Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help me with the Trojans Please [RESOLVED]

Started by Van4ulita , Sep 10 2008 03:34 AM

This topic is locked

#1
Van4ulita

Posted 10 September 2008 - 03:34 AM

Member

Member
41 posts

Hello, I need some help to clean my PC. Since yesterday I tried different ways and anti-virus and anti-spy products but some of the viruses (I guess that's what they are) keep coming back infecting again. Most of the things I removed were Trojans. Now my Avira detects the file svchost.exe with the TR/ATRAPS.Gen all the time and the same TR/ATRAPS.Gen in other files. The thing is it can't be removed or guarantined. I'm not really good at this so I need your help. I also have SuperAntiSpyware. So if I have to run some scan and post you the result please tell me.
Another thing just detected was TR/Delf.AXFB

Edited by Van4ulita, 10 September 2008 - 03:49 AM.

#2
Mike

Posted 10 September 2008 - 04:10 AM

Malware Monger

Retired Staff
2,745 posts

Hi there

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

#3
Van4ulita

Posted 10 September 2008 - 04:15 AM

Member

Topic Starter
Member
41 posts

OK I'll do it. Thank you

#4
Van4ulita

Posted 10 September 2008 - 04:34 AM

Member

Topic Starter
Member
41 posts

Logfile of random's system information tool (written by random/random)
Run by niko at 2008-09-10 13:31:21
Microsoft Windows XP Home Edition Service Pack 2
System drive D: has 6 GB (29%) free of 20 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31, on 10-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Documents and Settings\All Users\Application Data\evupivgz\qtifwngz.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\ATKKBService.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\Winamp\winampa.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Documents and Settings\niko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\hasplms.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\StkASv2K.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Vivotek\ST3402\Launcher_VV.exe
D:\Program Files\Avant Browser\avant.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\niko\Desktop\RSIT.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\trend micro\niko.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [ISS_SIP] D:\Program Files\Anti Keylogger Elite\AKE.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\niko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MntUiMon] D:\WINDOWS\system32\mnilyjoz.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uiinfo] D:\WINDOWS\system32\qdizelqz.exe
O4 - HKLM\..\Policies\Explorer\Run: [sbpWv44QhH] D:\Documents and Settings\All Users\Application Data\evupivgz\qtifwngz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://87.121.9.9/AV718.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://84.54.137.17/...hecker_6110.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://webcam.varna.bg:8080/VatDec.cab
O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://dvrlink.net/w....2_29.0.0.0.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {3EF806D2-55C8-4D04-B3DA-D2A7C170CCF2} (CMSLite Control) - http://dvrlink.net/w...dvr3.7.29MU.cab
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://169.254.43.91...RtspVaPgDec.cab
O16 - DPF: {4D7762BF-22E4-4362-A7BB-CD0E60C24705} (ExClient_v100_ax Control) - http://192.168.1.100...ent_v200_ax.cab
O16 - DPF: {673204A0-F8B3-4090-8506-80658C5D02C6} (WebVideoCtrl Class) - http://83.228.42.143/nwcv3setup.exe
O16 - DPF: {7451D317-862C-45DA-8C28-1B21ADF95877} (Hybrid WebView) - http://212.36.12.12:82/WebViewS.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8D7AFAB7-42D6-4671-A53E-CD355673F026} (SonySncMView Control) - http://83.148.89.188/SonySncMView.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://89.215.230.14...SncRz25View.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://online.bulbank.bg/capicom.cab
O16 - DPF: {B31D1F00-2A0D-4B9C-911B-6239E2ED2A2B} (ATLWebSurv Class) - http://85.187.225.16...LWebSurvCOM.CAB
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://84.54.137.17/...adFile_6110.cab
O16 - DPF: {DCBF889B-422B-4AA0-9914-D5045A103758} (WebRPB Control) - http://212.36.12.12:82/WebRPB.cab
O16 - DPF: {DED4846F-31AF-4185-870A-19BE187A3B8F} (WebFormX Control) - http://91.148.187.15...urveillance.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - D:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - D:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - D:\Program Files\Vivotek\ST3402\Launcher_VV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14663 bytes

Scheduled tasks folder

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\At1.job
D:\WINDOWS\tasks\At10.job
D:\WINDOWS\tasks\At11.job
D:\WINDOWS\tasks\At12.job
D:\WINDOWS\tasks\At13.job
D:\WINDOWS\tasks\At14.job
D:\WINDOWS\tasks\At15.job
D:\WINDOWS\tasks\At16.job
D:\WINDOWS\tasks\At17.job
D:\WINDOWS\tasks\At18.job
D:\WINDOWS\tasks\At19.job
D:\WINDOWS\tasks\At2.job
D:\WINDOWS\tasks\At20.job
D:\WINDOWS\tasks\At21.job
D:\WINDOWS\tasks\At22.job
D:\WINDOWS\tasks\At23.job
D:\WINDOWS\tasks\At24.job
D:\WINDOWS\tasks\At3.job
D:\WINDOWS\tasks\At4.job
D:\WINDOWS\tasks\At5.job
D:\WINDOWS\tasks\At6.job
D:\WINDOWS\tasks\At7.job
D:\WINDOWS\tasks\At8.job
D:\WINDOWS\tasks\At9.job
D:\WINDOWS\tasks\GoogleUpdateTaskUser.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - D:\Program Files\FlashGet\jccatch.dll [2007-06-11 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-06 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - d:\program files\google\googletoolbar1.dll [2007-10-29 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-04 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-09-09 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - D:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar1.dll [2007-10-29 2403392]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-09-09 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2006-06-21 577536]
"AVG7_CC"=D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-04-18 579584]
"AVG7_EMC"=D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-21 406528]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-06 185896]
"CanonSolutionMenu"=D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=D:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"IP surveillance"= []
"UVS10 Preload"=D:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [2006-08-09 36864]
"ISS_SIP"=D:\Program Files\Anti Keylogger Elite\AKE.exe []
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"sbpWv44QhH"=D:\Documents and Settings\All Users\Application Data\evupivgz\qtifwngz.exe [2008-09-09 65536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-05 68856]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"ICQ"=D:\Program Files\ICQ6\ICQ.exe [2008-08-24 173304]
"Google Update"=D:\Documents and Settings\niko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]
"MntUiMon"=D:\WINDOWS\system32\mnilyjoz.exe []
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"uiinfo"=D:\WINDOWS\system32\qdizelqz.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-04-18 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
D:\Program Files\FlashGet\FlashGet.exe [2007-06-19 1986608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
D:\Program Files\GameFace Messenger\GameFace.exe [2005-08-11 1916928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
D:\PROGRA~1\ZYDAST~1\ZYDAS_~1.11G\ZDWlan.exe [2006-09-01 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
.security

D:\Documents and Settings\niko\Start Menu\Programs\Startup
.security

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\GameFace Messenger\GameFace.exe"="D:\Program Files\GameFace Messenger\GameFace.exe:*:Enabled:IM"
"D:\Program Files\FlashGet\flashget.exe"="D:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\DVR\Encode.exe"="C:\DVR\Encode.exe:*:Enabled:Digital Video Recoder Software"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\Internet Explorer\IEXPLORE.EXE"="D:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Dual codec internet relative software\cms\EventLogger.exe"="D:\Program Files\Dual codec internet relative software\cms\EventLogger.exe:*:Enabled:Event Logger"
"D:\Program Files\ZKSoftware\zkemnetman\zkemnetman.exe"="D:\Program Files\ZKSoftware\zkemnetman\zkemnetman.exe:*:Enabled:zkemnetman"
"D:\Program Files\Att2007\att.exe"="D:\Program Files\Att2007\att.exe:*:Enabled:att"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\WINDOWS\system32\ftp.exe"="D:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program"
"D:\WINDOWS\system32\sessmgr.exe"="D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program Files\SmartFTP Client\SmartFTP.exe"="D:\Program Files\SmartFTP Client\SmartFTP.exe:*:Disabled:SmartFTP Client 2.5"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad3a7dcb-6de1-11dd-b780-00155872bb85}]
shell\AutoRun\command - F:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff2ac11a-929d-11dc-b67e-00155872bb85}]
shell\1\command - F:\RECYCLER\RECYCLER\autorun.exe
shell\2\command - F:\RECYCLER\RECYCLER\autorun.exe
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\RECYCLER\autorun.exe

List of files/folders created in the last three months

2008-09-10 13:31:21 ----D---- D:\rsit
2008-09-10 13:31:21 ----D---- D:\Program Files\trend micro
2008-09-10 13:25:30 ----D---- D:\WINDOWS\system32\rcc
2008-09-10 11:46:55 ----D---- D:\Program Files\Sophos
2008-09-09 18:42:02 ----D---- D:\WINDOWS\system32\svvvfdr
2008-09-09 18:38:31 ----D---- D:\Program Files\ZoneAlarmSB
2008-09-09 18:36:53 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-09 18:36:34 ----A---- D:\WINDOWS\zllsputility.exe
2008-09-09 18:36:34 ----A---- D:\WINDOWS\system32\SpOrder.dll
2008-09-09 18:36:04 ----A---- D:\WINDOWS\system32\vsregexp.dll
2008-09-09 18:36:04 ----A---- D:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-09 18:36:01 ----A---- D:\WINDOWS\system32\zlcommdb.dll
2008-09-09 18:36:01 ----A---- D:\WINDOWS\system32\zlcomm.dll
2008-09-09 18:35:56 ----A---- D:\WINDOWS\system32\vswmi.dll
2008-09-09 18:35:55 ----A---- D:\WINDOWS\system32\zpeng24.dll
2008-09-09 18:35:55 ----A---- D:\WINDOWS\system32\vsxml.dll
2008-09-09 18:35:54 ----D---- D:\WINDOWS\system32\ZoneLabs
2008-09-09 18:35:54 ----D---- D:\Program Files\Zone Labs
2008-09-09 18:35:54 ----A---- D:\WINDOWS\system32\vspubapi.dll
2008-09-09 18:35:54 ----A---- D:\WINDOWS\system32\vsmonapi.dll
2008-09-09 18:35:10 ----D---- D:\WINDOWS\Internet Logs
2008-09-09 18:35:10 ----A---- D:\WINDOWS\system32\vsutil.dll
2008-09-09 18:35:10 ----A---- D:\WINDOWS\system32\vsinit.dll
2008-09-09 18:35:10 ----A---- D:\WINDOWS\system32\vsdata.dll
2008-09-09 18:03:18 ----D---- D:\Program Files\Spybot - Search & Destroy
2008-09-09 18:03:18 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 16:09:01 ----D---- D:\Program Files\Avira
2008-09-09 16:09:01 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-09-09 15:53:36 ----D---- D:\WINDOWS\system32\kfosv
2008-09-09 13:33:44 ----D---- D:\WINDOWS\system32\kbst
2008-09-09 12:20:09 ----A---- D:\WINDOWS\ntbtlog.txt
2008-09-09 11:50:15 ----D---- D:\WINDOWS\system32\hwvbtolh
2008-09-09 11:39:39 ----D---- D:\Documents and Settings\All Users\Application Data\evupivgz
2008-09-09 11:05:02 ----D---- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-09 11:04:50 ----D---- D:\Program Files\SUPERAntiSpyware
2008-09-09 11:04:50 ----D---- D:\Documents and Settings\niko\Application Data\SUPERAntiSpyware.com
2008-09-09 11:04:00 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 10:52:12 ----D---- D:\WINDOWS\system32\xra
2008-09-09 10:41:15 ----D---- D:\Documents and Settings\niko\Application Data\Malwarebytes
2008-09-09 10:41:11 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-09 07:58:05 ----D---- D:\WINDOWS\system32\ncjgdocb
2008-09-08 08:29:31 ----D---- D:\WINDOWS\system32\ophcw
2008-09-08 08:10:24 ----D---- D:\WINDOWS\system32\ypjb
2008-09-07 16:54:55 ----D---- D:\WINDOWS\system32\dygiaoj
2008-09-06 11:53:36 ----D---- D:\WINDOWS\system32\xhx
2008-09-06 10:42:12 ----D---- D:\WINDOWS\system32\smjnwf
2008-09-05 08:20:41 ----D---- D:\WINDOWS\system32\jygu
2008-09-04 17:28:26 ----D---- D:\WINDOWS\system32\whsi
2008-09-04 12:07:15 ----D---- D:\WINDOWS\system32\dzaf
2008-09-04 08:06:42 ----D---- D:\WINDOWS\system32\dhgl
2008-09-03 07:58:22 ----D---- D:\WINDOWS\system32\aof
2008-09-02 13:54:06 ----D---- D:\WINDOWS\system32\nwpt
2008-09-01 12:14:24 ----D---- D:\WINDOWS\system32\msaylt
2008-09-01 07:56:52 ----D---- D:\WINDOWS\system32\wup
2008-08-31 18:23:53 ----D---- D:\WINDOWS\system32\fen
2008-08-27 08:02:21 ----D---- D:\WINDOWS\system32\lbia
2008-08-26 08:01:22 ----D---- D:\WINDOWS\system32\wohrshiw
2008-08-25 07:55:58 ----D---- D:\WINDOWS\system32\wzhsep
2008-08-23 10:32:01 ----D---- D:\WINDOWS\system32\iqlkfm
2008-08-22 18:30:24 ----D---- D:\Program Files\ChairGun2
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\msvbvm60.dll
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\MSSTDFMT.DLL
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\MSBIND.DLL
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\dao360.dll
2008-08-22 18:24:38 ----D---- D:\WINDOWS\system32\rstwdxb
2008-08-22 09:26:15 ----D---- D:\WINDOWS\system32\vsxbq
2008-08-21 09:42:14 ----D---- D:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-20 12:12:10 ----D---- D:\Documents and Settings\niko\Application Data\Gamelab
2008-08-19 11:52:53 ----D---- D:\Documents and Settings\niko\Application Data\Flood Light Games
2008-08-19 11:52:53 ----D---- D:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-08-13 18:50:23 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$
2008-08-13 18:50:19 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$
2008-08-13 18:50:15 ----HDC---- D:\WINDOWS\$NtUninstallKB953839$
2008-08-13 18:50:11 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$
2008-08-13 18:49:08 ----HDC---- D:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 18:49:03 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$
2008-08-13 18:48:38 ----HDC---- D:\WINDOWS\$NtUninstallKB951066$
2008-08-13 09:17:23 ----A---- D:\WINDOWS\system32\ZDPN50.DLL
2008-08-13 09:17:22 ----D---- D:\Program Files\ZyDAS Technology Corporation
2008-08-13 09:17:22 ----A---- D:\WINDOWS\system32\ZyDelReg.exe
2008-08-13 09:17:22 ----A---- D:\WINDOWS\system32\InsDrvZD64.DLL
2008-08-13 09:17:22 ----A---- D:\WINDOWS\system32\InsDrvZD.dll
2008-08-07 12:11:01 ----HDC---- D:\WINDOWS\$NtUninstallWdf01005$
2008-08-05 16:11:33 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2008-08-05 16:11:33 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2008-08-05 16:11:33 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2008-08-05 16:11:32 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2008-08-05 16:11:32 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2008-08-05 16:11:32 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2008-08-05 16:11:31 ----A---- D:\WINDOWS\system32\XAudio2_0.dll
2008-08-05 16:11:31 ----A---- D:\WINDOWS\system32\xactengine3_0.dll
2008-08-05 16:11:31 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2008-08-05 16:11:30 ----A---- D:\WINDOWS\system32\X3DAudio1_3.dll
2008-08-05 16:11:30 ----A---- D:\WINDOWS\system32\d3dx10_37.dll
2008-08-05 16:11:30 ----A---- D:\WINDOWS\system32\D3DCompiler_37.dll
2008-08-05 16:11:29 ----A---- D:\WINDOWS\system32\xactengine2_10.dll
2008-08-05 16:11:29 ----A---- D:\WINDOWS\system32\D3DX9_37.dll
2008-08-05 16:11:28 ----A---- D:\WINDOWS\system32\d3dx9_36.dll
2008-08-05 16:11:28 ----A---- D:\WINDOWS\system32\d3dx10_36.dll
2008-08-05 16:11:28 ----A---- D:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-05 16:11:27 ----A---- D:\WINDOWS\system32\xactengine2_9.dll
2008-08-05 16:11:27 ----A---- D:\WINDOWS\system32\d3dx10_35.dll
2008-08-05 16:11:27 ----A---- D:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-05 16:11:26 ----A---- D:\WINDOWS\system32\xactengine2_8.dll
2008-08-05 16:11:26 ----A---- D:\WINDOWS\system32\X3DAudio1_2.dll
2008-08-05 16:11:26 ----A---- D:\WINDOWS\system32\d3dx9_35.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\xinput1_3.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\d3dx9_34.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\d3dx10_34.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\D3DCompiler_34.dll
2008-08-05 16:11:24 ----A---- D:\WINDOWS\system32\xactengine2_7.dll
2008-08-05 16:11:24 ----A---- D:\WINDOWS\system32\d3dx10_33.dll
2008-08-05 16:11:24 ----A---- D:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-05 16:11:23 ----A---- D:\WINDOWS\system32\d3dx9_33.dll
2008-08-05 16:11:22 ----A---- D:\WINDOWS\system32\xactengine2_6.dll
2008-08-05 16:11:22 ----A---- D:\WINDOWS\system32\xactengine2_5.dll
2008-08-05 16:11:22 ----A---- D:\WINDOWS\system32\d3dx9_32.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\xinput1_2.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\xactengine2_4.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\xactengine2_3.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\x3daudio1_1.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\d3dx9_31.dll
2008-08-05 16:11:20 ----A---- D:\WINDOWS\system32\xinput1_1.dll
2008-08-05 16:11:20 ----A---- D:\WINDOWS\system32\xactengine2_2.dll
2008-08-05 16:11:20 ----A---- D:\WINDOWS\system32\xactengine2_1.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\xactengine2_0.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\x3daudio1_0.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\d3dx9_30.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\d3dx9_29.dll
2008-08-05 16:11:16 ----A---- D:\WINDOWS\system32\xinput9_1_0.dll
2008-08-05 16:11:16 ----A---- D:\WINDOWS\system32\d3dx9_28.dll
2008-08-05 16:11:16 ----A---- D:\WINDOWS\system32\d3dx9_27.dll
2008-08-05 16:11:15 ----A---- D:\WINDOWS\system32\d3dx9_26.dll
2008-08-05 16:11:15 ----A---- D:\WINDOWS\system32\d3dx9_25.dll
2008-08-05 16:11:14 ----A---- D:\WINDOWS\system32\d3dx9_24.dll
2008-08-05 16:09:40 ----D---- D:\WINDOWS\Logs
2008-08-04 14:54:35 ----D---- D:\Documents and Settings\All Users\Application Data\eGames
2008-08-04 14:54:00 ----D---- D:\Documents and Settings\niko\Application Data\eGames
2008-08-04 14:53:58 ----SHD---- D:\WINDOWS\ftpcache
2008-08-04 14:52:14 ----D---- D:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-04 11:03:26 ----D---- D:\WINDOWS\system32\Adobe
2008-07-29 14:25:19 ----D---- D:\Documents and Settings\All Users\Application Data\FunGames
2008-07-28 10:37:03 ----D---- D:\Documents and Settings\niko\Application Data\Cashfiesta
2008-07-22 06:25:32 ----D---- D:\WINDOWS\Minidump
2008-07-21 15:45:34 ----A---- D:\WINDOWS\avisplitter.INI
2008-07-17 08:11:52 ----D---- D:\Program Files\Common Files\Aladdin Shared
2008-07-17 08:11:50 ----A---- D:\WINDOWS\system32\hasplms.exe
2008-07-17 08:11:50 ----A---- D:\WINDOWS\system32\aksllmtp.exe
2008-07-17 08:11:15 ----A---- D:\WINDOWS\IFinst27.exe
2008-07-16 18:21:18 ----D---- D:\Documents and Settings\niko\Application Data\FileZilla
2008-07-16 18:20:55 ----D---- D:\Program Files\FileZilla FTP Client
2008-07-14 13:53:21 ----D---- D:\WINDOWS\Sun
2008-07-14 13:53:21 ----D---- D:\Documents and Settings\niko\Application Data\Sun
2008-07-14 13:52:58 ----A---- D:\WINDOWS\system32\javaws.exe
2008-07-14 13:52:58 ----A---- D:\WINDOWS\system32\javaw.exe
2008-07-14 13:52:58 ----A---- D:\WINDOWS\system32\java.exe
2008-07-14 13:44:57 ----D---- D:\Program Files\Java
2008-07-14 13:37:05 ----D---- D:\Program Files\Common Files\Java
2008-07-09 08:05:19 ----HDC---- D:\WINDOWS\$NtUninstallKB951748$
2008-07-09 08:03:29 ----D---- D:\Documents and Settings\niko\Application Data\skypePM
2008-07-09 08:03:01 ----D---- D:\Program Files\Common Files\Skype
2008-07-07 16:37:35 ----D---- D:\Program Files\Winamp Remote
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\vxblock.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxwave.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxsfs.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxmas.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxinsa64.exe
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxhpinst.exe
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxdrv.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxcpya64.exe
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxafs.dll
2008-07-07 16:36:28 ----N---- D:\WINDOWS\system32\px.dll
2008-07-07 16:36:26 ----D---- D:\Program Files\Winamp
2008-07-07 16:36:26 ----D---- D:\Documents and Settings\niko\Application Data\Winamp
2008-07-02 10:39:31 ----D---- D:\Documents and Settings\All Users\Application Data\TVU Networks
2008-06-20 17:02:24 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-18 10:05:08 ----D---- D:\Documents and Settings\niko\Application Data\Media Player Classic
2008-06-18 10:01:26 ----A---- D:\WINDOWS\system32\yv12vfw.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\xvidvfw.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\xvidcore.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\qt-dx331.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\dpl100.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\divx.dll
2008-06-18 10:01:24 ----A---- D:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-18 10:01:24 ----A---- D:\WINDOWS\system32\ff_vfw.dll
2008-06-18 10:01:22 ----D---- D:\Program Files\K-Lite Codec Pack
2008-06-17 15:27:25 ----A---- D:\WINDOWS\PCViewer_D6.INI
2008-06-17 15:21:04 ----D---- D:\Program Files\PC Viewr D6 Series
2008-06-16 15:12:42 ----D---- D:\Program Files\The KMPlayer
2008-06-11 20:01:19 ----HDC---- D:\WINDOWS\$NtUninstallKB951698$
2008-06-11 20:01:14 ----HDC---- D:\WINDOWS\$NtUninstallKB950762$
2008-06-11 20:01:10 ----HDC---- D:\WINDOWS\$NtUninstallKB950760$
2008-06-11 20:01:03 ----HDC---- D:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 asuskbnt;Enhanced Display Driver Helper Service; D:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 Avg7Core;AVG7 Kernel; D:\WINDOWS\system32\System32\Drivers\avg7core.sys []
R1 Avg7RsW;AVG7 Wrap Driver; D:\WINDOWS\system32\System32\Drivers\avg7rsw.sys []
R1 Avg7RsXP;AVG7 Rezident Driver; D:\WINDOWS\system32\System32\Drivers\avg7rsxp.sys []
R1 AvgClean;AVG Clean Driver; D:\WINDOWS\system32\system32\drivers\avgclean.sys []
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 KLIF;KLIF; D:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; D:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 aksfridge;aksfridge; \??\D:\WINDOWS\system32\drivers\aksfridge.sys []
R2 AvgTdi;AVG Network Redirector; \??\D:\WINDOWS\System32\Drivers\avgtdi.sys []
R2 EIO;EIO; \??\D:\WINDOWS\system32\drivers\EIO.sys []
R2 Hardlock;Hardlock; \??\D:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;IrDA Protocol; D:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-06-27 3972672]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
R3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-28 81920]
R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Video3D;ASUS Video3D Service; D:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
S2 AKEProtect;AKEProtect; \??\D:\Program Files\Anti Keylogger Elite\AKEProtect.sys []
S3 atidgllk;atidgllk; \??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); D:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); D:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); D:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); D:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); D:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); D:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM); D:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 61600]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StkAMini;Syntek STK1160; D:\WINDOWS\System32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image; D:\WINDOWS\System32\Drivers\StkScan.sys [2006-06-27 4772]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbser;Nokia USB Serial Port; D:\WINDOWS\system32\DRIVERS\usbser.sys [2007-01-26 25600]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); D:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; D:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
R2 ATKKeyboardService;ATK Keyboard Service; D:\WINDOWS\ATKKBService.exe [2006-04-10 241664]
R2 Avg7Alrt;AVG7 Alert Manager Server; D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-31 418816]
R2 Avg7UpdSvc;AVG7 Update Service; D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-10-29 49664]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-02-23 65536]
R2 hasplms;HASP License Manager; D:\WINDOWS\system32\hasplms.exe [2008-03-19 2558464]
R2 Irmon;Infrared Monitor; D:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R2 LexBceS;LexBce Server; D:\WINDOWS\system32\LEXBCES.EXE [2002-08-15 299008]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-07-20 61440]
R2 StkASSrv;Syntek STK1160 Service; D:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576]
R2 UleadBurningHelper;Ulead Burning Helper; D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher; D:\Program Files\Vivotek\ST3402\Launcher_VV.exe [2007-04-19 430080]
R2 vsmon;TrueVector Internet Monitor; D:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-02-23 1515599]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-29 138168]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin�

#5
Van4ulita

Posted 10 September 2008 - 07:29 AM

Member

Topic Starter
Member
41 posts

as you can see my OS is on drive D. It's a big mess that PC. that svchost.exe file keeps working and popping on my antivir, if I try to terminate the action it restarts the PC. I stopped it popping by deleting the folders it makes itself at the system32 folder. it disappears and after restart starts making them again.

#6
Mike

Posted 10 September 2008 - 11:25 AM

Malware Monger

Retired Staff
2,745 posts

Hi there,

svchost.exe is a legitimate file, please leave it alone.

What is your F:\ drive? You can check by going to Start > My computer and finding the icon titled F:\ Drive.
If you have any usb devices please tell me.

You have both Avira AntiVir! and AVG installed on your PC, this only causes your pcs performance to suffer.
Please uninstall one of them (preferably AVG) through add or remove programs.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Then,

Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present):

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [MntUiMon] D:\WINDOWS\system32\mnilyjoz.exe
O4 - HKCU\..\Run: [uiinfo] D:\WINDOWS\system32\qdizelqz.exe
O4 - HKLM\..\Policies\Explorer\Run: [sbpWv44QhH] D:\Documents and Settings\All Users\Application Data\evupivgz\qtifwngz.exe
O4 - Startup: .security
O4 - Global Startup: .security
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://87.121.9.9/AV718.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://84.54.137.17/...hecker_6110.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://webcam.varna.bg:8080/VatDec.cab
O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://dvrlink.net/w....2_29.0.0.0.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {3EF806D2-55C8-4D04-B3DA-D2A7C170CCF2} (CMSLite Control) - http://dvrlink.net/w...dvr3.7.29MU.cab
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://169.254.43.91...RtspVaPgDec.cab
O16 - DPF: {4D7762BF-22E4-4362-A7BB-CD0E60C24705} (ExClient_v100_ax Control) - http://192.168.1.100...ent_v200_ax.cab
O16 - DPF: {673204A0-F8B3-4090-8506-80658C5D02C6} (WebVideoCtrl Class) - http://83.228.42.143/nwcv3setup.exe
O16 - DPF: {7451D317-862C-45DA-8C28-1B21ADF95877} (Hybrid WebView) - http://212.36.12.12:82/WebViewS.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8D7AFAB7-42D6-4671-A53E-CD355673F026} (SonySncMView Control) - http://83.148.89.188/SonySncMView.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://89.215.230.14...SncRz25View.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://online.bulbank.bg/capicom.cab
O16 - DPF: {B31D1F00-2A0D-4B9C-911B-6239E2ED2A2B} (ATLWebSurv Class) - http://85.187.225.16...LWebSurvCOM.CAB
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://84.54.137.17/...adFile_6110.cab
O16 - DPF: {DCBF889B-422B-4AA0-9914-D5045A103758} (WebRPB Control) - http://212.36.12.12:82/WebRPB.cab
O16 - DPF: {DED4846F-31AF-4185-870A-19BE187A3B8F} (WebFormX Control) - http://91.148.187.15...urveillance.cab
Now please close all open windows except HJT and press "Fix checked".

And,

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
D:\WINDOWS\tasks\At?.job
D:\WINDOWS\tasks\At??.job
D:\WINDOWS\system32\mnilyjoz.exe
D:\WINDOWS\system32\qdizelqz.exe
D:\WINDOWS\system32\rcc
D:\WINDOWS\system32\svvvfdr
D:\WINDOWS\system32\kfosv
D:\WINDOWS\system32\kbst
D:\WINDOWS\system32\hwvbtolh
D:\Documents and Settings\All Users\Application Data\evupivgz
D:\WINDOWS\system32\xra
D:\WINDOWS\system32\ncjgdocb
D:\WINDOWS\system32\ophcw
D:\WINDOWS\system32\ypjb
D:\WINDOWS\system32\dygiaoj
D:\WINDOWS\system32\xhx
D:\WINDOWS\system32\smjnwf
D:\WINDOWS\system32\jygu
D:\WINDOWS\system32\whsi
D:\WINDOWS\system32\dzaf
D:\WINDOWS\system32\dhgl
D:\WINDOWS\system32\aof
D:\WINDOWS\system32\nwpt
D:\WINDOWS\system32\msaylt
D:\WINDOWS\system32\wup
D:\WINDOWS\system32\fen
D:\WINDOWS\system32\lbia
D:\WINDOWS\system32\wohrshiw
D:\WINDOWS\system32\wzhsep
D:\WINDOWS\system32\iqlkfm
D:\WINDOWS\system32\rstwdxb
D:\WINDOWS\system32\vsxbq
D:\WINDOWS\IFinst27.exe
F:\RECYCLER\RECYCLER\autorun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad3a7dcb-6de1-11dd-b780-00155872bb85}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff2ac11a-929d-11dc-b67e-00155872bb85}
emptytemp
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re-run RSIT and post back with the log it produces.

If the logs are too long, please post them over multiple replies.

Edited by Mike, 10 September 2008 - 11:26 AM.

#7
Van4ulita

Posted 11 September 2008 - 02:59 AM

Member

Topic Starter
Member
41 posts

Hey, I just did all you advised me.

First about the svchost.exe file - Avira detects it all the time together with another file. Here is one of the logs, but it happens all the time.
11.9.2008 г.,11:40:59 [WARNING] Is the TR/ATRAPS.Gen Trojan!
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AN36RDVF\myieCAR6DJPN.exe
[INFO] No right to access the file.
11.9.2008 г.,11:41:31 [WARNING] Is the TR/ATRAPS.Gen Trojan!
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HX6NA8CD\myieCA9O3JW9.exe
[INFO] The file will be copied to quarantine.
[INFO] The file will be deleted.
11.9.2008 г.,11:41:30 [WARNING] Is the TR/ATRAPS.Gen Trojan!
D:\WINDOWS\system32\tsm\svchost.exe
[INFO] The file will be copied to quarantine.
[INFO] The file will be deleted.
11.9.2008 г.,11:42:06 [WARNING] Is the TR/ATRAPS.Gen Trojan!
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AN36RDVF\myieCAW6TZAT.exe
[INFO] The file will be copied to quarantine.
[INFO] The file will be deleted.
11.9.2008 г.,11:42:05 [WARNING] Is the TR/ATRAPS.Gen Trojan!
D:\WINDOWS\system32\tsm\svchost.exe
[INFO] The file will be copied to quarantine.
[INFO] The file will be deleted.

About the F:/ drive - we use it for USB Removable Disks

I did the other things too - there is the log from OTMove IT2

Explorer killed successfully
< D:\WINDOWS\tasks\At?.job >
D:\WINDOWS\tasks\At1.job moved successfully.
D:\WINDOWS\tasks\At2.job moved successfully.
D:\WINDOWS\tasks\At3.job moved successfully.
D:\WINDOWS\tasks\At4.job moved successfully.
D:\WINDOWS\tasks\At5.job moved successfully.
D:\WINDOWS\tasks\At6.job moved successfully.
D:\WINDOWS\tasks\At7.job moved successfully.
D:\WINDOWS\tasks\At8.job moved successfully.
D:\WINDOWS\tasks\At9.job moved successfully.
< D:\WINDOWS\tasks\At??.job >
D:\WINDOWS\tasks\At10.job moved successfully.
D:\WINDOWS\tasks\At11.job moved successfully.
D:\WINDOWS\tasks\At12.job moved successfully.
D:\WINDOWS\tasks\At13.job moved successfully.
D:\WINDOWS\tasks\At14.job moved successfully.
D:\WINDOWS\tasks\At15.job moved successfully.
D:\WINDOWS\tasks\At16.job moved successfully.
D:\WINDOWS\tasks\At17.job moved successfully.
D:\WINDOWS\tasks\At18.job moved successfully.
D:\WINDOWS\tasks\At19.job moved successfully.
D:\WINDOWS\tasks\At20.job moved successfully.
D:\WINDOWS\tasks\At21.job moved successfully.
D:\WINDOWS\tasks\At22.job moved successfully.
D:\WINDOWS\tasks\At23.job moved successfully.
D:\WINDOWS\tasks\At24.job moved successfully.
File/Folder D:\WINDOWS\system32\mnilyjoz.exe not found.
File/Folder D:\WINDOWS\system32\qdizelqz.exe not found.
D:\WINDOWS\system32\rcc moved successfully.
D:\WINDOWS\system32\svvvfdr moved successfully.
D:\WINDOWS\system32\kfosv moved successfully.
D:\WINDOWS\system32\kbst moved successfully.
D:\WINDOWS\system32\hwvbtolh moved successfully.
D:\Documents and Settings\All Users\Application Data\evupivgz moved successfully.
D:\WINDOWS\system32\xra moved successfully.
D:\WINDOWS\system32\ncjgdocb moved successfully.
D:\WINDOWS\system32\ophcw moved successfully.
D:\WINDOWS\system32\ypjb moved successfully.
D:\WINDOWS\system32\dygiaoj moved successfully.
D:\WINDOWS\system32\xhx moved successfully.
D:\WINDOWS\system32\smjnwf moved successfully.
D:\WINDOWS\system32\jygu moved successfully.
D:\WINDOWS\system32\whsi moved successfully.
D:\WINDOWS\system32\dzaf moved successfully.
D:\WINDOWS\system32\dhgl moved successfully.
D:\WINDOWS\system32\aof moved successfully.
D:\WINDOWS\system32\nwpt moved successfully.
D:\WINDOWS\system32\msaylt moved successfully.
D:\WINDOWS\system32\wup moved successfully.
D:\WINDOWS\system32\fen moved successfully.
D:\WINDOWS\system32\lbia moved successfully.
D:\WINDOWS\system32\wohrshiw moved successfully.
D:\WINDOWS\system32\wzhsep moved successfully.
D:\WINDOWS\system32\iqlkfm moved successfully.
D:\WINDOWS\system32\rstwdxb moved successfully.
D:\WINDOWS\system32\vsxbq moved successfully.
D:\WINDOWS\IFinst27.exe moved successfully.
File/Folder F:\RECYCLER\RECYCLER\autorun.exe not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad3a7dcb-6de1-11dd-b780-00155872bb85} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad3a7dcb-6de1-11dd-b780-00155872bb85}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff2ac11a-929d-11dc-b67e-00155872bb85} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff2ac11a-929d-11dc-b67e-00155872bb85}\\ deleted successfully.
< emptytemp >
File delete failed. D:\DOCUME~1\niko\LOCALS~1\Temp\etilqs_UudtyZvRWG6VhS17boMK scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\niko\LOCALS~1\Temp\JET42D0.tmp scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\ZLT03b04.TMP scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\ZLT03b07.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09112008_103812

#8
Mike

Posted 11 September 2008 - 03:37 AM

Malware Monger

Retired Staff
2,745 posts

Hi there,

That svchost is not legitimate

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
D:\WINDOWS\system32\tsm
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re-run RSIT and post back with the log it produces.

Please do that for me

#9
Van4ulita

Posted 11 September 2008 - 03:39 AM

Member

Topic Starter
Member
41 posts

Here is the RSIT log

Logfile of random's system information tool (written by random/random)
Run by niko at 2008-09-11 12:35:31
Microsoft Windows XP Home Edition Service Pack 2
System drive D: has 6 GB (32%) free of 20 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35, on 11-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\hasplms.exe
D:\Program Files\ICQ6\ICQ.exe
D:\Documents and Settings\niko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\StkASv2K.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Vivotek\ST3402\Launcher_VV.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
D:\Program Files\Avant Browser\avant.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\niko\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\niko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [ISS_SIP] D:\Program Files\Anti Keylogger Elite\AKE.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\niko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - D:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - D:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - D:\Program Files\Vivotek\ST3402\Launcher_VV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10745 bytes

Scheduled tasks folder

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskUser.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - D:\Program Files\FlashGet\jccatch.dll [2007-06-11 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-06 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - d:\program files\google\googletoolbar1.dll [2007-10-29 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-04 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-09-09 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - D:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar1.dll [2007-10-29 2403392]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-09-09 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2006-06-21 577536]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-06 185896]
"CanonSolutionMenu"=D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=D:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"IP surveillance"= []
"UVS10 Preload"=D:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [2006-08-09 36864]
"ISS_SIP"=D:\Program Files\Anti Keylogger Elite\AKE.exe []
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-05 68856]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"ICQ"=D:\Program Files\ICQ6\ICQ.exe [2008-08-24 173304]
"Google Update"=D:\Documents and Settings\niko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-04-18 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
D:\Program Files\FlashGet\FlashGet.exe [2007-06-19 1986608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
D:\Program Files\GameFace Messenger\GameFace.exe [2005-08-11 1916928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
D:\PROGRA~1\ZYDAST~1\ZYDAS_~1.11G\ZDWlan.exe [2006-09-01 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\GameFace Messenger\GameFace.exe"="D:\Program Files\GameFace Messenger\GameFace.exe:*:Enabled:IM"
"D:\Program Files\FlashGet\flashget.exe"="D:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\DVR\Encode.exe"="C:\DVR\Encode.exe:*:Enabled:Digital Video Recoder Software"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\Internet Explorer\IEXPLORE.EXE"="D:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Dual codec internet relative software\cms\EventLogger.exe"="D:\Program Files\Dual codec internet relative software\cms\EventLogger.exe:*:Enabled:Event Logger"
"D:\Program Files\ZKSoftware\zkemnetman\zkemnetman.exe"="D:\Program Files\ZKSoftware\zkemnetman\zkemnetman.exe:*:Enabled:zkemnetman"
"D:\Program Files\Att2007\att.exe"="D:\Program Files\Att2007\att.exe:*:Enabled:att"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\WINDOWS\system32\ftp.exe"="D:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program"
"D:\WINDOWS\system32\sessmgr.exe"="D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program Files\SmartFTP Client\SmartFTP.exe"="D:\Program Files\SmartFTP Client\SmartFTP.exe:*:Disabled:SmartFTP Client 2.5"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-11 12:25:05 ----D---- D:\WINDOWS\system32\vdzueaef
2008-09-11 12:05:08 ----D---- D:\WINDOWS\system32\nfbc
2008-09-11 11:33:00 ----D---- D:\WINDOWS\system32\tsm
2008-09-11 11:20:24 ----D---- D:\WINDOWS\system32\brpgr
2008-09-11 10:56:20 ----D---- D:\WINDOWS\system32\tbdk
2008-09-11 10:38:12 ----D---- D:\_OTMoveIt
2008-09-11 08:01:01 ----D---- D:\WINDOWS\system32\bxmslhv
2008-09-10 18:37:29 ----HDC---- D:\WINDOWS\$NtUninstallKB954156_WM9L$
2008-09-10 18:37:25 ----HDC---- D:\WINDOWS\$NtUninstallKB938464$
2008-09-10 18:37:00 ----HDC---- D:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 16:01:28 ----D---- D:\Documents and Settings\niko\Application Data\Uniblue
2008-09-10 13:41:59 ----D---- D:\WINDOWS\system32\mdtstse
2008-09-10 13:31:21 ----D---- D:\rsit
2008-09-10 13:31:21 ----D---- D:\Program Files\trend micro
2008-09-10 11:46:55 ----D---- D:\Program Files\Sophos
2008-09-09 18:38:31 ----D---- D:\Program Files\ZoneAlarmSB
2008-09-09 18:36:53 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-09 18:36:34 ----A---- D:\WINDOWS\zllsputility.exe
2008-09-09 18:36:34 ----A---- D:\WINDOWS\system32\SpOrder.dll
2008-09-09 18:36:04 ----A---- D:\WINDOWS\system32\vsregexp.dll
2008-09-09 18:36:04 ----A---- D:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-09 18:36:01 ----A---- D:\WINDOWS\system32\zlcommdb.dll
2008-09-09 18:36:01 ----A---- D:\WINDOWS\system32\zlcomm.dll
2008-09-09 18:35:56 ----A---- D:\WINDOWS\system32\vswmi.dll
2008-09-09 18:35:55 ----A---- D:\WINDOWS\system32\zpeng24.dll
2008-09-09 18:35:55 ----A---- D:\WINDOWS\system32\vsxml.dll
2008-09-09 18:35:54 ----D---- D:\WINDOWS\system32\ZoneLabs
2008-09-09 18:35:54 ----D---- D:\Program Files\Zone Labs
2008-09-09 18:35:54 ----A---- D:\WINDOWS\system32\vspubapi.dll
2008-09-09 18:35:54 ----A---- D:\WINDOWS\system32\vsmonapi.dll
2008-09-09 18:35:10 ----D---- D:\WINDOWS\Internet Logs
2008-09-09 18:35:10 ----A---- D:\WINDOWS\system32\vsutil.dll
2008-09-09 18:35:10 ----A---- D:\WINDOWS\system32\vsinit.dll
2008-09-09 18:35:10 ----A---- D:\WINDOWS\system32\vsdata.dll
2008-09-09 18:03:18 ----D---- D:\Program Files\Spybot - Search & Destroy
2008-09-09 18:03:18 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 16:09:01 ----D---- D:\Program Files\Avira
2008-09-09 16:09:01 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-09-09 12:20:09 ----A---- D:\WINDOWS\ntbtlog.txt
2008-09-09 11:05:02 ----D---- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-09 11:04:50 ----D---- D:\Program Files\SUPERAntiSpyware
2008-09-09 11:04:50 ----D---- D:\Documents and Settings\niko\Application Data\SUPERAntiSpyware.com
2008-09-09 11:04:00 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 10:41:15 ----D---- D:\Documents and Settings\niko\Application Data\Malwarebytes
2008-09-09 10:41:11 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 18:30:24 ----D---- D:\Program Files\ChairGun2
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\msvbvm60.dll
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\MSSTDFMT.DLL
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\MSBIND.DLL
2008-08-22 18:30:08 ----N---- D:\WINDOWS\system32\dao360.dll
2008-08-21 09:42:14 ----D---- D:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-20 12:12:10 ----D---- D:\Documents and Settings\niko\Application Data\Gamelab
2008-08-19 11:52:53 ----D---- D:\Documents and Settings\niko\Application Data\Flood Light Games
2008-08-13 18:50:23 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$
2008-08-13 18:50:19 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$
2008-08-13 18:50:15 ----HDC---- D:\WINDOWS\$NtUninstallKB953839$
2008-08-13 18:50:11 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$
2008-08-13 18:49:08 ----HDC---- D:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 18:49:03 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$
2008-08-13 18:48:38 ----HDC---- D:\WINDOWS\$NtUninstallKB951066$
2008-08-13 09:17:23 ----A---- D:\WINDOWS\system32\ZDPN50.DLL
2008-08-13 09:17:22 ----D---- D:\Program Files\ZyDAS Technology Corporation
2008-08-13 09:17:22 ----A---- D:\WINDOWS\system32\ZyDelReg.exe
2008-08-13 09:17:22 ----A---- D:\WINDOWS\system32\InsDrvZD64.DLL
2008-08-13 09:17:22 ----A---- D:\WINDOWS\system32\InsDrvZD.dll
2008-08-07 12:11:01 ----HDC---- D:\WINDOWS\$NtUninstallWdf01005$
2008-08-05 16:11:33 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2008-08-05 16:11:33 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2008-08-05 16:11:33 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2008-08-05 16:11:32 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2008-08-05 16:11:32 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2008-08-05 16:11:32 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2008-08-05 16:11:31 ----A---- D:\WINDOWS\system32\XAudio2_0.dll
2008-08-05 16:11:31 ----A---- D:\WINDOWS\system32\xactengine3_0.dll
2008-08-05 16:11:31 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2008-08-05 16:11:30 ----A---- D:\WINDOWS\system32\X3DAudio1_3.dll
2008-08-05 16:11:30 ----A---- D:\WINDOWS\system32\d3dx10_37.dll
2008-08-05 16:11:30 ----A---- D:\WINDOWS\system32\D3DCompiler_37.dll
2008-08-05 16:11:29 ----A---- D:\WINDOWS\system32\xactengine2_10.dll
2008-08-05 16:11:29 ----A---- D:\WINDOWS\system32\D3DX9_37.dll
2008-08-05 16:11:28 ----A---- D:\WINDOWS\system32\d3dx9_36.dll
2008-08-05 16:11:28 ----A---- D:\WINDOWS\system32\d3dx10_36.dll
2008-08-05 16:11:28 ----A---- D:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-05 16:11:27 ----A---- D:\WINDOWS\system32\xactengine2_9.dll
2008-08-05 16:11:27 ----A---- D:\WINDOWS\system32\d3dx10_35.dll
2008-08-05 16:11:27 ----A---- D:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-05 16:11:26 ----A---- D:\WINDOWS\system32\xactengine2_8.dll
2008-08-05 16:11:26 ----A---- D:\WINDOWS\system32\X3DAudio1_2.dll
2008-08-05 16:11:26 ----A---- D:\WINDOWS\system32\d3dx9_35.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\xinput1_3.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\d3dx9_34.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\d3dx10_34.dll
2008-08-05 16:11:25 ----A---- D:\WINDOWS\system32\D3DCompiler_34.dll
2008-08-05 16:11:24 ----A---- D:\WINDOWS\system32\xactengine2_7.dll
2008-08-05 16:11:24 ----A---- D:\WINDOWS\system32\d3dx10_33.dll
2008-08-05 16:11:24 ----A---- D:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-05 16:11:23 ----A---- D:\WINDOWS\system32\d3dx9_33.dll
2008-08-05 16:11:22 ----A---- D:\WINDOWS\system32\xactengine2_6.dll
2008-08-05 16:11:22 ----A---- D:\WINDOWS\system32\xactengine2_5.dll
2008-08-05 16:11:22 ----A---- D:\WINDOWS\system32\d3dx9_32.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\xinput1_2.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\xactengine2_4.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\xactengine2_3.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\x3daudio1_1.dll
2008-08-05 16:11:21 ----A---- D:\WINDOWS\system32\d3dx9_31.dll
2008-08-05 16:11:20 ----A---- D:\WINDOWS\system32\xinput1_1.dll
2008-08-05 16:11:20 ----A---- D:\WINDOWS\system32\xactengine2_2.dll
2008-08-05 16:11:20 ----A---- D:\WINDOWS\system32\xactengine2_1.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\xactengine2_0.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\x3daudio1_0.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\d3dx9_30.dll
2008-08-05 16:11:17 ----A---- D:\WINDOWS\system32\d3dx9_29.dll
2008-08-05 16:11:16 ----A---- D:\WINDOWS\system32\xinput9_1_0.dll
2008-08-05 16:11:16 ----A---- D:\WINDOWS\system32\d3dx9_28.dll
2008-08-05 16:11:16 ----A---- D:\WINDOWS\system32\d3dx9_27.dll
2008-08-05 16:11:15 ----A---- D:\WINDOWS\system32\d3dx9_26.dll
2008-08-05 16:11:15 ----A---- D:\WINDOWS\system32\d3dx9_25.dll
2008-08-05 16:11:14 ----A---- D:\WINDOWS\system32\d3dx9_24.dll
2008-08-05 16:09:40 ----D---- D:\WINDOWS\Logs
2008-08-04 14:54:00 ----D---- D:\Documents and Settings\niko\Application Data\eGames
2008-08-04 14:53:58 ----SHD---- D:\WINDOWS\ftpcache
2008-08-04 14:52:14 ----D---- D:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-04 11:03:26 ----D---- D:\WINDOWS\system32\Adobe
2008-07-28 10:37:03 ----D---- D:\Documents and Settings\niko\Application Data\Cashfiesta
2008-07-22 06:25:32 ----D---- D:\WINDOWS\Minidump
2008-07-21 15:45:34 ----A---- D:\WINDOWS\avisplitter.INI
2008-07-17 08:11:52 ----D---- D:\Program Files\Common Files\Aladdin Shared
2008-07-17 08:11:50 ----A---- D:\WINDOWS\system32\hasplms.exe
2008-07-17 08:11:50 ----A---- D:\WINDOWS\system32\aksllmtp.exe
2008-07-16 18:21:18 ----D---- D:\Documents and Settings\niko\Application Data\FileZilla
2008-07-16 18:20:55 ----D---- D:\Program Files\FileZilla FTP Client
2008-07-14 13:53:21 ----D---- D:\WINDOWS\Sun
2008-07-14 13:53:21 ----D---- D:\Documents and Settings\niko\Application Data\Sun
2008-07-14 13:52:58 ----A---- D:\WINDOWS\system32\javaws.exe
2008-07-14 13:52:58 ----A---- D:\WINDOWS\system32\javaw.exe
2008-07-14 13:52:58 ----A---- D:\WINDOWS\system32\java.exe
2008-07-14 13:44:57 ----D---- D:\Program Files\Java
2008-07-14 13:37:05 ----D---- D:\Program Files\Common Files\Java
2008-07-09 08:05:19 ----HDC---- D:\WINDOWS\$NtUninstallKB951748$
2008-07-09 08:03:29 ----D---- D:\Documents and Settings\niko\Application Data\skypePM
2008-07-09 08:03:01 ----D---- D:\Program Files\Common Files\Skype
2008-07-07 16:37:35 ----D---- D:\Program Files\Winamp Remote
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\vxblock.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxwave.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxsfs.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxmas.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxinsa64.exe
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxhpinst.exe
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxdrv.dll
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxcpya64.exe
2008-07-07 16:36:29 ----N---- D:\WINDOWS\system32\pxafs.dll
2008-07-07 16:36:28 ----N---- D:\WINDOWS\system32\px.dll
2008-07-07 16:36:26 ----D---- D:\Program Files\Winamp
2008-07-07 16:36:26 ----D---- D:\Documents and Settings\niko\Application Data\Winamp
2008-07-02 10:39:31 ----D---- D:\Documents and Settings\All Users\Application Data\TVU Networks
2008-06-20 17:02:24 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-18 10:05:08 ----D---- D:\Documents and Settings\niko\Application Data\Media Player Classic
2008-06-18 10:01:26 ----A---- D:\WINDOWS\system32\yv12vfw.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\xvidvfw.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\xvidcore.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\qt-dx331.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\dpl100.dll
2008-06-18 10:01:25 ----A---- D:\WINDOWS\system32\divx.dll
2008-06-18 10:01:24 ----A---- D:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-18 10:01:24 ----A---- D:\WINDOWS\system32\ff_vfw.dll
2008-06-18 10:01:22 ----D---- D:\Program Files\K-Lite Codec Pack
2008-06-17 15:27:25 ----A---- D:\WINDOWS\PCViewer_D6.INI
2008-06-17 15:21:04 ----D---- D:\Program Files\PC Viewr D6 Series
2008-06-16 15:12:42 ----D---- D:\Program Files\The KMPlayer

List of drivers

R1 asuskbnt;Enhanced Display Driver Helper Service; D:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 KLIF;KLIF; D:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; D:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 aksfridge;aksfridge; \??\D:\WINDOWS\system32\drivers\aksfridge.sys []
R2 EIO;EIO; \??\D:\WINDOWS\system32\drivers\EIO.sys []
R2 Hardlock;Hardlock; \??\D:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;IrDA Protocol; D:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-06-27 3972672]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
R3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-28 81920]
R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Video3D;ASUS Video3D Service; D:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
S2 AKEProtect;AKEProtect; \??\D:\Program Files\Anti Keylogger Elite\AKEProtect.sys []
S3 atidgllk;atidgllk; \??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); D:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); D:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); D:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); D:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); D:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); D:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM); D:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 61600]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StkAMini;Syntek STK1160; D:\WINDOWS\System32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image; D:\WINDOWS\System32\Drivers\StkScan.sys [2006-06-27 4772]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbser;Nokia USB Serial Port; D:\WINDOWS\system32\DRIVERS\usbser.sys [2007-01-26 25600]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); D:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; D:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
R2 ATKKeyboardService;ATK Keyboard Service; D:\WINDOWS\ATKKBService.exe [2006-04-10 241664]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-02-23 65536]
R2 hasplms;HASP License Manager; D:\WINDOWS\system32\hasplms.exe [2008-03-19 2558464]
R2 Irmon;Infrared Monitor; D:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R2 LexBceS;LexBce Server; D:\WINDOWS\system32\LEXBCES.EXE [2002-08-15 299008]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-07-20 61440]
R2 StkASSrv;Syntek STK1160 Service; D:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576]
R2 UleadBurningHelper;Ulead Burning Helper; D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher; D:\Program Files\Vivotek\ST3402\Launcher_VV.exe [2007-04-19 430080]
R2 vsmon;TrueVector Internet Monitor; D:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-02-23 1515599]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-29 138168]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]

-----------------EOF-----------------

#10
Van4ulita

Posted 11 September 2008 - 03:42 AM

Member

Topic Starter
Member
41 posts

it's not tsm folder now
it's vdzueaef, should I write this instead

#11
Mike

Posted 11 September 2008 - 03:42 AM

Malware Monger

Retired Staff
2,745 posts

Follow the first part of the instructions here

http://www.geekstogo...55#entry1329155

Ignore the part about RSIT for the moment.

I'll look over your log and get back to you.

#12
Mike

Posted 11 September 2008 - 03:44 AM

Malware Monger

Retired Staff
2,745 posts

Leave it for the moment then

We are cross posting, let's refresh always before we post lol.

#13
Mike

Posted 11 September 2008 - 03:54 AM

Malware Monger

Retired Staff
2,745 posts

Hi there,

As you've noticed you are getting reinfected.
The most important thing is to stay off of the internet as much as possible!
I would rather have it completely disconnected and you comming here from another computer.

So for now please keep that in mind, disconnect from the internet when possible.

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IP surveillance
D:\WINDOWS\system32\vdzueaef
D:\WINDOWS\system32\nfbc
D:\WINDOWS\system32\tsm
D:\WINDOWS\system32\brpgr
D:\WINDOWS\system32\tbdk
D:\WINDOWS\system32\bxmslhv
D:\WINDOWS\system32\mdtstse
emptytemp
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

And finally,

Please download OTScanIt.exe to your Desktop.
Double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close all other programs.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program
(if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.
In the File created within section select 60 Days
In the Rootkit Search section select yes
Under Additional Scans click the checkboxes in front of the following items to select them:
- Reg - BotCheck
  Reg - Mountpoints2
  File - Additional Folder Scans
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and attach the file in your next post, do not try to copy/paste it into the post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post