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-27 08:32:42 ----SD---- C:\Documents and Settings\roy\Application Data\Microsoft
2009-08-27 08:29:00 ----D---- C:\Documents and Settings\roy\Application Data\Adobe
2009-08-27 08:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-27 08:26:46 ----D---- C:\Program Files\Common Files\Adobe
2009-08-27 08:26:35 ----D---- C:\Program Files\Adobe
2009-08-26 21:16:51 ----D---- C:\Documents and Settings\roy\Application Data\Pegasys Inc
2009-08-26 21:15:58 ----D---- C:\Program Files\Pegasys Inc
2009-08-26 21:15:37 ----A---- C:\WINDOWS\system32\GenSvcInst.exe
2009-08-26 21:15:37 ----A---- C:\WINDOWS\system32\bgsvcgen.exe
2009-08-26 18:17:57 ----D---- C:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2002-12-17 32512]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2009-08-21 33408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-08-20 73232]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\System32\drivers\PCTAppEvent.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-08-18 44704]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-22 80896]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-24 47360]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 SFilter;PCTools Driver; C:\WINDOWS\System32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 SABKUTIL;SABKUTIL; \??\C:\Documents and Settings\roy\Local Settings\Temporary Internet Files\Content.IE5\U67EG8T3\SABKUTIL.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-06-22 618944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2009-08-26 145504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-01 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-02-09 163908]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-08-24 935176]
S2 gupdate1ca1fee298fa43c;Google Update Service (gupdate1ca1fee298fa43c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-18 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-08-24 1033480]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-01 1097096]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.1.2600 Service Pack 3

9/25/2009 7:30:19 AM
mbam-log-2009-09-25 (07-30-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 181141
Time elapsed: 31 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3B6ECD32-8CD7-4D57-9043-BBBCEDCF51EE}\RP40\A0018113.exe (Adware.ADON) -> Quarantined and deleted successfully.
I think this is every thing you asked for.
I did run mbr. I think I did run mbr /f. Not sure.
I am 67 years old, sometimes forgetful.
Again many thanks.
ropat

#14 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 25 September 2009 - 03:11 PM



Hello ropat, :(

You may be 67 years old, but you appear to have a lot of knowledge about computers, I took a look at the list of your installed programs and you have plenty to keep you busy. :(

Lets do an online scan, please follow the next set of instructions:


:) ESET Online Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
Credit: Billy Oneal for the canned instructions. You can refer to this animation by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
:) Re-scan with RSIT and post the log along with the ESET OnlineScan log.

How are things your end ropat?

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:)

#15 ropat

ropat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 26 September 2009 - 03:28 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by roy at 2009-09-26 04:20:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 76 GB (69%) free of 111 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20:17, on 9/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\RSIT.exe
C:\HiJackThis\roy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlwt.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [muBlinder] D:\MUBlinder\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: FSL Launcher.lnk = C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1250561865703
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{856D7FDE-D648-4312-B328-6AD21D5ECF45}: NameServer = 208.67.222.222,208.67.222.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Update Service (gupdate1ca1fee298fa43c) (gupdate1ca1fee298fa43c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8664 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-01 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-06-22 4355464]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2009-02-09 13680640]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"basicsmssmenu"=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2009-06-22 960568]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-06-22 377248]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2009-02-09 86016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"muBlinder"=D:\MUBlinder\muBlinder\muBlinder.exe [2009-04-01 1464320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\roy\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
FSL Launcher.lnk - C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-25 20:33:22 ----D---- C:\Program Files\ESET
2009-09-25 06:05:35 ----SHD---- C:\RECYCLER
2009-09-25 06:04:38 ----A---- C:\ComboFix.txt
2009-09-25 05:59:26 ----D---- C:\WINDOWS\temp
2009-09-25 05:54:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-25 05:54:27 ----D---- C:\ComboFix
2009-09-24 11:25:46 ----A---- C:\mbr.exe
2009-09-17 07:27:45 ----D---- C:\Program Files\Uniblue
2009-09-13 08:07:48 ----D---- C:\Program Files\Auslogics
2009-09-12 06:37:48 ----D---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-12 06:37:48 ----D---- C:\Program Files\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-09-12 06:37:12 ----A---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy Uninstall Log.txt
2009-09-10 18:49:39 ----D---- C:\Documents and Settings\roy\Application Data\Office Genuine Advantage
2009-09-10 15:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-09-10 12:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 12:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-10 12:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\zh-TW
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\zh-HK
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\tr-TR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\sv-SE
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\pt-BR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\nl-NL
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\nb-NO
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\ko-KR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\it-IT
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\he-IL
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\fr-FR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\fi-FI
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\es-ES
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\el-GR
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\de-DE
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\da-DK
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\ar-SA
2009-09-10 12:27:35 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 12:47:39 ----A---- C:\RootRepeal report 09-09-09 (12-47-39).txt
2009-09-09 12:25:48 ----A---- C:\Boot.bak
2009-09-09 12:25:45 ----RASHD---- C:\cmdcons
2009-09-09 12:24:57 ----A---- C:\WINDOWS\zip.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\SWSC.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\SWREG.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\sed.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\PEV.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-09 12:24:57 ----A---- C:\WINDOWS\grep.exe
2009-09-09 12:24:34 ----AD---- C:\Qoobox
2009-09-09 12:01:47 ----A---- C:\WINDOWS\Partizan.txt
2009-09-09 12:01:26 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2009-09-09 11:59:16 ----RASHOT---- C:\WINDOWS\winstart.bat
2009-09-09 11:59:02 ----D---- C:\Program Files\UnHackMe
2009-09-09 08:49:56 ----A---- C:\RootRepeal report 09-09-09 (08-49-56).txt
2009-09-08 12:36:53 ----D---- C:\WINDOWS\ERDNT
2009-09-08 12:35:18 ----D---- C:\Program Files\ERUNT
2009-09-08 10:06:25 ----A---- C:\RootRepeal report 09-08-09 (10-06-25).txt
2009-09-08 10:01:24 ----A---- C:\RootRepeal report 09-08-09 (10-01-24).txt
2009-09-06 21:00:16 ----D---- C:\rsit
2009-09-02 21:36:02 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2009-09-02 10:52:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-02 10:07:26 ----D---- C:\HiJackThis
2009-09-02 10:05:32 ----D---- C:\HJT
2009-09-02 09:34:59 ----A---- C:\RootRepeal report 09-02-09 (09-34-59).txt
2009-09-02 06:46:40 ----D---- C:\Documents and Settings\roy\Application Data\OpenOffice.org
2009-09-01 22:34:39 ----D---- C:\Program Files\JRE
2009-09-01 22:34:35 ----D---- C:\Program Files\OpenOffice.org 3
2009-09-01 22:34:21 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-01 22:34:21 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-01 22:34:21 ----A---- C:\WINDOWS\system32\java.exe
2009-09-01 11:39:07 ----A---- C:\WINDOWS\system32\KDSInterface.txt
2009-09-01 11:13:21 ----D---- C:\Program Files\Spyware Doctor
2009-09-01 11:13:21 ----D---- C:\Documents and Settings\roy\Application Data\PC Tools
2009-09-01 11:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-09-01 08:02:41 ----D---- C:\WINDOWS\Prefetch
2009-09-01 07:57:04 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-09-01 07:57:04 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-09-01 07:30:35 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-01 07:30:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-31 23:14:06 ----HDC---- C:\WINDOWS\ie7
2009-08-31 23:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-08-31 22:45:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-31 22:42:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-08-31 20:10:44 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-31 20:10:23 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-08-31 20:10:23 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-31 20:10:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-31 20:10:17 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-08-31 20:10:17 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-31 20:10:17 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-31 20:10:16 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-31 20:10:14 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-31 20:10:14 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-31 20:10:13 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-31 20:10:12 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-08-31 20:10:12 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-31 20:10:11 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-31 20:09:34 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-31 20:09:34 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-31 20:09:33 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-31 20:09:32 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-31 20:09:32 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-31 20:09:31 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-31 20:09:31 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-31 20:09:30 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-31 20:09:29 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-31 20:09:28 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-31 20:09:23 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-31 20:09:23 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-31 20:09:23 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-31 20:09:22 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\nvopenal.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\nvasio.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\nvack.dll
2009-08-31 19:55:57 ----A---- C:\WINDOWS\system32\ALut.dll
2009-08-31 19:54:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-31 19:53:44 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-31 19:53:43 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-31 19:53:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-31 18:11:59 ----D---- C:\Program Files\Trend Micro
2009-08-31 14:07:27 ----A---- C:\avenger.txt
2009-08-31 11:54:24 ----D---- C:\Program Files\Enigma Software Group
2009-08-31 07:11:22 ----D---- C:\UBCD4Win
2009-08-31 06:09:29 ----D---- C:\ubcd4win35
2009-08-31 06:08:17 ----D---- C:\DrWeb
2009-08-30 23:10:54 ----D---- C:\Program Files\Avira
2009-08-30 23:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-30 20:38:26 ----A---- C:\WINDOWS\system32\tmp.txt
2009-08-30 20:38:22 ----A---- C:\rapport.txt
2009-08-30 06:53:41 ----D---- C:\Documents and Settings\roy\Application Data\Desktopicon
2009-08-30 06:53:39 ----D---- C:\Program Files\Unlocker
2009-08-30 06:18:38 ----D---- C:\WINDOWS\pss
2009-08-30 04:22:56 ----D---- C:\Documents and Settings\roy\Application Data\Yahoo!
2009-08-30 04:22:54 ----D---- C:\Program Files\Yahoo!
2009-08-30 04:22:49 ----D---- C:\Program Files\CCleaner
2009-08-30 03:47:17 ----D---- C:\$AVG8.VAULT$
2009-08-29 23:06:28 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-29 23:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2009-08-29 23:04:05 ----A---- C:\caisslog.txt
2009-08-29 15:05:02 ----D---- C:\Documents and Settings\roy\Application Data\Movienizer
2009-08-29 15:04:59 ----D---- C:\Program Files\Movienizer
2009-08-29 09:28:35 ----D---- C:\Program Files\Real Alternative
2009-08-29 09:28:35 ----D---- C:\Documents and Settings\roy\Application Data\Real
2009-08-29 09:28:35 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-08-29 09:28:35 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-08-29 09:28:35 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-08-29 09:28:35 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-08-29 03:21:52 ----D---- C:\Documents and Settings\roy\Application Data\JockerSoft
2009-08-29 03:14:43 ----D---- C:\Program Files\JockerSoft
2009-08-27 08:04:15 ----D---- C:\Program Files\FSL
2009-08-27 04:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 04:50:04 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-27 04:50:03 ----D---- C:\Documents and Settings\roy\Application Data\SUPERAntiSpyware.com
2009-08-27 04:49:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of files/folders modified in the last 1 months======

2009-09-26 03:36:08 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-25 20:33:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-25 20:33:22 ----RD---- C:\Program Files
2009-09-25 07:32:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-25 07:31:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-25 06:19:40 ----D---- C:\WINDOWS\system32\drivers
2009-09-25 06:05:35 ----D---- C:\WINDOWS\system32
2009-09-25 06:05:35 ----AD---- C:\WINDOWS
2009-09-25 06:02:18 ----A---- C:\WINDOWS\system.ini
2009-09-25 06:00:53 ----D---- C:\WINDOWS\system32\config
2009-09-25 05:58:17 ----D---- C:\WINDOWS\AppPatch
2009-09-25 05:58:12 ----D---- C:\Program Files\Common Files
2009-09-23 13:48:45 ----D---- C:\Documents and Settings\roy\Application Data\uTorrent
2009-09-20 18:03:12 ----SHD---- C:\WINDOWS\Installer
2009-09-17 04:19:43 ----D---- C:\Program Files\Mozilla Firefox
2009-09-12 06:38:18 ----A---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy Setup Log.txt
2009-09-10 15:08:20 ----D---- C:\WINDOWS\security
2009-09-10 13:04:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-10 13:04:20 ----HD---- C:\WINDOWS\inf
2009-09-10 13:04:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-10 12:28:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 12:27:54 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 12:27:41 ----SD---- C:\WINDOWS\Tasks
2009-09-10 12:27:41 ----D---- C:\WINDOWS\system32\en-us
2009-09-09 12:52:48 ----D---- C:\Downloads
2009-09-09 12:25:48 ----RASH---- C:\boot.ini
2009-09-08 12:43:11 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-07 22:45:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-07 22:41:34 ----D---- C:\Program Files\Registry Mechanic
2009-09-07 12:00:06 ----D---- C:\WINDOWS\Help
2009-09-07 12:00:01 ----RSD---- C:\WINDOWS\Fonts
2009-09-03 05:44:37 ----D---- C:\Program Files\PC Tools Firewall Plus
2009-09-01 22:35:15 ----RSD---- C:\WINDOWS\assembly
2009-09-01 22:34:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-01 11:08:51 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-01 08:39:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-01 08:31:21 ----A---- C:\WINDOWS\win.ini
2009-09-01 08:30:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-01 08:23:03 ----D---- C:\Program Files\Internet Explorer
2009-09-01 08:21:21 ----D---- C:\WINDOWS\WinSxS
2009-09-01 08:21:00 ----D---- C:\WINDOWS\ie7updates
2009-09-01 08:15:55 ----D---- C:\Program Files\Messenger
2009-09-01 08:02:58 ----A---- C:\WINDOWS\setuplog.txt
2009-09-01 08:02:21 ----D---- C:\WINDOWS\system32\wbem
2009-09-01 08:02:21 ----D---- C:\WINDOWS\system32\Setup
2009-09-01 07:57:04 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-01 07:57:00 ----D---- C:\WINDOWS\peernet
2009-09-01 07:57:00 ----D---- C:\Program Files\Movie Maker
2009-09-01 07:54:34 ----D---- C:\WINDOWS\system32\Restore
2009-09-01 07:54:34 ----D---- C:\WINDOWS\system32\npp
2009-09-01 07:54:32 ----D---- C:\WINDOWS\msagent
2009-09-01 07:54:31 ----D---- C:\WINDOWS\srchasst
2009-09-01 07:54:30 ----D---- C:\WINDOWS\ime
2009-09-01 07:54:29 ----D---- C:\Program Files\NetMeeting
2009-09-01 07:54:28 ----D---- C:\WINDOWS\system32\Com
2009-09-01 07:54:26 ----D---- C:\Program Files\Windows NT
2009-09-01 07:54:26 ----D---- C:\Program Files\Windows Media Player
2009-09-01 07:54:26 ----D---- C:\Program Files\Outlook Express
2009-09-01 07:54:24 ----D---- C:\Program Files\Common Files\System
2009-09-01 07:54:12 ----D---- C:\WINDOWS\system32\oobe
2009-09-01 07:54:11 ----D---- C:\WINDOWS\system32\usmt
2009-09-01 07:54:10 ----D---- C:\WINDOWS\system
2009-09-01 07:50:12 ----D---- C:\WINDOWS\EHome
2009-09-01 07:31:21 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-01 07:29:38 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-01 07:29:11 ----HD---- C:\Program Files\WindowsUpdate
2009-08-31 23:14:28 ----D---- C:\WINDOWS\WBEM
2009-08-31 23:14:24 ----D---- C:\WINDOWS\Media
2009-08-31 23:00:16 ----D---- C:\WINDOWS\Debug
2009-08-31 22:44:29 ----RD---- C:\WINDOWS\Web
2009-08-31 22:44:22 ----RASH---- C:\NTDETECT.COM
2009-08-31 20:47:24 ----D---- C:\WINDOWS\Registration
2009-08-31 20:14:16 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-31 20:13:44 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-31 20:10:39 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-31 19:53:36 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-08-31 15:48:44 ----D---- C:\WINDOWS\twain_32
2009-08-31 15:48:22 ----D---- C:\WINDOWS\system32\icsxml
2009-08-31 15:47:43 ----D---- C:\WINDOWS\system32\ias
2009-08-31 15:47:36 ----D---- C:\WINDOWS\system32\1033
2009-08-31 15:45:06 ----D---- C:\WINDOWS\OemDir
2009-08-31 15:42:59 ----D---- C:\WINDOWS\Driver Cache
2009-08-31 05:44:54 ----D---- C:\WINDOWS\network diagnostic
2009-08-30 22:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-30 21:00:16 ----SHD---- C:\System Volume Information
2009-08-30 08:27:44 ----D---- C:\Documents and Settings
2009-08-30 05:33:56 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-08-29 22:19:01 ----D---- C:\Program Files\DVD Profiler
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\xircom
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\wins
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\export
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\dhcp
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\3076
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\2052
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1054
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1042
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1041
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1037
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1031
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1028
2009-08-29 18:04:53 ----D---- C:\WINDOWS\system32\1025
2009-08-29 18:04:52 ----HD---- C:\WINDOWS\PIF
2009-08-29 18:04:52 ----D---- C:\WINDOWS\mui
2009-08-29 18:04:45 ----D---- C:\WINDOWS\Connection Wizard
2009-08-29 18:04:45 ----D---- C:\WINDOWS\Config
2009-08-29 18:04:24 ----D---- C:\WINDOWS\addins
2009-08-29 09:35:23 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-08-29 03:14:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-27 08:32:42 ----SD---- C:\Documents and Settings\roy\Application Data\Microsoft
2009-08-27 08:29:00 ----D---- C:\Documents and Settings\roy\Application Data\Adobe
2009-08-27 08:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-27 08:26:46 ----D---- C:\Program Files\Common Files\Adobe
2009-08-27 08:26:35 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2002-12-17 32512]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2009-08-21 33408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-08-20 73232]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\System32\drivers\PCTAppEvent.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-08-18 44704]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-22 80896]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-24 47360]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 SFilter;PCTools Driver; C:\WINDOWS\System32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 SABKUTIL;SABKUTIL; \??\C:\Documents and Settings\roy\Local Settings\Temporary Internet Files\Content.IE5\U67EG8T3\SABKUTIL.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-06-22 618944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2009-08-26 145504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-01 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-02-09 163908]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-08-24 935176]
S2 gupdate1ca1fee298fa43c;Google Update Service (gupdate1ca1fee298fa43c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-18 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-08-24 1033480]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-01 1097096]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
D:\FIREWALL TEST\AWFT\setup.exe Win32/Leaktest.AWFT application
D:\nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application
E:\Application Data\Desktopicon\eBayShortcuts.exe a variant of Win32/Adware.ADON application
E:\FF Downloads\unlocker1.8.7.exe a variant of Win32/Adware.ADON application

Here are the logs.
Again Thanks for your help.
ropat




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users