Vundo issues(Resolved) - Atribune.org

	Advanced Search

Welcome to Omgili,
Omgili (Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.

This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.


	Vundo issues(Resolved) - Atribune.org I'm having some trouble with Vundo, and every time something seems to work, something else breaks. First, I used VundoFix, but it found absolutely nothing. Then I used MBAM, and it found about 90+ Vundo infections, but more kept coming back whenever I connected to the internet. Kaspersky detected C:\lol.exe attempting to inject itself into other processes at startup. According to virustotal, it's virtumonde (http://www.virustotal.com/analisis/ab4d659976b5763f9b080849093dc2e4). I have attempted to delete it, but it keeps reappearing. Since Kaspersky didn't seem to be able to stop Vundo from constantly reinfecting, I tried Nod32, but that also didn't work. I have not been able to perform a full virus scan because when I go afk I come back to find the computer has restarted and attempting to boot from a floppy. I also tried Spybot/Adaware and a few others, but lol.exe keeps recurring, and now I can't seem to start in normal mode without the computer freezing up. This post has been edited by throughglassdarkly: Jan 17 2009, 03:26 PM


	Malwarebytes logs Malwarebytes' Anti-Malware 1.33 Database version: 1656 Windows 5.1.2600 Service Pack 1 17/01/2009 00:13:19 mbam-log-2009-01-17 (00-13-19).txt Scan type: Quick Scan Objects scanned: 21914 Time elapsed: 7 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\cbXRHbaB.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\byXRhEWm.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12e629a9-5608-413e-a8b6-146b79efcd3b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{12e629a9-5608-413e-a8b6-146b79efcd3b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxrhewm (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrhbab -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrhbab -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\cbXRHbaB.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\BabHRXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BabHRXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXRhEWm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\rqRHxwUo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oUwxHRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oUwxHRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXRJCtr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcBTMcD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBsrRlm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljJCtqQg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvTliIB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUmmJBq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.33 Database version: 1656 Windows 5.1.2600 Service Pack 1 17/01/2009 05:21:22 mbam-log-2009-01-17 (05-21-22).txt Scan type: Quick Scan Objects scanned: 60986 Time elapsed: 20 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 94 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\iifdaxww.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jkkJbxWN.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjbxwn (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5aa7e9b-ff53-4387-8df2-0c22c06560e9} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b5aa7e9b-ff53-4387-8df2-0c22c06560e9} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Adware.Cinmus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdaxww -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdaxww -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\jkkJbxWN.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\iifdaxww.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\wwxadfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wwxadfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcCSMdb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\End User\Local Settings\Temporary Internet Files\Content.IE5\137ZXT4E\CAY30HKB (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\End User\Local Settings\Temporary Internet Files\Content.IE5\ED12ZADC\CAJMAX7F (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wmdmpmsvc.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqQgEvT.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvSiiJC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvTkiGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvUKDUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvVLdef.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvVPjjI.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvWpMee.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMcbcCr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMdAPiJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMdDuuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXOHYrR.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXOIxvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXQiFxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBqNeEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBssssQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBtTKAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBtUonn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBuVLdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkHBSIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkIYpmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkJawvU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkLBspm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnkhigD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnlKApO.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnmMdAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnnnoPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnolLcC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXNhiIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRHwXOh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRIxwUl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRJAtsq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRJDuVp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRKAPHA.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnmlLCS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnnLfDS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnoMFut.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnkKcbB.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnnNghg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnoLede.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqNFuTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqOEuVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqOFvuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqOHBtU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqPjJBu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtqrsRK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtrPjge.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtsPHwV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awttrPFX.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXOfgHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXPFWqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXPJBUO.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXPJYqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXQIBrS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXRjgEU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcDUlkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcDUmnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcDVnLe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcYSiFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGvssPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGvvtst.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGxVMDu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGxVNfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGyyxVL.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifdbBsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifgFWMg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayaXPii.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yaywvtSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqPijiH.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqRHYrR.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljJBtuSi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljJCuSLd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljJCvSkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUllkjH.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUlllJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUnNfcY.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUoLdbC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUoNEvw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccaAqrQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccccDtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccddaXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccdedBQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccywtqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\khfCsqpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vtUkhffG.dll (Trojan.vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vtUonmNf.dll (Trojan.vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\End User\Local Settings\Temp\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.


	HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:01:38, on 17/01/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\System32\ctfmon.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ycomp/def...://sg.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/def...://sg.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = windowsupdate.microsoft.com; Windowsupdate.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: 64.12.152.18 search.netscape.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\System32\SkypeComm.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB002" /M "Stylus Photo R800" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] aim.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save &Images - C:\Program Files\FastID\CacheViewX\SaveIMG.html O8 - Extra context menu item: Save F&lash - C:\Program Files\FastID\CacheViewX\SaveSWF.html O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: CacheViewX - {376BFE0B-F4C4-4117-A2EC-FB455DA81EBF} - C:\PROGRA~1\FastID\CACHEV~1\CACHEV~1.DLL O9 - Extra button: Get all flash - {5E9FCC22-E23F-4E04-AC69-C34C76774952} - C:\Program Files\FastID\CacheViewX\SaveSWFB.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Get all images - {9D98D9D4-C034-4787-93AF-6C341E4F8CF9} - C:\Program Files\FastID\CacheViewX\SaveIMGB.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINDOWS\security\svchost.exe -- End of file - 12178 bytes This post has been edited by throughglassdarkly: Jan 17 2009, 03:43 PM


	Rooter log Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : BIOS Date: 08/20/03 12:57:55 Ver: 08.00.09 USER : End User ( Administrator ) BOOT : Fail-safe with network boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:111 Go (Free:4 Go) D:\ (USB) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (USB) - FAT32 - Total:3816 Mo (Free:3 Go) 17/01/2009\|22:10 \\ Search.. \\ Cracks & Keygens.. C:\DOCUME~1\ENDUSE~1\Desktop\main-les-crackpipe.jpg C:\DOCUME~1\ENDUSE~1\Desktop\product_main_t_crackpipe.jpg C:\DOCUME~1\ENDUSE~1\Desktop\10800_files\thiskindofcrackisgood.jpg C:\DOCUME~1\ENDUSE~1\Desktop\12975_files\icecrack.jpg C:\DOCUME~1\ENDUSE~1\My Documents\Mercadian_Masques_PICTESTER_files\crackdown.jpg 1 - "C:\Rooter$\Rooter_1.txt" - Sat 01/17/2009\|22:10 This post has been edited by throughglassdarkly: Jan 17 2009, 03:43 PM


	Logfile of random's system information tool 1.05 (written by random/random) Run by End User at 2009-01-17 22:11:39 Microsoft Windows XP Professional Service Pack 1 System drive C: has 4 GB (4%) free of 114 GB Total RAM: 1023 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:11:43, on 17/01/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\System32\ctfmon.exe C:\RSIT.exe C:\End User.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ycomp/def...://sg.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/def...://sg.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = windowsupdate.microsoft.com; Windowsupdate.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: 64.12.152.18 search.netscape.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\System32\SkypeComm.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB002" /M "Stylus Photo R800" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] aim.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save &Images - C:\Program Files\FastID\CacheViewX\SaveIMG.html O8 - Extra context menu item: Save F&lash - C:\Program Files\FastID\CacheViewX\SaveSWF.html O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: CacheViewX - {376BFE0B-F4C4-4117-A2EC-FB455DA81EBF} - C:\PROGRA~1\FastID\CACHEV~1\CACHEV~1.DLL O9 - Extra button: Get all flash - {5E9FCC22-E23F-4E04-AC69-C34C76774952} - C:\Program Files\FastID\CacheViewX\SaveSWFB.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Get all images - {9D98D9D4-C034-4787-93AF-6C341E4F8CF9} - C:\Program Files\FastID\CacheViewX\SaveIMGB.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINDOWS\security\svchost.exe -- End of file - 12189 bytes Scheduled tasks folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1897051121-725345543-1003.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-07-02 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}] CInterceptor Object - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2008-02-09 569344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4254E07D-1B18-446C-BA07-20A70E629F88}] C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}] Skype Control Class - C:\WINDOWS\System32\SkypeComm.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-25 325048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-06-20 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392] {33973600-925A-11D9-A1F6-9234C84D2622} - &AEVITA Save Flash - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL [] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2002-09-03 24576] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [2002-09-13 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-28 4841472] "nwiz"=nwiz.exe /install [] ""= [] "EPSON Stylus Photo R800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE [2005-01-13 98304] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728] "CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-09-11 53248] "CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-08-13 40960] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2002-08-29 145408] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2003-04-14 1491216] "ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856] ""= [] "NBJ"=C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe [2005-05-19 1957888] "RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe [2002-09-04 135168] "Google Update"=C:\Documents and Settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-02 133104] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [2002-09-13 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avatar The Last Airbender] C:\Program Files\Avatar The Last Airbender\Avatar The Last Airbender.exe [2008-06-19 3112960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-11-10 1980200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe /L ElbyCDFL [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe [2007-07-02 1990704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Update x86] aim.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxqmwgirgsz] C:\WINDOWS\System32\fjijila.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-12-22 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe [2008-02-09 6051144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe [2006-12-23 1003520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2004-02-25 665088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-08-05 218240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-05-29 180269] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] C:\Program Files\Vidalia\vidalia.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] C:\PROGRA~1\Privoxy\privoxy.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^End User^Start Menu^Programs^Startup^Xfire.lnk] C:\PROGRA~1\Xfire\Xfire.exe [2004-10-07 752640] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\System32\klogon.dll [2008-02-08 219664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] ""= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] List of files/folders created in the last 3 months 2009-01-17 22:11:39 ----D---- C:\rsit 2009-01-17 22:11:39 ----A---- C:\End User.exe 2009-01-17 21:56:35 ----A---- C:\WINDOWS\gmer.ini 2009-01-17 21:56:34 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2009-01-17 21:56:34 ----A---- C:\WINDOWS\gmer.exe 2009-01-17 21:56:34 ----A---- C:\WINDOWS\gmer.dll 2009-01-17 21:53:19 ----D---- C:\gmer 2009-01-17 21:53:10 ----A---- C:\RSIT.exe 2009-01-17 21:23:30 ----D---- C:\Rooter$ 2009-01-17 21:23:28 ----A---- C:\Rooter.exe 2009-01-17 21:23:28 ----A---- C:\HiJackThis.exe 2009-01-17 19:22:15 ----A---- C:\SUPERAntiSpyware.exe 2009-01-17 17:26:29 ----A---- C:\WINDOWS\System32\MSVBVM60.DLL 2009-01-17 17:26:16 ----A---- C:\WINDOWS\MSVBVM60.DLL 2009-01-17 17:24:27 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-17 17:24:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-17 17:24:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-17 16:02:12 ----D---- C:\Program Files\Common Files\PC Tools 2009-01-17 16:01:57 ----D---- C:\Program Files\Spyware Doctor 2009-01-17 10:43:41 ----A---- C:\WINDOWS\System32\io.exe 2009-01-17 07:57:25 ----SHD---- C:\Config.Msi 2009-01-17 06:05:56 ----A---- C:\WINDOWS\UnGins.exe 2009-01-17 06:05:55 ----D---- C:\Program Files\ASCII 2009-01-17 06:05:55 ----A---- C:\WINDOWS\System32\Unlha32.dll 2009-01-17 06:05:55 ----A---- C:\WINDOWS\System32\Harmony.dll 2009-01-17 02:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$ 2009-01-17 02:24:15 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$ 2009-01-17 02:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$ 2009-01-17 02:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2009-01-17 02:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$ 2009-01-17 02:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$ 2009-01-17 02:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$ 2009-01-17 02:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$ 2009-01-17 02:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$ 2009-01-17 02:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$ 2009-01-16 15:09:43 ----N---- C:\WINDOWS\System32\verclsid.exe 2009-01-16 15:09:43 ----A---- C:\WINDOWS\System32\xpsp2res.dll 2009-01-16 15:09:43 ----A---- C:\WINDOWS\System32\sxs.dll 2009-01-16 15:09:41 ----A---- C:\WINDOWS\System32\shell32.dll 2009-01-16 15:09:40 ----A---- C:\WINDOWS\System32\fldrclnr.dll 2009-01-16 15:09:31 ----A---- C:\WINDOWS\System32\umpnpmgr.dll 2009-01-16 15:09:12 ----A---- C:\WINDOWS\System32\mtxoci.dll 2009-01-16 15:09:12 ----A---- C:\WINDOWS\System32\mtxclu.dll 2009-01-16 15:08:15 ----A---- C:\WINDOWS\System32\rasadhlp.dll 2009-01-16 15:08:14 ----A---- C:\WINDOWS\System32\dnsapi.dll 2009-01-16 15:07:53 ----A---- C:\WINDOWS\System32\cscdll.dll 2009-01-16 15:06:30 ----A---- C:\WINDOWS\System32\authz.dll 2009-01-16 14:51:12 ----A---- C:\WINDOWS\System32\MRT.INI 2009-01-16 14:43:25 ----A---- C:\WINDOWS\System32\MRT.exe 2009-01-16 14:11:08 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2009-01-16 04:11:45 ----SHD---- C:\WINDOWS\CSC 2009-01-16 04:11:32 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-16 03:29:39 ----D---- C:\WINDOWS\pss 2009-01-16 02:48:08 ----A---- C:\WINDOWS\System32\07c7c291-.txt 2009-01-12 12:41:39 ----A---- C:\WINDOWS\System32\hp.exe.exe 2009-01-12 12:22:13 ----A---- C:\WINDOWS\System32\jy.exe 2009-01-11 20:21:54 ----A---- C:\WINDOWS\System32\ya.exe.exe 2009-01-10 22:17:38 ----A---- C:\WINDOWS\System32\uu.exe.exe 2009-01-10 19:22:57 ----A---- C:\WINDOWS\System32\ej.exe 2009-01-10 17:48:50 ----A---- C:\WINDOWS\System32\lv.exe 2009-01-10 06:12:32 ----A---- C:\WINDOWS\System32\dh.exe.exe 2009-01-10 00:17:15 ----D---- C:\Program Files\DOSBox-0.72 2009-01-09 15:28:40 ----A---- C:\WINDOWS\System32\yw.exe.exe 2009-01-09 14:55:22 ----A---- C:\WINDOWS\System32\tx.exe.exe 2009-01-09 12:19:01 ----A---- C:\WINDOWS\System32\pn.exe 2009-01-07 00:43:08 ----A---- C:\WINDOWS\System32\ra.exe.exe 2008-12-04 21:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-12-04 21:46:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-18 14:27:11 ----D---- C:\Documents and Settings\End User\Application Data\Reflexive_Janes_Realty 2008-11-18 14:24:59 ----D---- C:\Program Files\Janes Realty 2008-11-18 14:24:42 ----D---- C:\Program Files\ReflexiveArcade 2008-11-15 19:00:45 ----D---- C:\Documents and Settings\End User\Application Data\PlayFirst 2008-11-15 19:00:45 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-11-15 18:58:58 ----D---- C:\Program Files\Hometown Hero 2008-11-15 09:35:31 ----D---- C:\Program Files\Astral 2008-11-12 23:13:17 ----D---- C:\Documents and Settings\End User\Application Data\Hamachi 2008-11-12 23:10:46 ----D---- C:\Program Files\Hamachi 2008-11-12 16:12:36 ----D---- C:\Documents and Settings\End User\Application Data\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1 2008-11-12 16:12:25 ----D---- C:\Program Files\NowBoarding 2008-11-12 16:08:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-11-12 16:08:06 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-11-12 12:32:38 ----D---- C:\Program Files\Spectromancer 2008-10-29 16:39:18 ----A---- C:\CTSUFile.txt 2008-10-21 15:07:11 ----A---- C:\WINDOWS\System32\d3dx9_28.dll 2008-10-21 15:07:10 ----A---- C:\WINDOWS\System32\xinput9_1_0.dll 2008-10-21 15:07:10 ----A---- C:\WINDOWS\System32\d3dx9_27.dll 2008-10-21 15:07:09 ----A---- C:\WINDOWS\System32\d3dx9_26.dll 2008-10-21 15:07:09 ----A---- C:\WINDOWS\System32\d3dx9_25.dll 2008-10-21 15:07:08 ----A---- C:\WINDOWS\System32\d3dx9_24.dll 2008-10-21 15:06:23 ----A---- C:\WINDOWS\System32\wstdecod.dll 2008-10-21 15:06:22 ----A---- C:\WINDOWS\System32\msvidctl.dll 2008-10-21 15:06:21 ----A---- C:\WINDOWS\System32\psisdecd.dll 2008-10-21 15:06:08 ----A---- C:\WINDOWS\System32\dxdllreg.exe 2008-10-21 15:06:07 ----A---- C:\WINDOWS\System32\dxdiagn.dll 2008-10-21 15:06:06 ----A---- C:\WINDOWS\System32\d3d9.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmusic.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmsynth.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmstyle.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmloader.dll 2008-10-21 15:05:57 ----A---- C:\WINDOWS\System32\dmime.dll 2008-10-21 15:05:57 ----A---- C:\WINDOWS\System32\dmcompos.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dswave.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dmscript.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dmband.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dinput8.dll 2008-10-21 15:05:55 ----A---- C:\WINDOWS\System32\pid.dll 2008-10-21 15:05:55 ----A---- C:\WINDOWS\System32\d3d8.dll 2008-10-21 15:05:54 ----A---- C:\WINDOWS\System32\qedwipes.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\quartz.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\qedit.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\qasf.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\mswebdvd.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\msdmo.dll 2008-10-21 15:05:51 ----A---- C:\WINDOWS\System32\qdvd.dll 2008-10-21 15:05:51 ----A---- C:\WINDOWS\System32\qdv.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\qcap.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\mciqtz32.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\encapi.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\dxdiag.exe 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\devenum.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\d3dxof.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\amstream.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dsdmoprp.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dsdmo.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dpvvox.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dpvsetup.exe 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3drm.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3dramp.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3dpmesh.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3dim.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dpvoice.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dpvacm.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dpnsvr.exe 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dimap.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\diactfrm.dll 2008-10-21 15:05:47 ----A---- C:\WINDOWS\System32\dpnlobby.dll 2008-10-21 15:05:47 ----A---- C:\WINDOWS\System32\dpnhupnp.dll 2008-10-21 15:05:47 ----A---- C:\WINDOWS\System32\dpnhpast.dll 2008-10-21 15:05:46 ----A---- C:\WINDOWS\System32\dpnet.dll 2008-10-21 15:05:46 ----A---- C:\WINDOWS\System32\dpnaddr.dll 2008-10-21 15:05:45 ----A---- C:\WINDOWS\System32\gcdef.dll 2008-10-21 15:05:45 ----A---- C:\WINDOWS\System32\dx8vb.dll 2008-10-21 15:05:45 ----A---- C:\WINDOWS\System32\d3d8thk.dll 2008-10-21 15:05:44 ----A---- C:\WINDOWS\System32\dx7vb.dll 2008-10-21 15:05:43 ----A---- C:\WINDOWS\System32\dsound3d.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dsound.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dpwsockx.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dpmodemx.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dplayx.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dplaysvr.exe 2008-10-21 15:05:41 ----A---- C:\WINDOWS\System32\dinput.dll 2008-10-21 15:05:41 ----A---- C:\WINDOWS\System32\ddrawex.dll 2008-10-21 15:05:41 ----A---- C:\WINDOWS\System32\ddraw.dll 2008-10-21 15:05:40 ----A---- C:\WINDOWS\System32\d3dim700.dll 2008-10-21 14:42:37 ----D---- C:\Documents and Settings\End User\Application Data\Wizards of the Coast 2008-10-21 14:41:31 ----D---- C:\Program Files\Wizards of the Coast 2008-10-21 14:34:53 ----D---- C:\Documents and Settings\End User\Application Data\InstallShield 2008-10-19 21:58:52 ----D---- C:\WINDOWS\OOH List of files/folders modified in the last 3 months 2009-01-17 22:09:47 ----A---- C:\WINDOWS\NeroDigital.ini 2009-01-17 22:05:27 ----D---- C:\Documents and Settings\End User\Application Data\uTorrent 2009-01-17 22:00:46 ----AD---- C:\WINDOWS 2009-01-17 21:59:46 ----AD---- C:\Program Files 2009-01-17 21:59:44 ----D---- C:\WINDOWS\System32\drivers 2009-01-17 21:59:20 ----D---- C:\WINDOWS\system32 2009-01-17 21:58:25 ----D---- C:\Program Files\Soulseek 2009-01-17 21:58:18 ----D---- C:\Program Files\Mozilla Firefox 2009-01-17 21:58:12 ----D---- C:\Program Files\eMule 2009-01-17 21:57:56 ----D---- C:\Program Files\Azureus 2009-01-17 21:57:48 ----D---- C:\Program Files\BitComet 2009-01-17 21:53:43 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-01-17 21:51:42 ----D---- C:\WINDOWS\System32\CatRoot2 2009-01-17 21:49:56 ----HD---- C:\WINDOWS\inf 2009-01-17 21:46:37 ----D---- C:\WINDOWS\Debug 2009-01-17 21:44:51 ----RSHDC---- C:\WINDOWS\System32\dllcache 2009-01-17 21:44:51 ----D---- C:\WINDOWS\LastGood.Tmp 2009-01-17 21:44:42 ----D---- C:\WINDOWS\Help 2009-01-17 21:44:41 ----D---- C:\WINDOWS\LastGood 2009-01-17 20:55:15 ----D---- C:\Program Files\PConPoint 2009-01-17 20:52:38 ----D---- C:\Documents and Settings\End User\Application Data\Sammsoft 2009-01-17 20:52:33 ----SHD---- C:\RECYCLER 2009-01-17 20:50:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-01-17 20:32:42 ----ASH---- C:\boot.ini 2009-01-17 20:32:42 ----AC---- C:\WINDOWS\system.ini 2009-01-17 20:32:42 ----A---- C:\WINDOWS\win.ini 2009-01-17 20:01:17 ----D---- C:\WINDOWS\Temp 2009-01-17 18:06:22 ----A---- C:\WINDOWS\wininit.ini 2009-01-17 18:06:12 ----D---- C:\Program Files\Enigma Software Group 2009-01-17 18:06:08 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-17 18:06:08 ----D---- C:\Program Files\dialers 2009-01-17 11:47:54 ----D---- C:\Documents and Settings\End User\Application Data\Desktopicon 2009-01-17 09:52:39 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-17 07:57:27 ----SHD---- C:\WINDOWS\Installer 2009-01-17 07:49:17 ----D---- C:\WINDOWS\System32\CatRoot 2009-01-17 06:56:59 ----D---- C:\Program Files\Kazaa Lite K++ 2009-01-17 06:56:59 ----D---- C:\My Shared Folder 2009-01-17 06:05:56 ----RD---- C:\WINDOWS\Fonts 2009-01-17 03:27:35 ----D---- C:\Documents and Settings 2009-01-17 03:11:00 ----D---- C:\Program Files\Avatar The Last Airbender 2009-01-17 03:11:00 ----D---- C:\Documents and Settings\End User\Application Data\Avatar The Last Airbender 2009-01-17 02:46:32 ----D---- C:\Program Files\FlashGet 2009-01-17 02:26:35 ----A---- C:\WINDOWS\imsins.BAK 2009-01-17 02:25:03 ----D---- C:\WINDOWS\WinSxS 2009-01-16 15:05:40 ----RSD---- C:\WINDOWS\assembly 2009-01-16 04:18:35 ----D---- C:\Documents and Settings\End User\Application Data\Vidalia 2009-01-16 04:15:27 ----D---- C:\WINDOWS\System32\config 2009-01-16 04:15:07 ----D---- C:\WINDOWS\System32\wbem 2009-01-16 04:15:07 ----D---- C:\WINDOWS\Registration 2009-01-16 03:58:04 ----D---- C:\WINDOWS\Prefetch 2009-01-15 02:14:07 ----D---- C:\Program Files\Warcraft III 2009-01-12 14:28:53 ----D---- C:\downloads 2009-01-11 16:48:18 ----D---- C:\WINDOWS\security 2009-01-02 14:44:01 ----SD---- C:\WINDOWS\Tasks 2009-01-01 06:11:36 ----SD---- C:\Documents and Settings\End User\Application Data\Microsoft 2009-01-01 06:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7 2008-12-30 20:23:19 ----D---- C:\Documents and Settings\End User\Application Data\dvdcss 2008-12-18 10:54:37 ----D---- C:\Program Files\uTorrent 2008-12-04 21:52:10 ----D---- C:\Program Files\Lavasoft 2008-12-04 21:50:15 ----D---- C:\Documents and Settings\End User\Application Data\Lavasoft 2008-12-04 21:46:08 ----AD---- C:\Program Files\Common Files 2008-11-12 23:10:23 ----D---- C:\temp 2008-11-12 16:08:41 ----D---- C:\Documents and Settings\End User\Application Data\Adobe 2008-10-29 16:39:09 ----D---- C:\Program Files\Creative 2008-10-21 15:07:23 ----D---- C:\WINDOWS\System32\DirectX 2008-10-21 15:07:15 ----D---- C:\WINDOWS\Microsoft.NET 2008-10-21 14:41:29 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-19 02:54:58 ----D---- C:\sysreset List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) R1 epfwtdi;epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [2008-11-10 55304] R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys [] R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-07-17 147328] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [2008-11-10 32264] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2008-11-12 25280] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 24592] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-06-10 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] R3 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] S1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840] S1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2008-11-10 104456] S1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys [] S2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2008-11-10 110600] S2 epfw;epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [2008-11-10 129032] S2 npkcrypt;npkcrypt; \??\C:\Program Files\WIZET\MapleStory\npkcrypt.sys [] S2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys [] S2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys [] S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2003-02-17 16384] S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-09-03 186068] S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-09-20 492592] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2002-09-23 292304] S3 ctgame;Game Port; C:\WINDOWS\System32\DRIVERS\ctgame.sys [2002-08-05 10368] S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-09-03 6144] S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-09-03 133280] S3 DTT200ULD;Pocket DTV USB2.0 firmware loader; C:\WINDOWS\System32\Drivers\DTT200ULD.sys [2004-12-15 18560] S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys [] S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-09-03 115216] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-17 85969] S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2002-09-20 816704] S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2002-09-20 135824] S3 huadio;huadio; \??\c:\huadio.tmp [] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\C:\Documents and Settings\End User\Desktop\hax\MoonLight_Engine_1196.3.0.1\IlvMoney1196.sys [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2003-02-17 83968] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-02-17 10112] S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984] S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2002-08-29 38272] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339] S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-09-20 113520] S3 ROCKSTAR;ROCKSTAR; \??\C:\Documents and Settings\End User\Desktop\Dspider0 v57\Dspider0 v57\ksysdrv.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-02-17 10880] S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-02-17 14976] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 V-Gear;Pocket DTV USB2.0 Driver; C:\WINDOWS\System32\Drivers\DTT200U.sys [2004-09-06 18432] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-08-29 69248] List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664] S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032] S2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856] S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032] S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-11-10 711240] S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248] S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-07-28 77824] S2 RetroLauncher;Retrospect Launcher; C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe [2006-08-30 86016] S2 Retrospect Helper;Retrospect Helper; C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe [2006-08-30 122880] S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [] S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [] S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352] S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S2 WinHost32Svr;Windows Host32 Server Service; C:\WINDOWS\security\svchost.exe [2009-01-17 30208] S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520] S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-11-10 20680] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2001-08-18 12800] EOF


	Info.txt logfile of random's system information tool 1.05 2009-01-17 22:11:45 Uninstall list -->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent-->"C:\Program Files\uTorrent\uninstall.exe" 3ivx D4 4.5.1 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe" AbsoluteShield File Shredder-->"C:\Program Files\SysShield Tools\File Shredder\unins000.exe" AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" AEVITA Save Flash version 1.5-->"C:\Program Files\AEVITA Save Flash\unins000.exe" AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe" Astral Tournament 1.7-->"C:\Program Files\Astral\Uninstall.exe" "C:\Program Files\Astral\install.log" AuditionSEA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{979830F1-8955-44EC-881F-1F82ED7B1127}\setup.exe" -l0x9 AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG Cablenut 4.08-->C:\Program Files\Cablenut\uninst-cablenut.exe CacheViewX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C3171C8-3EC8-410C-B3BA-1C19630B9857}\Setup.exe" CDCheck-->"C:\Program Files\CDCheck\uninst.exe" CEDP Stealer 2.0-->"C:\Program Files\CEDP Stealer\unins000.exe" CoCSoft Stream Down 3.1-->C:\PROGRA~1\COCSOF~1\UNWISE.EXE C:\PROGRA~1\COCSOF~1\INSTALL.LOG CoCSoft Stream Down 3.3-->C:\PROGRA~1\COCSOF~1\UNWISE.EXE C:\PROGRA~1\COCSOF~1\INSTALL.LOG Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000- FF1CE} Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\System32\OggDSuninst.exe" DirectShow subtitle filter colleciton (remove only)-->"C:\WINDOWS\System32\SubtitDSuninst.exe" DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe" Disk Investigator 1.4-->C:\Program Files\Disk Investigator\uninst.exe DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Duo in MAXIM-->C:\WINDOWS\ss3unstl.exe "Duo in MAXIM" DVD Decrypter (Remove Only)-->"C:\Program Files\DVDDecrypter\uninstall.exe" DVD Identifier-->"C:\Program Files\DVD Identifier\Uninst\unins000.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" DVD Solution-->"C:\Program Files\Uninstall_CDS.exe" DVDFab Decrypter 3.0.5.0-->"C:\Program Files\DVDFab Decrypter 3\unins000.exe" Easy Media Recorder-->MsiExec.exe /I{5530E121-50B3-4AB6-9628-AF10B4547B2F} EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Darkroom Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D67F1B6B-44BF-498D-BD4B-6E0880DC2A87}\SETUP.EXE" -l0x9 UNINST EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON RAW Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9E80F99-6295-4605-A609-675E78D63250}\SETUP.EXE" -l0x9 /COMPANE EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything ESPR800 Reference Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR800\REF_G\DOCUNINS.EXE ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe" FlashGet 1.9.0.1012-->C:\Program Files\FlashGet\uninst.exe FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe Free Video to Mp3 Converter version 2.9-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe" FreeUndelete-->C:\Program Files\FreeUndelete\GLF683.exe /handle:fru GetFlash-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\GetFlash Inc.\UnInst.log" "/APPNAME=GetFlash" Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" Gordian Knot Rip Pack 0.28.7-->C:\Program Files\GordianKnot\uninst.exe Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe HashOnClick-->"C:\Program Files\2BrightSparks\HashOnClick\unins000.exe" HiDownload-->"C:\Program Files\HiDownload\unins000.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Administrator.USER\Desktop\HijackThis.exe" /uninstall Hometown Hero-->C:\Program Files\Hometown Hero\Uninstal.exe HP LaserJet M1005-->C:\Program Files\Agilent-HP\{50e9cad9-7060-4124-acf4-eef403f94a44}\uninstall.exe SYSTEM "C:\Program Files\Agilent-HP\{50e9cad9-7060-4124-acf4-eef403f94a44}" HP OrderReminder-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018 Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF Imatest 2.3.15-->"C:\Program Files\Imatest\uninstall.exe" ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe" Internet Explorer Q867801-->C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q867801.inf iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Janes Realty-->"C:\Program Files\Janes Realty\ReflexiveArcade\unins000.exe" Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040} Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F} Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F} KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe" Leadtek WinFastDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL Little Fighter 2 v1.9-->C:\Program Files\LittleFighter2\LF2_v1.9\Uninstal.exe LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Magic Online III-->C:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Mobile Explorer 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{392A1F0A-315A-4051-864B-1CD7A30BE3F6}\Setup.exe" Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft PowerPoint 2000 SR-1-->MsiExec.exe /I{00130409-78E1-11D2-B60F-006097C998E7} Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9 Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000- FF1CE} Microsoft Visual C++ Toolkit 2003-->MsiExec.exe /X{362882AE-E40A-4435-B214-6420634C401F} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall mIRC-->C:\sysreset\uninstall.exe _?=C:\sysreset Morgan Stream Switcher-->"C:\Program Files\Morgan\mmswitch\uninst.exe" Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu" Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352} Now Boarding-->msiexec /qb /x {DA4D5BCE-B1C0-6C9A-A14F-A6003F1184AF} NowBoarding-->MsiExec.exe /I{DA4D5BCE-B1C0-6C9A-A14F-A6003F1184AF} NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf ODF Add-in for Microsoft Word-->MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC} Outlook Express Q823353-->C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf Pando-->MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1} Pdf995-->C:\Program Files\pdf995\setup.exe uninstall PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe Readiris Pro 11-->MsiExec.exe /I{7C2B745A-E7F1-41F1-B9BB-3DDB8D52E4CE} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Refresher-->C:\Program Files\Refresher\Uninstal.exe Retrospect 7.5-->MsiExec.exe /I{92596597-71B3-4608-8628-AD48F2664EB9} RPG Maker 2000 1.05-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\install.log" Scan To-->MsiExec.exe /I{9356940C-B360-4EF4-BE6C-BD488350AB17} SDP Downloader-->MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2} Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8} Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B} SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1} SmartUndelete-->"C:\Program Files\SmartUndelete\unins000.exe" SMPlayer-->"C:\Program Files\smplayer\Uninstall.exe" Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x9 SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Spectromancer-->"C:\Program Files\Spectromancer\Uninstall.exe" "C:\Program Files\Spectromancer\install.log" SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE} Spy Sweeper-->C:\WINDOWS\unSpySweeper.exe StreamDown Version 5.9-->C:\PROGRA~1\STREAM~1\UNWISE.EXE C:\PROGRA~1\STREAM~1\INSTALL.LOG SubRip 1.17.1 (remove only)-->"C:\Program Files\SubRip\Uninstall.exe" SurfOffline (remove only)-->"C:\Program Files\SurfOffline\uninstall.exe" The Proxomitron Ver. Naoko-4.5-->"C:\Program Files\Proxomitron Naoko-4\unins000.exe" The Sims Livin' Large-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2727FBEF-3155-11D4-8F73-0050DA0F6297}\setup.exe" Tor (remove only)-->"C:\Program Files\Tor\Uninstall.exe" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe Update for Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe" WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player Hotfix [See wm828026 for more information]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe Windows SA-->C:\Windows\System32\axuninstall.exe rebootfirst Windows XP Hotfix - KB821557-->C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe Windows XP Hotfix - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe Windows XP Hotfix - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe Windows XP Hotfix - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe Windows XP Hotfix - KB824146-->C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe Windows XP Hotfix - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe Windows XP Hotfix - KB828028-->C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe Windows XP Hotfix - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe Windows XP Hotfix - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe Windows XP Hotfix - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe Windows XP Hotfix - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe Windows XP Hotfix - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe Windows XP Hotfix - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe Windows XP Hotfix - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe Windows XP Hotfix - KB883357-->C:\WINDOWS\$NtUninstallKB883357$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix (SP2) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe Windows XP Hotfix (SP2) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe Windows XP Hotfix (SP2) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q329441-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q810565-->C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q814033-->C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q817287-->C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe Windows XP Hotfix (SP2) Q819696-->C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe Windows XP Service Pack 1a-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinHTTrack Website Copier 3.41-2-->"C:\Program Files\WinHTTrack\unins000.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WM Downloader 2.9.1.100 2007.03.24-->"C:\Program Files\Mini-stream\WM Downloader\unins000.exe" Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" Xvid 1.1.2 final uninstall-->"C:\Program Files\XviD\unins001.exe" XviD Video Codec 24062003-1 (Koepi's developer build)-->"C:\Program Files\XviD\UninstXviD.exe" Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\YPSR\unwise32.exe /A C:\PROGRA~1\Yahoo!\YPSR\ypsrinst.log Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\common\YINSTH~1.DLL Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\common\unyt.exe Hosts File 64.12.152.18 search.netscape.com System event log Computer Name: USER Event Code: 7036 Message: The LiveUpdate service entered the running state. Record Number: 17206 Source Name: Service Control Manager Time Written: 20090111025248. +480 Event Type: information User: Computer Name: USER Event Code: 7035 Message: The LiveUpdate service was successfully sent a start control. Record Number: 17205 Source Name: Service Control Manager Time Written: 20090111025248. +480 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: USER Event Code: 7036 Message: The LiveUpdate service entered the stopped state. Record Number: 17204 Source Name: Service Control Manager Time Written: 20090110232110. +480 Event Type: information User: Computer Name: USER Event Code: 7036 Message: The LiveUpdate service entered the running state. Record Number: 17203 Source Name: Service Control Manager Time Written: 20090110232056. +480 Event Type: information User: Computer Name: USER Event Code: 7035 Message: The LiveUpdate service was successfully sent a start control. Record Number: 17202 Source Name: Service Control Manager Time Written: 20090110232056. +480 Event Type: information User: NT AUTHORITY\SYSTEM Application event log Computer Name: USER Event Code: 4609 Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007041F from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Record Number: 15675 Source Name: EventSystem Time Written: 20090117095340. +480 Event Type: error User: Computer Name: USER Event Code: 105 Message: The service was started. Record Number: 15674 Source Name: WMDM PMSP Service Time Written: 20090117095317. +480 Event Type: information User: Computer Name: USER Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 15673 Source Name: LightScribeService Time Written: 20090117095305. +480 Event Type: information User: Computer Name: USER Event Code: 105 Message: The service was started. Record Number: 15672 Source Name: Creative Service for CDROM Access Time Written: 20090117095257. +480 Event Type: information User: Computer Name: USER Event Code: 101 Message: Information Level: success Rolling back the schedule; Execution will occur at approximately 9:57 AM. Record Number: 15671 Source Name: Automatic LiveUpdate Scheduler Time Written: 20090117095255. +480 Event Type: information User: NT AUTHORITY\SYSTEM Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0209 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip "SAFEBOOT_OPTION"=NETWORK EOF


	GMER log.. Attached File(s) GMER.txt ( 6.21K ) Number of downloads: 20


	IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes.. 1. Lavasoft Ad-Aware 2. Spybot - Search & Destroy 3. Viewpoint (all of them..) Please download the OTMoveIt3 by OldTimerSave it to your Desktop.Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar) CODE:processes explorer.exe :services :files C:\WINDOWS\System32\fjijila.exe C:\WINDOWS\System32\07c7c291-.txt C:\WINDOWS\System32\hp.exe.exe C:\WINDOWS\System32\jy.exe C:\WINDOWS\System32\ya.exe.exe C:\WINDOWS\System32\uu.exe.exe C:\WINDOWS\System32\ej.exe C:\WINDOWS\System32\lv.exe C:\WINDOWS\System32\dh.exe.exe C:\Program Files\DOSBox-0.72 C:\WINDOWS\System32\yw.exe.exe C:\WINDOWS\System32\tx.exe.exe C:\WINDOWS\System32\pn.exe C:\WINDOWS\System32\ra.exe.exe :reg [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxqmwgirgsz] :commands [purity] [emptytemp] [start explorer] [reboot] Click the red Moveit! Button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt3If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. NEXT Please show hidden files and folders Please go to VirSCAN.org FREE on-line scan serviceCopy and paste the following file path into the "Suspicious files to scan"box on the top of the page: c:\huadio.tmp Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply. If VirScan.org server is too busy, please submit the file to VirusTotal instead. Run RSIT again... Post these logs in your next reply.. 1. OTMoveIt3 2. RSIT log.txt 3. VirScan.org result


	I managed to uninstall SpyBot, but Windows Installer can't run in Safe Mode, so I couldn't uninstall AdAware - I removed the entire Lavasoft folder manually. OTMoveIt log PROCESSES Process explorer.exe killed successfully. SERVICES/DRIVERS FILES File/Folder C:\WINDOWS\System32\fjijila.exe not found. C:\WINDOWS\System32\07c7c291-.txt moved successfully. C:\WINDOWS\System32\hp.exe.exe moved successfully. C:\WINDOWS\System32\jy.exe moved successfully. C:\WINDOWS\System32\ya.exe.exe moved successfully. C:\WINDOWS\System32\uu.exe.exe moved successfully. C:\WINDOWS\System32\ej.exe moved successfully. C:\WINDOWS\System32\lv.exe moved successfully. C:\WINDOWS\System32\dh.exe.exe moved successfully. C:\Program Files\DOSBox-0.72\zmbv moved successfully. C:\Program Files\DOSBox-0.72\capture moved successfully. C:\Program Files\DOSBox-0.72 moved successfully. C:\WINDOWS\System32\yw.exe.exe moved successfully. C:\WINDOWS\System32\tx.exe.exe moved successfully. C:\WINDOWS\System32\pn.exe moved successfully. C:\WINDOWS\System32\ra.exe.exe moved successfully. REGISTRY Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxqmwgirgsz\\ deleted successfully. COMMANDS File delete failed. C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp\etilqs_ikpYYU6SH5fPfVVFNjmz scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.9es\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.9es\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.9es\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.9es\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.9es\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.9es\XPC.mfl scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.9es\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_145406 RSIT log Logfile of random's system information tool 1.05 (written by random/random) Run by End User at 2009-01-18 15:09:21 Microsoft Windows XP Professional Service Pack 1 System drive C: has 6 GB (5%) free of 114 GB Total RAM: 1023 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:09:31, on 18/01/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\End User\Desktop\RSIT.exe C:\End User.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ycomp/def...://sg.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/def...://sg.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = windowsupdate.microsoft.com; Windowsupdate.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: 64.12.152.18 search.netscape.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\System32\SkypeComm.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB002" /M "Stylus Photo R800" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] aim.exe O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\End User\Desktop\OTMoveIt3.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save &Images - C:\Program Files\FastID\CacheViewX\SaveIMG.html O8 - Extra context menu item: Save F&lash - C:\Program Files\FastID\CacheViewX\SaveSWF.html O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing) O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: CacheViewX - {376BFE0B-F4C4-4117-A2EC-FB455DA81EBF} - C:\PROGRA~1\FastID\CACHEV~1\CACHEV~1.DLL O9 - Extra button: Get all flash - {5E9FCC22-E23F-4E04-AC69-C34C76774952} - C:\Program Files\FastID\CacheViewX\SaveSWFB.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Get all images - {9D98D9D4-C034-4787-93AF-6C341E4F8CF9} - C:\Program Files\FastID\CacheViewX\SaveIMGB.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - http://404.x-share.com/vvv/Pribi.exe O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINDOWS\security\svchost.exe -- End of file - 12175 bytes Scheduled tasks folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1897051121-725345543-1003.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-07-02 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}] CInterceptor Object - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2008-02-09 569344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4254E07D-1B18-446C-BA07-20A70E629F88}] C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}] Skype Control Class - C:\WINDOWS\System32\SkypeComm.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-25 325048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-06-20 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392] {33973600-925A-11D9-A1F6-9234C84D2622} - &AEVITA Save Flash - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL [] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2002-09-03 24576] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [2002-09-13 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-28 4841472] "nwiz"=nwiz.exe /install [] ""= [] "EPSON Stylus Photo R800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE [2005-01-13 98304] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728] "CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-09-11 53248] "CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-08-13 40960] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2002-08-29 145408] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "OTMoveIt"=C:\Documents and Settings\End User\Desktop\OTMoveIt3.exe [2009-01-18 348160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2003-04-14 1491216] "ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856] ""= [] "NBJ"=C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe [2005-05-19 1957888] "RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe [2002-09-04 135168] "Google Update"=C:\Documents and Settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-02 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avatar The Last Airbender] C:\Program Files\Avatar The Last Airbender\Avatar The Last Airbender.exe [2008-06-19 3112960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-11-10 1980200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe /L ElbyCDFL [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe [2007-07-02 1990704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Update x86] aim.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-12-22 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe [2008-02-09 6051144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe [2006-12-23 1003520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2004-02-25 665088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-08-05 218240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-05-29 180269] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] C:\Program Files\Vidalia\vidalia.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] C:\PROGRA~1\Privoxy\privoxy.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^End User^Start Menu^Programs^Startup^Xfire.lnk] C:\PROGRA~1\Xfire\Xfire.exe [2004-10-07 752640] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\System32\klogon.dll [2008-02-08 219664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] ""= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] List of files/folders created in the last 3 months 2009-01-18 15:09:22 ----A---- C:\End User.exe 2009-01-18 14:54:06 ----D---- C:\_OTMoveIt 2009-01-18 14:22:49 ----A---- C:\fixment.txt 2009-01-17 22:11:39 ----D---- C:\rsit 2009-01-17 21:56:35 ----A---- C:\WINDOWS\gmer.ini 2009-01-17 21:56:34 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2009-01-17 21:56:34 ----A---- C:\WINDOWS\gmer.exe 2009-01-17 21:56:34 ----A---- C:\WINDOWS\gmer.dll 2009-01-17 21:53:19 ----A---- C:\gmer.exe 2009-01-17 21:23:30 ----D---- C:\Rooter$ 2009-01-17 21:23:28 ----A---- C:\HiJackThis.exe 2009-01-17 19:22:15 ----A---- C:\SUPERAntiSpyware.exe 2009-01-17 17:26:29 ----A---- C:\WINDOWS\System32\MSVBVM60.DLL 2009-01-17 17:26:16 ----A---- C:\WINDOWS\MSVBVM60.DLL 2009-01-17 17:24:27 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-17 17:24:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-17 17:24:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-17 16:02:12 ----D---- C:\Program Files\Common Files\PC Tools 2009-01-17 16:01:57 ----D---- C:\Program Files\Spyware Doctor 2009-01-17 10:43:41 ----A---- C:\WINDOWS\System32\io.exe 2009-01-17 07:57:25 ----SHD---- C:\Config.Msi 2009-01-17 06:05:56 ----A---- C:\WINDOWS\UnGins.exe 2009-01-17 06:05:55 ----D---- C:\Program Files\ASCII 2009-01-17 06:05:55 ----A---- C:\WINDOWS\System32\Unlha32.dll 2009-01-17 06:05:55 ----A---- C:\WINDOWS\System32\Harmony.dll 2009-01-17 02:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$ 2009-01-17 02:24:15 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$ 2009-01-17 02:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$ 2009-01-17 02:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2009-01-17 02:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$ 2009-01-17 02:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$ 2009-01-17 02:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$ 2009-01-17 02:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$ 2009-01-17 02:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$ 2009-01-17 02:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$ 2009-01-16 15:09:43 ----N---- C:\WINDOWS\System32\verclsid.exe 2009-01-16 15:09:43 ----A---- C:\WINDOWS\System32\xpsp2res.dll 2009-01-16 15:09:43 ----A---- C:\WINDOWS\System32\sxs.dll 2009-01-16 15:09:41 ----A---- C:\WINDOWS\System32\shell32.dll 2009-01-16 15:09:40 ----A---- C:\WINDOWS\System32\fldrclnr.dll 2009-01-16 15:09:31 ----A---- C:\WINDOWS\System32\umpnpmgr.dll 2009-01-16 15:09:12 ----A---- C:\WINDOWS\System32\mtxoci.dll 2009-01-16 15:09:12 ----A---- C:\WINDOWS\System32\mtxclu.dll 2009-01-16 15:08:15 ----A---- C:\WINDOWS\System32\rasadhlp.dll 2009-01-16 15:08:14 ----A---- C:\WINDOWS\System32\dnsapi.dll 2009-01-16 15:07:53 ----A---- C:\WINDOWS\System32\cscdll.dll 2009-01-16 15:06:30 ----A---- C:\WINDOWS\System32\authz.dll 2009-01-16 14:51:12 ----A---- C:\WINDOWS\System32\MRT.INI 2009-01-16 14:43:25 ----A---- C:\WINDOWS\System32\MRT.exe 2009-01-16 14:11:08 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2009-01-16 04:11:45 ----SHD---- C:\WINDOWS\CSC 2009-01-16 04:11:32 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-16 03:29:39 ----D---- C:\WINDOWS\pss 2008-12-04 21:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-12-04 21:46:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-18 14:27:11 ----D---- C:\Documents and Settings\End User\Application Data\Reflexive_Janes_Realty 2008-11-18 14:24:59 ----D---- C:\Program Files\Janes Realty 2008-11-18 14:24:42 ----D---- C:\Program Files\ReflexiveArcade 2008-11-15 19:00:45 ----D---- C:\Documents and Settings\End User\Application Data\PlayFirst 2008-11-15 19:00:45 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-11-15 18:58:58 ----D---- C:\Program Files\Hometown Hero 2008-11-15 09:35:31 ----D---- C:\Program Files\Astral 2008-11-12 23:13:17 ----D---- C:\Documents and Settings\End User\Application Data\Hamachi 2008-11-12 23:10:46 ----D---- C:\Program Files\Hamachi 2008-11-12 16:12:36 ----D---- C:\Documents and Settings\End User\Application Data\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1 2008-11-12 16:12:25 ----D---- C:\Program Files\NowBoarding 2008-11-12 16:08:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-11-12 16:08:06 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-11-12 12:32:38 ----D---- C:\Program Files\Spectromancer 2008-10-29 16:39:18 ----A---- C:\CTSUFile.txt 2008-10-21 15:07:11 ----A---- C:\WINDOWS\System32\d3dx9_28.dll 2008-10-21 15:07:10 ----A---- C:\WINDOWS\System32\xinput9_1_0.dll 2008-10-21 15:07:10 ----A---- C:\WINDOWS\System32\d3dx9_27.dll 2008-10-21 15:07:09 ----A---- C:\WINDOWS\System32\d3dx9_26.dll 2008-10-21 15:07:09 ----A---- C:\WINDOWS\System32\d3dx9_25.dll 2008-10-21 15:07:08 ----A---- C:\WINDOWS\System32\d3dx9_24.dll 2008-10-21 15:06:23 ----A---- C:\WINDOWS\System32\wstdecod.dll 2008-10-21 15:06:22 ----A---- C:\WINDOWS\System32\msvidctl.dll 2008-10-21 15:06:21 ----A---- C:\WINDOWS\System32\psisdecd.dll 2008-10-21 15:06:08 ----A---- C:\WINDOWS\System32\dxdllreg.exe 2008-10-21 15:06:07 ----A---- C:\WINDOWS\System32\dxdiagn.dll 2008-10-21 15:06:06 ----A---- C:\WINDOWS\System32\d3d9.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmusic.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmsynth.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmstyle.dll 2008-10-21 15:05:58 ----A---- C:\WINDOWS\System32\dmloader.dll 2008-10-21 15:05:57 ----A---- C:\WINDOWS\System32\dmime.dll 2008-10-21 15:05:57 ----A---- C:\WINDOWS\System32\dmcompos.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dswave.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dmscript.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dmband.dll 2008-10-21 15:05:56 ----A---- C:\WINDOWS\System32\dinput8.dll 2008-10-21 15:05:55 ----A---- C:\WINDOWS\System32\pid.dll 2008-10-21 15:05:55 ----A---- C:\WINDOWS\System32\d3d8.dll 2008-10-21 15:05:54 ----A---- C:\WINDOWS\System32\qedwipes.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\quartz.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\qedit.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\qasf.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\mswebdvd.dll 2008-10-21 15:05:52 ----A---- C:\WINDOWS\System32\msdmo.dll 2008-10-21 15:05:51 ----A---- C:\WINDOWS\System32\qdvd.dll 2008-10-21 15:05:51 ----A---- C:\WINDOWS\System32\qdv.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\qcap.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\mciqtz32.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\encapi.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\dxdiag.exe 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\devenum.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\d3dxof.dll 2008-10-21 15:05:50 ----A---- C:\WINDOWS\System32\amstream.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dsdmoprp.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dsdmo.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dpvvox.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\dpvsetup.exe 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3drm.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3dramp.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3dpmesh.dll 2008-10-21 15:05:49 ----A---- C:\WINDOWS\System32\d3dim.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dpvoice.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dpvacm.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dpnsvr.exe 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\dimap.dll 2008-10-21 15:05:48 ----A---- C:\WINDOWS\System32\diactfrm.dll 2008-10-21 15:05:47 ----A---- C:\WINDOWS\System32\dpnlobby.dll 2008-10-21 15:05:47 ----A---- C:\WINDOWS\System32\dpnhupnp.dll 2008-10-21 15:05:47 ----A---- C:\WINDOWS\System32\dpnhpast.dll 2008-10-21 15:05:46 ----A---- C:\WINDOWS\System32\dpnet.dll 2008-10-21 15:05:46 ----A---- C:\WINDOWS\System32\dpnaddr.dll 2008-10-21 15:05:45 ----A---- C:\WINDOWS\System32\gcdef.dll 2008-10-21 15:05:45 ----A---- C:\WINDOWS\System32\dx8vb.dll 2008-10-21 15:05:45 ----A---- C:\WINDOWS\System32\d3d8thk.dll 2008-10-21 15:05:44 ----A---- C:\WINDOWS\System32\dx7vb.dll 2008-10-21 15:05:43 ----A---- C:\WINDOWS\System32\dsound3d.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dsound.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dpwsockx.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dpmodemx.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dplayx.dll 2008-10-21 15:05:42 ----A---- C:\WINDOWS\System32\dplaysvr.exe 2008-10-21 15:05:41 ----A---- C:\WINDOWS\System32\dinput.dll 2008-10-21 15:05:41 ----A---- C:\WINDOWS\System32\ddrawex.dll 2008-10-21 15:05:41 ----A---- C:\WINDOWS\System32\ddraw.dll 2008-10-21 15:05:40 ----A---- C:\WINDOWS\System32\d3dim700.dll 2008-10-21 14:42:37 ----D---- C:\Documents and Settings\End User\Application Data\Wizards of the Coast 2008-10-21 14:41:31 ----D---- C:\Program Files\Wizards of the Coast 2008-10-21 14:34:53 ----D---- C:\Documents and Settings\End User\Application Data\InstallShield 2008-10-19 21:58:52 ----D---- C:\WINDOWS\OOH List of files/folders modified in the last 3 months 2009-01-18 15:05:28 ----A---- C:\WINDOWS\NeroDigital.ini 2009-01-18 15:02:43 ----D---- C:\Program Files\Mozilla Firefox 2009-01-18 14:54:39 ----D---- C:\WINDOWS\Temp 2009-01-18 14:54:06 ----D---- C:\WINDOWS\system32 2009-01-18 14:54:06 ----AD---- C:\Program Files 2009-01-17 23:23:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-01-17 22:25:35 ----D---- C:\WINDOWS\System32\CatRoot2 2009-01-17 22:24:50 ----AD---- C:\WINDOWS 2009-01-17 22:24:27 ----D---- C:\WINDOWS\Debug 2009-01-17 22:20:56 ----ASH---- C:\boot.ini 2009-01-17 22:20:56 ----AC---- C:\WINDOWS\system.ini 2009-01-17 22:20:56 ----A---- C:\WINDOWS\win.ini 2009-01-17 22:05:27 ----D---- C:\Documents and Settings\End User\Application Data\uTorrent 2009-01-17 21:59:44 ----D---- C:\WINDOWS\System32\drivers 2009-01-17 21:58:25 ----D---- C:\Program Files\Soulseek 2009-01-17 21:58:12 ----D---- C:\Program Files\eMule 2009-01-17 21:57:56 ----D---- C:\Program Files\Azureus 2009-01-17 21:57:48 ----D---- C:\Program Files\BitComet 2009-01-17 21:49:56 ----HD---- C:\WINDOWS\inf 2009-01-17 21:44:51 ----RSHDC---- C:\WINDOWS\System32\dllcache 2009-01-17 21:44:42 ----D---- C:\WINDOWS\Help 2009-01-17 20:55:15 ----D---- C:\Program Files\PConPoint 2009-01-17 20:52:38 ----D---- C:\Documents and Settings\End User\Application Data\Sammsoft 2009-01-17 20:52:33 ----SHD---- C:\RECYCLER 2009-01-17 20:50:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-01-17 18:06:22 ----A---- C:\WINDOWS\wininit.ini 2009-01-17 18:06:12 ----D---- C:\Program Files\Enigma Software Group 2009-01-17 18:06:08 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-17 18:06:08 ----D---- C:\Program Files\dialers 2009-01-17 11:47:54 ----D---- C:\Documents and Settings\End User\Application Data\Desktopicon 2009-01-17 09:52:39 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-17 07:57:27 ----SHD---- C:\WINDOWS\Installer 2009-01-17 07:49:17 ----D---- C:\WINDOWS\System32\CatRoot 2009-01-17 06:56:59 ----D---- C:\My Shared Folder 2009-01-17 06:05:56 ----RD---- C:\WINDOWS\Fonts 2009-01-17 03:27:35 ----D---- C:\Documents and Settings 2009-01-17 03:11:00 ----D---- C:\Program Files\Avatar The Last Airbender 2009-01-17 03:11:00 ----D---- C:\Documents and Settings\End User\Application Data\Avatar The Last Airbender 2009-01-17 02:46:32 ----D---- C:\Program Files\FlashGet 2009-01-17 02:26:35 ----A---- C:\WINDOWS\imsins.BAK 2009-01-17 02:25:03 ----D---- C:\WINDOWS\WinSxS 2009-01-16 15:05:40 ----RSD---- C:\WINDOWS\assembly 2009-01-16 04:18:35 ----D---- C:\Documents and Settings\End User\Application Data\Vidalia 2009-01-16 04:15:27 ----D---- C:\WINDOWS\System32\config 2009-01-16 04:15:07 ----D---- C:\WINDOWS\System32\wbem 2009-01-16 04:15:07 ----D---- C:\WINDOWS\Registration 2009-01-16 03:58:04 ----D---- C:\WINDOWS\Prefetch 2009-01-15 02:14:07 ----D---- C:\Program Files\Warcraft III 2009-01-12 14:28:53 ----D---- C:\downloads 2009-01-11 16:48:18 ----D---- C:\WINDOWS\security 2009-01-02 14:44:01 ----SD---- C:\WINDOWS\Tasks 2009-01-01 06:11:36 ----SD---- C:\Documents and Settings\End User\Application Data\Microsoft 2009-01-01 06:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7 2008-12-30 20:23:19 ----D---- C:\Documents and Settings\End User\Application Data\dvdcss 2008-12-18 10:54:37 ----D---- C:\Program Files\uTorrent 2008-12-04 21:50:15 ----D---- C:\Documents and Settings\End User\Application Data\Lavasoft 2008-12-04 21:46:08 ----AD---- C:\Program Files\Common Files 2008-11-12 23:10:23 ----D---- C:\temp 2008-11-12 16:08:41 ----D---- C:\Documents and Settings\End User\Application Data\Adobe 2008-10-29 16:39:09 ----D---- C:\Program Files\Creative 2008-10-21 15:07:23 ----D---- C:\WINDOWS\System32\DirectX 2008-10-21 15:07:15 ----D---- C:\WINDOWS\Microsoft.NET 2008-10-21 14:41:29 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-19 02:54:58 ----D---- C:\sysreset List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) R1 epfwtdi;epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [2008-11-10 55304] R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys [] R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-07-17 147328] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [2008-11-10 32264] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2008-11-12 25280] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 24592] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-06-10 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] R3 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] S1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840] S1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2008-11-10 104456] S1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys [] S2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2008-11-10 110600] S2 epfw;epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [2008-11-10 129032] S2 npkcrypt;npkcrypt; \??\C:\Program Files\WIZET\MapleStory\npkcrypt.sys [] S2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys [] S2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys [] S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2003-02-17 16384] S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-09-03 186068] S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-09-20 492592] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2002-09-23 292304] S3 ctgame;Game Port; C:\WINDOWS\System32\DRIVERS\ctgame.sys [2002-08-05 10368] S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-09-03 6144] S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-09-03 133280] S3 DTT200ULD;Pocket DTV USB2.0 firmware loader; C:\WINDOWS\System32\Drivers\DTT200ULD.sys [2004-12-15 18560] S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys [] S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-09-03 115216] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-17 85969] S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2002-09-20 816704] S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2002-09-20 135824] S3 huadio;huadio; \??\c:\huadio.tmp [] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\C:\Documents and Settings\End User\Desktop\hax\MoonLight_Engine_1196.3.0.1\IlvMoney1196.sys [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2003-02-17 83968] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-02-17 10112] S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984] S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2002-08-29 38272] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339] S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-09-20 113520] S3 ROCKSTAR;ROCKSTAR; \??\C:\Documents and Settings\End User\Desktop\Dspider0 v57\Dspider0 v57\ksysdrv.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-02-17 10880] S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-02-17 14976] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 V-Gear;Pocket DTV USB2.0 Driver; C:\WINDOWS\System32\Drivers\DTT200U.sys [2004-09-06 18432] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-08-29 69248] List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) S2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [] S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032] S2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856] S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032] S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-11-10 711240] S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248] S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-07-28 77824] S2 RetroLauncher;Retrospect Launcher; C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe [2006-08-30 86016] S2 Retrospect Helper;Retrospect Helper; C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe [2006-08-30 122880] S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [] S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [] S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352] S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S2 WinHost32Svr;Windows Host32 Server Service; C:\WINDOWS\security\svchost.exe [2009-01-17 30208] S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520] S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-11-10 20680] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2001-08-18 12800] EOF


	Also, I just did another MBAM scan and it found something else: Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 1 18/01/2009 16:08:06 mbam-log-2009-01-18 (16-08-06).txt Scan type: Quick Scan Objects scanned: 59753 Time elapsed: 12 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\End User.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


	Don't worry.. If you found anything with Malwarebytes', just remove it.. That's why the program was there! (IMG:style_emoticons/default/laugh.gif) I missed one file.. Please do a VirScan (as you did before) with this file.. C:\WINDOWS\System32\io.exe Then, lets do an online scan.. Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Post me ESET and VirScan results.. How's the computer now? (IMG:style_emoticons/default/smile.gif)


	Virscan result http://virscan.org/report/9c57d43a1c0fa317...b11a158918.html The ESET scanner found 6 infections at first but IE stopped responding at around 33 minutes, I'm trying to run the scan again and will post the log.


	Please show hidden files and folders Please find and delete above file (the one that you scanned) manually.. C:\WINDOWS\System32\io.exe Then please complete your ESET Online and run ComboFix again.. Post the ESET and ComboFix logs in your next reply (IMG:style_emoticons/default/smile.gif)


	The first time I ran ComboFix it found a couple of things, but the computer restarted in normal mode and ComboFix froze for about an hour in the "creating log" step. It worked the second time I ran it. ESET log # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3775 (20090118) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=b1acdb28fc75914fb0fd2cb0c990aa43 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-01-19 06:56:14 # local_time=2009-01-19 02:56:14 (+0800, Malay Peninsula Standard Time) # country="United Kingdom" # osver=5.1.2600 NT Service Pack 1 # scanned=318007 # found=20 # scan_time=6316 # nod_component=V3 Build:0x3 () C:\WINDOWS\security\svchost.exe IRC/SdBot trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1PBA7LAR\p[17].txt IRC/SdBot trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1PBA7LAR\p[18].txt IRC/SdBot trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1PBA7LAR\p[19].txt IRC/SdBot trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1PBA7LAR\p[22].txt IRC/SdBot trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1PBA7LAR\p[31].txt IRC/SdBot trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1T6I1GH4\p[32].txt IRC/SdBot trojan (unable to clean - deleted) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1T6I1GH4\p[33].txt IRC/SdBot trojan (unable to clean - deleted) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar IRC/SdBot trojan (deleted) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\dh.exe.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\ej.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\hp.exe.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\jy.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\lv.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\pn.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\ra.exe.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\tx.exe.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\uu.exe.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\ya.exe.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) C:\_OTMoveIt\MovedFiles\01182009_145406\trojans.rar »RAR »WINDOWS\System32\yw.exe.exe IRC/SdBot trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) ComboFix log ComboFix 09-01-19.03 - End User 2009-01-20 6:13:04.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.764 [GMT 8:00] Running from: c:\documents and settings\End User\Desktop\ComboFix.exe . Other Deletions . . ---- Previous Run . c:\documents and settings\End User\Local Settings\Temporary Internet Files\101.gif c:\documents and settings\End User\Local Settings\Temporary Internet Files\102.gif c:\documents and settings\End User\Local Settings\Temporary Internet Files\103.gif c:\documents and settings\End User\Local Settings\Temporary Internet Files\104.gif c:\documents and settings\End User\Local Settings\Temporary Internet Files\105.gif c:\documents and settings\End User\Local Settings\Temporary Internet Files\106.gif c:\documents and settings\End User\Local Settings\Temporary Internet Files\Tvm.log c:\program files\dialers c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\iexp_log.txt c:\windows\system32\MabryObj.dll . Drivers/Services . \Legacy_ILVMONEYDRIVER53 \Legacy_NPF \Service_IlvMoneyDRIVER53 Files Created from 2008-12-19 to 2009-01-19 . 2009-01-18 17:17 . 2009-01-19 14:56 <DIR> D c:\program files\EsetOnlineScanner 2009-01-18 14:54 . 2009-01-18 14:54 <DIR> D C:\_OTMoveIt 2009-01-17 22:11 . 2009-01-18 15:09 <DIR> D C:\rsit 2009-01-17 21:56 . 2009-01-17 22:36 250 --a c:\windows\gmer.ini 2009-01-17 21:53 . 2008-04-17 21:13 811,008 --a C:\gmer.exe 2009-01-17 21:23 . 2009-01-17 23:34 <DIR> D C:\Rooter$ 2009-01-17 21:23 . 2009-01-17 19:26 401,720 --a C:\HiJackThis.exe 2009-01-17 19:22 . 2009-01-17 18:52 5,824,544 --a C:\SUPERAntiSpyware.exe 2009-01-17 17:26 . 2004-02-23 01:00 1,386,496 --a c:\windows\system32\MSVBVM60.DLL 2009-01-17 17:26 . 2004-02-23 01:00 1,386,496 --a c:\windows\MSVBVM60.DLL 2009-01-17 17:24 . 2009-01-17 20:20 <DIR> D c:\program files\Spybot - Search & Destroy 2009-01-17 17:24 . 2009-01-17 17:24 <DIR> D c:\program files\Malwarebytes' Anti-Malware 2009-01-17 17:24 . 2009-01-17 20:20 <DIR> D c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-17 16:02 . 2009-01-17 20:02 <DIR> D c:\program files\Common Files\PC Tools 2009-01-17 16:02 . 2008-07-28 12:29 160,792 --a c:\windows\system32\drivers\pctfw2.sys 2009-01-17 16:01 . 2009-01-17 20:04 <DIR> D c:\program files\Spyware Doctor 2009-01-17 06:47 . 2009-01-17 06:47 <DIR> D c:\documents and settings\Administrator.USER\Application Data\vlc 2009-01-17 06:05 . 2009-01-17 06:05 <DIR> D c:\program files\ASCII 2009-01-17 06:05 . 2000-03-07 00:00 473,600 --a c:\windows\system32\Harmony.dll 2009-01-17 06:05 . 2000-03-07 00:00 237,568 --a c:\windows\system32\Unlha32.dll 2009-01-17 06:05 . 2000-07-08 15:06 87,040 --a c:\windows\UnGins.exe 2009-01-17 05:09 . 2009-01-17 05:08 102,664 --a c:\windows\system32\drivers\tmcomm.sys 2009-01-17 05:08 . 2009-01-17 06:06 <DIR> D c:\documents and settings\Administrator.USER\.housecall6.6 2009-01-17 04:47 . 2009-01-17 04:47 <DIR> D c:\documents and settings\Administrator.USER\Application Data\Malwarebytes 2009-01-17 03:27 . 2009-01-17 05:08 <DIR> D c:\documents and settings\Administrator.USER 2009-01-17 02:51 . 2008-11-10 14:34 32,264 --a c:\windows\system32\drivers\epfwndis.sys 2009-01-16 15:09 . 2004-08-21 06:01 700,928 --a c:\windows\system32\sxs.dll 2009-01-16 15:09 . 2006-03-22 09:28 594,944 --a c:\windows\system32\xpsp2res.dll 2009-01-16 15:09 . 2005-08-23 11:51 111,104 --a c:\windows\system32\umpnpmgr.dll 2009-01-16 15:09 . 2006-03-02 03:44 83,456 --a c:\windows\system32\mtxoci.dll 2009-01-16 15:09 . 2004-08-21 06:01 82,432 --a c:\windows\system32\fldrclnr.dll 2009-01-16 15:09 . 2004-08-21 06:01 82,432 --a--c--- c:\windows\system32\dllcache\fldrclnr.dll 2009-01-16 15:09 . 2006-03-02 03:44 64,512 --a c:\windows\system32\mtxclu.dll 2009-01-16 15:09 . 2006-03-17 08:49 25,600 c:\windows\system32\verclsid.exe 2009-01-16 15:08 . 2006-06-27 01:47 140,288 c--- c:\windows\system32\dllcache\dnsapi.dll 2009-01-16 15:07 . 2006-05-05 17:31 433,152 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-16 15:07 . 2006-05-05 17:40 166,656 --a--c--- c:\windows\system32\dllcache\rdbss.sys 2009-01-16 15:07 . 2004-10-28 09:29 92,160 --a--c--- c:\windows\system32\dllcache\cscdll.dll 2009-01-16 15:07 . 2004-10-28 09:29 92,160 --a c:\windows\system32\cscdll.dll 2009-01-16 15:06 . 2005-03-03 02:20 53,760 --a c:\windows\system32\authz.dll 2009-01-16 14:51 . 2009-01-16 14:51 118 --a c:\windows\system32\MRT.INI 2009-01-16 14:11 . 2009-01-17 20:54 <DIR> D c:\documents and settings\All Users\Application Data\SecTaskMan 2009-01-16 04:12 . 2009-01-16 04:14 <DIR> D---s---- c:\documents and settings\Administrator 2009-01-16 00:54 . 2009-01-16 00:54 65 --a c:\windows\system32\0ce41461 2009-01-12 23:05 . 2009-01-12 23:05 54,156 --ah c:\windows\QTFont.qfn 2009-01-12 23:05 . 2009-01-12 23:05 1,409 --a c:\windows\QTFont.for . Find3M Report . 2009-01-18 21:10 d w c:\program files\uTorrent 2009-01-18 15:14 d w c:\documents and settings\End User\Application Data\uTorrent 2009-01-17 15:23 d w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-17 13:58 d w c:\program files\Soulseek 2009-01-17 13:58 d w c:\program files\eMule 2009-01-17 13:57 d w c:\program files\BitComet 2009-01-17 13:57 d w c:\program files\Azureus 2009-01-17 12:55 d w c:\program files\PConPoint 2009-01-17 12:52 d w c:\documents and settings\End User\Application Data\Sammsoft 2009-01-17 12:50 d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-17 11:22 d w c:\program files\Common Files\Wise Installation Wizard 2009-01-17 10:06 d w c:\program files\Enigma Software Group 2009-01-17 00:33 372,944 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-17 00:33 32,238,112 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-17 00:33 121,928 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-01-17 00:33 1,521,184 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-01-16 19:11 d w c:\program files\Avatar The Last Airbender 2009-01-16 19:11 d w c:\documents and settings\End User\Application Data\Avatar The Last Airbender 2009-01-16 18:46 d w c:\program files\FlashGet 2009-01-15 20:18 d w c:\documents and settings\End User\Application Data\Vidalia 2009-01-14 18:14 d w c:\program files\Warcraft III 2009-01-14 08:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 08:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-31 22:11 d w c:\documents and settings\All Users\Application Data\Avg7 2008-12-30 12:23 d w c:\documents and settings\End User\Application Data\dvdcss 2008-12-11 12:08 d w c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-04 13:50 d w c:\documents and settings\End User\Application Data\Lavasoft 2008-11-27 08:09 d w c:\program files\Spectromancer 2004-03-11 05:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe 2003-07-17 02:26 448,640 ----a-w c:\windows\inf\EL2K_N64.sys 2003-07-17 02:22 147,328 ----a-w c:\windows\inf\EL2K_XP.sys 2003-06-03 07:47 147,328 ----a-w c:\windows\inf\EL2K_2K.sys . Reg Loading Points . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2003-04-14 1491216] "ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856] "NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-05-19 1957888] "RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-09-04 135168] "Google Update"="c:\documents and settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2002-09-13 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472] "EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 40960] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 145408] "CTHelper"="CTHELPER.EXE" [2002-09-03 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2003-07-28 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2002-11-20 c:\windows\system32\narrator.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-07 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.XVID"= xvid.dll "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.3IV2"= 3ivxVfWCodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=c:\windows\pss\Privoxy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^End User^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\End User\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avatar The Last Airbender] --a 2008-06-19 13:03 3112960 c:\program files\Avatar The Last Airbender\Avatar The Last Airbender.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a 2008-02-08 18:36 227856 c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] --a 2008-11-10 14:34 1980200 c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a 2007-07-02 12:56 1990704 c:\program files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] -ra 2005-12-22 12:00 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] --a 2008-02-09 14:02 6051144 c:\program files\Pando Networks\Pando\pando.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a 2006-10-25 18:58 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] --a--c--- 2006-12-23 16:11 1003520 c:\program files\Real\RealOne Player\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] --a--c--- 2004-02-25 11:53 665088 c:\program files\Webroot\Spy Sweeper\SpySweeper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] --a--c--- 2004-08-05 17:23 218240 c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a 2004-05-29 17:53 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a 2008-05-02 12:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword: 1 R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-01-17 160792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592] S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2008-11-10 104456] S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2008-05-28 10368] S3 DTT200ULD;Pocket DTV USB2.0 firmware loader;c:\windows\system32\drivers\DTT200ULD.sys [2008-05-28 18560] S3 huadio;huadio;C:\huadio.tmp [2008-05-28 41700] S3 ROCKSTAR;ROCKSTAR;c:\documents and settings\End User\Desktop\Dspider0 v57\Dspider0 v57\ksysdrv.sys [2008-07-07 26496] S3 V-Gear;Pocket DTV USB2.0 Driver;c:\windows\system32\drivers\DTT200U.sys [2008-05-28 18432] S4 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-11-10 711240] S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> C:\program files\Spyware Doctor\pctsAuxs.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] 2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1897051121-725345543-1003.job - c:\documents and settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-02 14:26] . - - - - ORPHANS REMOVED - - - - HKLM-RunServices-Microsoft Windows Update x86 - aim.exe MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe MSConfigStartUp-ElbyCheckElbyCDFL - c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe MSConfigStartUp-eMuleAutoStart - c:\program files\eMule\emule.exe MSConfigStartUp-HP OrderReminder Cleaner - c:\windows\hporclnr.exe MSConfigStartUp-SpyHunter - c:\program files\Enigma Software Group\SpyHunter\SpyHunter.exe MSConfigStartUp-Vidalia - c:\program files\Vidalia\vidalia.exe MSConfigStartUp-Microsoft Windows Update x86 - aim.exe . Supplementary Scan . uStart Page = about:blank mStart Page = about:blank mSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=localhost:8080 uInternet Settings,ProxyOverride = windowsupdate.microsoft.com; Windowsupdate.com uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Save &Image IE: Save &Images - c:\program files\FastID\CacheViewX\SaveIMG.html IE: Save F&lash - c:\program files\FastID\CacheViewX\SaveSWF.html IE: Shorten URL - http://www.cjb.net/menuext.html IE: {{5E9FCC22-E23F-4E04-AC69-C34C76774952} - c:\program files\FastID\CacheViewX\SaveSWFB.html IE: {{9D98D9D4-C034-4787-93AF-6C341E4F8CF9} - c:\program files\FastID\CacheViewX\SaveIMGB.html IE: {{C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - c:\documents and settings\All Users\Desktop\Glophone.lnk IE: {{376BFE0B-F4C4-4117-A2EC-FB455DA81EBF} - {717CBA3F-9DEC-4F4D-85EC-6F435BFE12D9} - c:\progra~1\FastID\CACHEV~1\CACHEV~1.DLL LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll Trusted Zone: free.aol.com DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - hxxp://www.cjb.net/search.cab FF - ProfilePath - c:\documents and settings\End User\Application Data\Mozilla\Firefox\Profiles\default.9es\ FF - prefs.js: browser.startup.homepage - yahoo.com FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q= FF - plugin: c:\documents and settings\End User\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll . catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 06:16:20 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = "c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" /run T , 92 w????D@@??a?wD@@ w????x:2?P????H?w?2?w a?w?$?sx:2 \|??s D , s@@@?D????;?w @ scanning hidden files ... scan completed successfully hidden files: 0 [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\huadio] "ImagePath"="\??\c:\huadio.tmp" . DLLs Loaded Under Running Processes


	Looks good to me. How's the computer now? (IMG:style_emoticons/default/smile.gif)


	Hi, I restarted the computer in normal mode, and it didn't freeze up this time. However, Avira detected that svchost.exe was infected, and detected a couple of files that it identified as TR/Pakes.mec in the system32 folder. The log doesn't have all the files it detected because I was uninstalling some programs while it was scanning, and one of them automatically restarted the computer. I included the relevant parts below: Module is infected -> 'C:\WINDOWS\security\svchost.exe' Process 'svchost.exe' has been terminated Starting to scan the registry. C:\WINDOWS\system32\EN.EXE [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK lib. [WARNING] Error in ARK lib [NOTE] The file is scheduled for deleting after reboot. The registry was scanned ( '79' files ). Starting the file scan: Begin scan in 'C:\' C:\ARK7.tmp [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The file could not be deleted! [NOTE] Attempting to perform action using the ARK lib. [NOTE] The file was moved to '4b9a0974.qua'! C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: Wednesday, January 21, 2009 13:31 Used time: 07:02 Minute(s) Should I run any of the programs again to make sure nothing slipped by in Safe Mode? Other than that Normal Mode seems to be working now, though, thanks so much!


	It seems I spoke too soon - the computer worked for a few hours, then everything froze, and when I restarted, Avira found more: Virus or unwanted program 'TR/Dldr.Rameh.C [trojan]' detected in file 'C:\WINDOWS\Downloaded Program Files\ATPartners.inf. Action performed: Move file to quarantine Virus or unwanted program 'TR/Pakes.mec [trojan]' detected in file 'C:\WINDOWS\System32\fv.exe.exe. Action performed: Delete file Virus or unwanted program 'TR/Pakes.mec [trojan]' detected in file 'C:\WINDOWS\System32\va.exe.exe. Action performed: Delete file


	Do a full scan with your Avira and post the log here.. Delete everything that it finds.. Then run ComboFix once again.. Also post the log here..


	Avira log Avira AntiVir Personal Report file date: Wednesday, January 21, 2009 18:53 Scanning for 1242124 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: USER Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 01:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 00:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 05:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 00:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 04:29:38 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 00:15:34 ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 1/20/2009 07:33:44 ANTIVIR3.VDF : 7.1.1.156 112640 Bytes 1/21/2009 01:52:26 Engineversion : 8.2.0.57 AEVDF.DLL : 8.1.0.6 102772 Bytes 10/15/2008 03:49:38 AESCRIPT.DLL : 8.1.1.26 340347 Bytes 1/16/2009 09:24:22 AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 09:35:16 AERDL.DLL : 8.1.1.3 438645 Bytes 11/5/2008 00:43:26 AEPACK.DLL : 8.1.3.5 393588 Bytes 1/9/2009 03:36:14 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/11/2008 07:54:10 AEHEUR.DLL : 8.1.0.84 1540471 Bytes 1/16/2009 09:24:20 AEHELP.DLL : 8.1.2.0 119159 Bytes 11/18/2008 09:06:00 AEGEN.DLL : 8.1.1.10 323957 Bytes 1/16/2009 09:24:20 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/15/2008 03:49:36 AECORE.DLL : 8.1.5.2 172405 Bytes 11/28/2008 01:28:20 AEBB.DLL : 8.1.0.3 53618 Bytes 10/15/2008 03:49:34 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 01:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 02:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 05:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 04:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 01:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 05:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 10:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 05:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 05:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 06:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 06:34:37 Configuration settings for the scan: Jobname : Complete system scan Configuration file : c:\program files\avira\antivir personaledition classic\sysscan.avp Logging : low Primary action : interactive Secondary action : ignore Scan master boot sector : on Scan boot sector : on Boot sectors : C:, H:, Process scan : on Scan registry : on Search for rootkits : on Scan all files : Intelligent file selection Scan archives : off Macro heuristic : on File heuristic : medium Skipped files : C:\Documents and Settings\End User\Desktop\highres_perniciousdeed.jpg, Start of the scan: Wednesday, January 21, 2009 18:53 Starting search for hidden objects. '103284' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'apm.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'RcMan.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'E_FATI9YE.EXE' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'retrorun.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] System error [21]: The device is not ready. Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'H:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '78' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\End User\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\End User\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\End User\Desktop\jessejames.html [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus [WARNING] The file was ignored! C:\Documents and Settings\End User\Desktop\lets_go_to_ball.html [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus [WARNING] The file was ignored! C:\Documents and Settings\End User\Desktop\xavier.php_files\index.jpg [WARNING] An exception has been identified! [WARNING] In the module 'aecore.dll' an exception occured. Calling the function AVEPROC_TestFile in file: \\?\C:\Documents and Settings\End User\Desktop\xavier.php_files\index.jpg Error description:ACCESS_VIOLATION EAX = 0241E008 EBX = 00005000 ECX = EDX = 020CEBFF ESI = EDI = 020ceb58 EIP = 0171451E EBP = ESP = 020CEADC Flg = 00010246 CS = 23 SS = 1B C:\Documents and Settings\End User\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2009-01-journal [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\temp\etilqs_bjF68oMP5bOmgQD [WARNING] The file could not be opened! C:\Documents and Settings\End User\Local Settings\temp\etilqs_djx2jPPBStOEVSg [WARNING] The file could not be opened! C:\Documents and Settings\End User\My Documents\promo pics\Promo Pics\CRC\mircea2061_rly.jpg [WARNING] An exception has been identified! [WARNING] In the module 'aecore.dll' an exception occured. Calling the function AVEPROC_TestFile in file: \\?\C:\Documents and Settings\End User\My Documents\promo pics\Promo Pics\CRC\mircea2061_rly.jpg Error description:ACCESS_VIOLATION EAX = 0124A1A0 EBX = 00005000 ECX = EDX = 020CE5FF ESI = EDI = 020ce5c8 EIP = 0171451E EBP = ESP = 020CE54C Flg = 00010246 CS = 23 SS = 1B C:\Documents and Settings\LocalService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\System Volume Information\_restore{5D253A1B-D37F-4552-A5B0-80775851EBD4}\RP1\A0003692.exe [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{5D253A1B-D37F-4552-A5B0-80775851EBD4}\RP3\A0003855.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program [WARNING] The file was ignored! C:\System Volume Information\_restore{5D253A1B-D37F-4552-A5B0-80775851EBD4}\RP3\A0007145.exe [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{5D253A1B-D37F-4552-A5B0-80775851EBD4}\RP3\A0007146.exe [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{5D253A1B-D37F-4552-A5B0-80775851EBD4}\RP3\A0007147.dll [DETECTION] Is the TR/Spy.Agent.96256 Trojan [WARNING] The file was ignored! C:\WINDOWS\inf\alchem.inf [DETECTION] Is the TR/Dldr.Alchemic.B Trojan [WARNING] The file was ignored! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6LIGOO47\p[1].txt [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] The file was ignored! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IM02MDRJ\p[1].txt [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [WARNING] The file was ignored! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L2R74T3K\p[1].txt [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] The file was ignored! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WODJO8HF\p[1].txt [DETECTION] Is the TR/Pakes.mec Trojan [WARNING] The file was ignored! C:\WINDOWS\system32\drivers\fidbox.dat [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\fidbox.idx [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\fidbox2.dat [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\fidbox2.idx [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: Wednesday, January 21, 2009 20:02 Used time: 1:09:16 Hour(s) The scan has been done completely. 10424 Scanning directories 141478 Files were scanned 12 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 36 Files cannot be scanned 141430 Files not concerned 0 Archives were scanned 51 Warnings 0 Notes 103284 Objects were scanned with rootkit scan 0 Hidden objects were found ComboFix log ComboFix 09-01-19.03 - End User 2009-01-22 15:43:38.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.655 [GMT 8:00] Running from: c:\documents and settings\End User\Desktop\ComboFix.exe . Other Deletions . . Drivers/Services . \Legacy_WINHOST32SVR \Service_WinHost32Svr Files Created from 2008-12-22 to 2009-01-22 . 2009-01-21 16:00 . 2009-01-21 16:18 <DIR> D c:\program files\Trillian 2009-01-21 14:56 . 2009-01-21 15:07 <DIR> D c:\program files\Wise Disk Cleaner 2009-01-20 18:24 . 2009-01-20 18:24 <DIR> D c:\program files\PCPitstop 2009-01-20 17:01 . 2009-01-20 17:01 <DIR> D c:\program files\Avira 2009-01-20 17:01 . 2009-01-20 17:01 <DIR> D c:\documents and settings\All Users\Application Data\Avira 2009-01-20 16:48 . 2009-01-20 16:48 <DIR> D c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-20 16:47 . 2009-01-20 16:47 <DIR> D c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-20 16:47 . 2009-01-20 16:47 <DIR> D c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-20 16:47 . 2009-01-20 16:47 <DIR> D c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-01-20 16:46 . 2009-01-20 16:56 <DIR> D c:\documents and settings\End User\Application Data\HouseCall 6.6 2009-01-18 17:17 . 2009-01-20 07:01 <DIR> D c:\program files\EsetOnlineScanner 2009-01-18 14:54 . 2009-01-18 14:54 <DIR> D C:\_OTMoveIt 2009-01-17 22:11 . 2009-01-18 15:09 <DIR> D C:\rsit 2009-01-17 21:56 . 2009-01-17 22:36 250 --a c:\windows\gmer.ini 2009-01-17 21:53 . 2008-04-17 21:13 811,008 --a C:\gmer.exe 2009-01-17 21:23 . 2009-01-17 23:34 <DIR> D C:\Rooter$ 2009-01-17 21:23 . 2009-01-17 19:26 401,720 --a C:\HiJackThis.exe 2009-01-17 17:26 . 2004-02-23 01:00 1,386,496 --a c:\windows\system32\MSVBVM60.DLL 2009-01-17 17:26 . 2004-02-23 01:00 1,386,496 --a c:\windows\MSVBVM60.DLL 2009-01-17 17:24 . 2009-01-20 18:10 <DIR> D c:\program files\Spybot - Search & Destroy 2009-01-17 17:24 . 2009-01-17 17:24 <DIR> D c:\program files\Malwarebytes' Anti-Malware 2009-01-17 17:24 . 2009-01-20 18:10 <DIR> D c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-17 16:02 . 2009-01-17 20:02 <DIR> D c:\program files\Common Files\PC Tools 2009-01-17 16:02 . 2008-07-28 12:29 160,792 --a c:\windows\system32\drivers\pctfw2.sys 2009-01-17 16:01 . 2009-01-17 20:04 <DIR> D c:\program files\Spyware Doctor 2009-01-17 06:47 . 2009-01-17 06:47 <DIR> D c:\documents and settings\Administrator.USER\Application Data\vlc 2009-01-17 06:05 . 2009-01-17 06:05 <DIR> D c:\program files\ASCII 2009-01-17 06:05 . 2000-03-07 00:00 473,600 --a c:\windows\system32\Harmony.dll 2009-01-17 06:05 . 2000-03-07 00:00 237,568 --a c:\windows\system32\Unlha32.dll 2009-01-17 06:05 . 2000-07-08 15:06 87,040 --a c:\windows\UnGins.exe 2009-01-17 05:09 . 2007-12-24 17:37 138,384 --a c:\windows\system32\drivers\tmcomm.sys 2009-01-17 05:08 . 2009-01-17 06:06 <DIR> D c:\documents and settings\Administrator.USER\.housecall6.6 2009-01-17 04:47 . 2009-01-17 04:47 <DIR> D c:\documents and settings\Administrator.USER\Application Data\Malwarebytes 2009-01-17 03:27 . 2009-01-17 05:08 <DIR> D c:\documents and settings\Administrator.USER 2009-01-17 02:51 . 2008-11-10 14:34 32,264 --a c:\windows\system32\drivers\epfwndis.sys 2009-01-16 15:09 . 2004-08-21 06:01 700,928 --a c:\windows\system32\sxs.dll 2009-01-16 15:09 . 2006-03-22 09:28 594,944 --a c:\windows\system32\xpsp2res.dll 2009-01-16 15:09 . 2005-08-23 11:51 111,104 --a c:\windows\system32\umpnpmgr.dll 2009-01-16 15:09 . 2006-03-02 03:44 83,456 --a c:\windows\system32\mtxoci.dll 2009-01-16 15:09 . 2004-08-21 06:01 82,432 --a c:\windows\system32\fldrclnr.dll 2009-01-16 15:09 . 2004-08-21 06:01 82,432 --a--c--- c:\windows\system32\dllcache\fldrclnr.dll 2009-01-16 15:09 . 2006-03-02 03:44 64,512 --a c:\windows\system32\mtxclu.dll 2009-01-16 15:09 . 2006-03-17 08:49 25,600 c:\windows\system32\verclsid.exe 2009-01-16 15:08 . 2006-06-27 01:47 140,288 c--- c:\windows\system32\dllcache\dnsapi.dll 2009-01-16 15:07 . 2006-05-05 17:31 433,152 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-16 15:07 . 2006-05-05 17:40 166,656 --a--c--- c:\windows\system32\dllcache\rdbss.sys 2009-01-16 15:07 . 2004-10-28 09:29 92,160 --a--c--- c:\windows\system32\dllcache\cscdll.dll 2009-01-16 15:07 . 2004-10-28 09:29 92,160 --a c:\windows\system32\cscdll.dll 2009-01-16 15:06 . 2005-03-03 02:20 53,760 --a c:\windows\system32\authz.dll 2009-01-16 14:51 . 2009-01-16 14:51 118 --a c:\windows\system32\MRT.INI 2009-01-16 14:11 . 2009-01-17 20:54 <DIR> D c:\documents and settings\All Users\Application Data\SecTaskMan 2009-01-16 04:12 . 2009-01-16 04:14 <DIR> D---s---- c:\documents and settings\Administrator 2009-01-16 00:54 . 2009-01-16 00:54 65 --a c:\windows\system32\0ce41461 2009-01-12 23:05 . 2009-01-21 17:34 54,156 --ah c:\windows\QTFont.qfn 2009-01-12 23:05 . 2009-01-12 23:05 1,409 --a c:\windows\QTFont.for . Find3M Report . 2009-01-22 07:49 380,024 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-22 07:49 32,238,112 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-22 07:49 124,784 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-01-22 07:49 1,521,184 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-01-21 09:58 d w c:\documents and settings\End User\Application Data\uTorrent 2009-01-21 07:07 d w c:\documents and settings\All Users\Application Data\Retrospect 2009-01-21 07:07 d w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-21 07:06 d w c:\program files\WinHTTrack 2009-01-21 07:06 d w c:\program files\uTorrent 2009-01-21 07:06 d w c:\program files\StreamDown 2009-01-21 07:06 d w c:\program files\FlashGet 2009-01-21 07:06 d w c:\program files\eMule 2009-01-21 07:06 d w c:\program files\CoCSoft Stream Down 2009-01-21 07:06 d w c:\program files\AIM 2009-01-21 07:00 d w c:\program files\Refresher 2009-01-21 06:27 d w c:\program files\Yahoo! 2009-01-21 05:31 d w c:\program files\Webroot 2009-01-21 05:30 d w c:\program files\Common Files\Symantec Shared 2009-01-20 09:27 d--h--w c:\program files\Agilent-HP 2009-01-20 09:04 d w c:\program files\HP 2009-01-20 09:04 d w c:\program files\Hewlett-Packard 2009-01-20 08:59 d w c:\program files\Imatest 2009-01-20 08:58 d w c:\documents and settings\End User\Application Data\Imatest 2009-01-17 13:58 d w c:\program files\Soulseek 2009-01-17 13:57 d w c:\program files\BitComet 2009-01-17 13:57 d w c:\program files\Azureus 2009-01-17 12:55 d w c:\program files\PConPoint 2009-01-17 12:52 d w c:\documents and settings\End User\Application Data\Sammsoft 2009-01-17 12:50 d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-17 11:22 d w c:\program files\Common Files\Wise Installation Wizard 2009-01-17 10:06 d w c:\program files\Enigma Software Group 2009-01-16 19:11 d w c:\program files\Avatar The Last Airbender 2009-01-16 19:11 d w c:\documents and settings\End User\Application Data\Avatar The Last Airbender 2009-01-15 20:18 d w c:\documents and settings\End User\Application Data\Vidalia 2009-01-14 18:14 d w c:\program files\Warcraft III 2009-01-14 08:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 08:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-31 22:11 d w c:\documents and settings\All Users\Application Data\Avg7 2008-12-30 12:23 d w c:\documents and settings\End User\Application Data\dvdcss 2008-12-11 12:08 d w c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-04 13:50 d w c:\documents and settings\End User\Application Data\Lavasoft 2008-11-27 08:09 d w c:\program files\Spectromancer 2004-03-11 05:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe 2003-07-17 02:26 448,640 ----a-w c:\windows\inf\EL2K_N64.sys 2003-07-17 02:22 147,328 ----a-w c:\windows\inf\EL2K_XP.sys 2003-06-03 07:47 147,328 ----a-w c:\windows\inf\EL2K_2K.sys . snapshot@2009-01-20_ 6.17.15.87 . + 2009-01-07 03:24:08 457,432 ----a-w c:\windows\Downloaded Program Files\PCPitstop.dll + 2009-01-07 03:24:10 3,063,536 ----a-w c:\windows\Downloaded Program Files\PCPitstop3D.dll + 2008-10-16 06:09:44 92,696 w c:\windows\SoftwareDistribution\WebSetup\cdm.dll + 2008-10-16 06:12:20 561,688 w c:\windows\SoftwareDistribution\WebSetup\wuapi.dll + 2008-10-16 06:09:44 51,224 w c:\windows\SoftwareDistribution\WebSetup\wuauclt.exe + 2008-10-16 06:13:40 1,809,944 w c:\windows\SoftwareDistribution\WebSetup\wuaueng.dll + 2008-10-16 06:12:22 323,608 w c:\windows\SoftwareDistribution\WebSetup\wucltui.dll + 2008-10-16 06:08:58 34,328 w c:\windows\SoftwareDistribution\WebSetup\wups.dll + 2008-10-16 06:09:44 43,544 w c:\windows\SoftwareDistribution\WebSetup\wups2.dll - 2007-07-30 11:19:20 92,504 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 06:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2009-01-18 10:13:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-20 16:05:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-18 10:13:13 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-20 16:05:12 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2004-08-02 06:20:40 4,569 -c--a-w c:\windows\system32\dllcache\secupd.dat + 2008-05-09 04:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 09:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-10-30 02:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2007-03-01 01:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2008-10-16 06:07:48 208,744 ----a-w c:\windows\system32\muweb.dll - 2009-01-19 22:13:44 62,344 ----a-w c:\windows\system32\perfc009.dat + 2009-01-21 05:24:14 62,344 ----a-w c:\windows\system32\perfc009.dat - 2009-01-19 22:13:45 401,064 ----a-w c:\windows\system32\perfh009.dat + 2009-01-21 05:24:14 401,064 ----a-w c:\windows\system32\perfh009.dat - 2002-04-10 10:18:00 4,573 ----a-w c:\windows\system32\secupd.dat + 2004-08-02 06:20:40 4,569 w c:\windows\system32\secupd.dat + 2008-10-16 06:12:20 561,688 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll - 2007-07-30 11:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 06:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2007-07-30 11:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 06:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2007-07-30 11:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 06:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2007-07-30 11:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 06:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2007-07-30 11:18:40 33,624 ----a-w c:\windows\system32\wups.dll + 2008-10-16 06:08:58 34,328 ----a-w c:\windows\system32\wups.dll - 2007-07-30 11:19:12 43,352 ----a-w c:\windows\system32\wups2.dll + 2008-10-16 06:09:44 43,544 ----a-w c:\windows\system32\wups2.dll - 2007-07-30 11:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 06:12:24 202,776 ----a-w c:\windows\system32\wuweb.dll . -- Snapshot reset to current date -- . Reg Loading Points . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-09-04 135168] "Google Update"="c:\documents and settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-02 133104] "ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2003-04-14 1491216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2002-09-13 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263] "EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2002-08-29 145408] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2002-11-20 c:\windows\system32\narrator.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-07 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.XVID"= xvid.dll "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.3IV2"= 3ivxVfWCodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=c:\windows\pss\Privoxy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^End User^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\End User\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avatar The Last Airbender] --a 2008-06-19 13:03 3112960 c:\program files\Avatar The Last Airbender\Avatar The Last Airbender.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a 2008-02-08 18:36 227856 c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] --a 2008-11-10 14:34 1980200 c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a 2007-07-02 12:56 1990704 c:\program files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] --a 2008-02-09 14:02 6051144 c:\program files\Pando Networks\Pando\pando.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a 2006-10-25 18:58 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] --a--c--- 2006-12-23 16:11 1003520 c:\program files\Real\RealOne Player\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a 2004-05-29 17:53 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a 2008-05-02 12:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AVP"=3 (0x3) "Automatic LiveUpdate Scheduler"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword: 1 R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-01-20 22336] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-01-20 45376] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2008-11-10 104456] R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-01-17 160792] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2008-05-28 10368] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592] S3 DTT200ULD;Pocket DTV USB2.0 firmware loader;c:\windows\system32\drivers\DTT200ULD.sys [2008-05-28 18560] S3 huadio;huadio;\??\c:\huadio.tmp --> C:\huadio.tmp [?] S3 ROCKSTAR;ROCKSTAR;\??\c:\documents and settings\End User\Desktop\Dspider0 v57\Dspider0 v57\ksysdrv.sys --> C:\documents and settings\End User\Desktop\Dspider0 v57\Dspider0 v57\ksysdrv.sys [?] --- Other Services/Drivers In Memory --- Deregistered - ALG Deregistered - AntiVirScheduler Deregistered - AntiVirService Deregistered - AudioSrv Deregistered - Automatic LiveUpdate Scheduler Deregistered - BITS Deregistered - Browser Deregistered - Creative Service for CDROM Access Deregistered - CryptSvc Deregistered - Dhcp Deregistered - dmserver Deregistered - Dnscache Deregistered - ERSvc Deregistered - EventSystem Deregistered - FastUserSwitchingCompatibility Deregistered - helpsvc Deregistered - HidServ Deregistered - ImapiService Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LightScribeService Deregistered - LiveUpdate Deregistered - LmHosts Deregistered - Netman Deregistered - Nla Deregistered - NVSvc Deregistered - PolicyAgent Deregistered - ProtectedStorage Deregistered - RasMan Deregistered - RemoteRegistry Deregistered - RetroLauncher Deregistered - Retrospect Helper Deregistered - RpcSs Deregistered - SamSs Deregistered - Schedule Deregistered - seclogon Deregistered - SENS Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - SoundMAX Agent Service (default) Deregistered - Spooler Deregistered - srservice Deregistered - SSDPSRV Deregistered - stisvc Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - TermService Deregistered - Themes Deregistered - tmcomm Deregistered - TrkWks Deregistered - UMWdf Deregistered - Update Deregistered - uploadmgr Deregistered - VgaSave Deregistered - VolSnap Deregistered - W32Time Deregistered - Wanarp Deregistered - WebClient Deregistered - winmgmt Deregistered - WMDM PMSP Service Deregistered - WmdmPmSN Deregistered - WS2IFSL Deregistered - wuauserv Deregistered - WZCSVC . Contents of the 'Scheduled Tasks' folder 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] 2009-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1897051121-725345543-1003.job - c:\documents and settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-02 14:26] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-OrderReminder - c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe MSConfigStartUp-CTFMON - (no file) . Supplementary Scan . uStart Page = about:blank mStart Page = about:blank mSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=localhost:8080 uInternet Settings,ProxyOverride = windowsupdate.microsoft.com; Windowsupdate.com IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Save &Image IE: Save &Images - c:\program files\FastID\CacheViewX\SaveIMG.html IE: Save F&lash - c:\program files\FastID\CacheViewX\SaveSWF.html IE: Shorten URL - http://www.cjb.net/menuext.html IE: {{5E9FCC22-E23F-4E04-AC69-C34C76774952} - c:\program files\FastID\CacheViewX\SaveSWFB.html IE: {{9D98D9D4-C034-4787-93AF-6C341E4F8CF9} - c:\program files\FastID\CacheViewX\SaveIMGB.html IE: {{C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - c:\documents and settings\All Users\Desktop\Glophone.lnk IE: {{376BFE0B-F4C4-4117-A2EC-FB455DA81EBF} - {717CBA3F-9DEC-4F4D-85EC-6F435BFE12D9} - c:\progra~1\FastID\CACHEV~1\CACHEV~1.DLL LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll Trusted Zone: free.aol.com DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - hxxp://www.cjb.net/search.cab FF - ProfilePath - c:\documents and settings\End User\Application Data\Mozilla\Firefox\Profiles\default.9es\ FF - prefs.js: browser.startup.homepage - yahoo.com FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q= FF - plugin: c:\documents and settings\End User\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll . catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 15:51:22 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = "c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" /run T , 92 w????D@@??a?wD@@ w 92?P????H?w?2?w a?w?$?s?92 \|??s D , s@@@?D????;?w @ scanning hidden files ... scan completed successfully hidden files: 0 [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\huadio] "ImagePath"="\??\c:\huadio.tmp" . DLLs Loaded Under Running Processes - - - - - - - > 'winlogon.exe'(1980) c:\windows\System32\ODBC32.dll c:\windows\System32\msctfime.ime c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll c:\windows\System32\klogon.dll - - - - - - - > 'lsass.exe'(2036) c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll c:\windows\System32\dssenh.dll . Other Running Processes . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Retrospect\Retrospect 7.5\retrorun.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\MsPMSPSv.exe .


	Quote: 12 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted Why you don't remove what Avira found? Please show hidden files and folders Please go to VirSCAN.org FREE on-line scan serviceCopy and paste the following file path into the "Suspicious files to scan"box on the top of the page: c:\windows\system32\drivers\ehdrv.sys c:\huadio.tmp Click on the Upload button. One file for each round Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply. If VirScan.org server is too busy, please submit the file to VirusTotal instead. Post me both VirScan.org result here (IMG:style_emoticons/default/smile.gif)

Discussion Title: Vundo issues(Resolved)
Title Keywords: Vundo issues(Resolved) Atribune.org

Omgili Home

About

FAQ

Plugins

Usenet