Windows Explorer, system restore in programs are crashing [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

3 Pages

1 2 3 >

Windows Explorer, system restore in programs are crashing [RESOLVED], I know I have a virus, I just don't know what the name of it is

Options

dondada View Member Profile	Oct 8 2008, 02:16 AM Post #1
Member Posts: 20 OS: Windows xp	I've been trying to get this virus off my computer all day. I have Windows XP and I have the Windows Vista sidebar. The last virus I had affected the sidebar and made it look different. This virus is doing the same thing. My weather icons on my Vista bar does not show up right. My system restore crashes when I try to use it. Windows Explorer when I try to use it, starts for a minute, then crashes. My Programs like my Friendblaster and other programs crash now. And I also noticed my user account keeps saying "Automation server can't create object". Here is my hijack this information Can somebody help me please? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:11:44 AM, on 10/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe F:\Program Files\Alias\Maya6.0\docs\Wrapper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe F:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe F:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe F:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wscntfy.exe F:\Program Files\TopDesk\topdesk.exe C:\WINDOWS\vVX1000.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe F:\Program Files\RNmail\rn.exe C:\Program Files\QuickTime\QTTask.exe F:\Program Files\PowerISO\PWRISOVM.EXE F:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe F:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe F:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Windows Sidebar\sidebar.exe F:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe F:\Program Files\Styler\Styler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe F:\Program Files\UltraMon\UltraMonTaskbar.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\taskmgr.exe F:\Program Files\FTP Commander\ftpcomm.exe C:\WINDOWS\System32\wbem\wmiprvse.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O2 - BHO: &RN_Object - {E6B48BC7-4EA9-4643-A4B3-BB7C4F69287A} - F:\Program Files\RNmail\RN_IE_Add_On.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\AI Booster\OverClk.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [TopDesk] F:\Program Files\TopDesk\topdesk.exe O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [RNmail] "F:\Program Files\RNmail\rn.exe" /path "F:\Program Files\RNmail" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [VisualTaskTips] F:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [oovoo.exe] F:\Program Files\ooVoo\ooVoo.exe /minimized O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Joost.lnk = F:\Program Files\Joost\xulrunner\tvprunner.exe O4 - Startup: Styler.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: UltraMon.lnk = F:\Program Files\UltraMon\UltraMon.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download &Flash Movies - F:\Program Files\Flash2X\Flash Hunter\save.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - APILogging - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - F:\Program Files\RNmail\RN_IE_Add_On.dll O9 - Extra 'Tools' menuitem: Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - F:\Program Files\RNmail\RN_IE_Add_On.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - F:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU) O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - F:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU) O15 - Trusted Zone: login.live.com O15 - Trusted Zone: g.msn.com O15 - Trusted Zone: moneycentral.msn.com O15 - Trusted Zone: http://www.msn.com O15 - Trusted Zone: .passport.com O15 - Trusted Zone: *.passport.net O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} (Quest3DCtlr2 Class) - http://www.quest3d.com/webplugin/download/...t3dactivex2.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ojgbmz.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - F:\Program Files\Alias\Maya6.0\docs\Wrapper.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - F:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 15519 bytes

emeraldnzl View Member Profile	Oct 9 2008, 06:42 PM Post #2
Trusted Helper Posts: 3,330 OS: XP Pro	Hello dondada, Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Next Download random's system information tool (RSIT) by random/random from here. It is important that is saved to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) So when you return please post Vundofix.txt RSIT logs - log.txt and info.txt Note: It is likely the reports will not fit on one post. Just use as many posts as you need, that's fine.

dondada View Member Profile	Oct 9 2008, 07:58 PM Post #3
Member Posts: 20 OS: Windows xp	That program did not find anything. I did a on line virus scan with kaspersky and it found all types of suff... some win32 and some other thing. The big problem is i cant unstall Sophos it has a error and the other ant- virus programs want that program unstall

emeraldnzl View Member Profile	Oct 9 2008, 08:21 PM Post #4
Trusted Helper Posts: 3,330 OS: XP Pro	Hi dondada, VundoFix was our first line of attack. There were some signs but not very conclusive. I just wanted to rule that one out while we had a deeper look. There was the remote possibility we could get it right off. Now I need those RSIT logs so I can assess the situation better. Have you got them on the way?

dondada View Member Profile	Oct 11 2008, 11:17 AM Post #5
Member Posts: 20 OS: Windows xp	I did the first two steps..then when i came back on to do the last one the web site was down. Then i come back today and the steps you told me to do are goin. so this is the info you wanted. KillAll:: File:: C:\uijyguhgr.exe C:\WINDOWS\system32\Jiii_PNUCT.pnc C:\WINDOWS\system32\65B922BE10.dll C:\Documents and Settings\Troy\wntestt.exe C:\Documents and Settings\Troy\realwin32e.exe C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe Cn911.exe C:\WINDOWS\system32\drivers\sdpiosys.sys Folder:: C:\Program Files\Viewpoint Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33423b3c-7a4d-11dc-bef9-0018f390ee41}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd08ffb2-f9c8-11dc-bfc3-0018f390ee41}] Driver:: sdpiosys SysRst:: ComboFix 08-10-07.06 - Troy 2008-10-10 19:58:59.2 - NTFSx86 Running from: C:\Documents and Settings\Troy\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Troy\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Troy\realwin32e.exe C:\Documents and Settings\Troy\wntestt.exe C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe C:\uijyguhgr.exe C:\WINDOWS\system32\65B922BE10.dll C:\WINDOWS\system32\Jiii_PNUCT.pnc . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Troy\realwin32e.exe C:\Documents and Settings\Troy\wntestt.exe C:\Program Files\Viewpoint C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Common\VistaBoot.sdll C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint_03050024.dll C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe C:\WINDOWS\system32\65B922BE10.dll C:\WINDOWS\system32\Jiii_PNUCT.pnc . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SDPIOSYS -------\Service_sdpiosys ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))) . 2008-10-10 18:05 . 2008-10-10 18:05 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-10 14:31 . 2008-10-10 14:33 <DIR> d-------- C:\rsit 2008-10-09 19:35 . 2008-10-09 21:57 <DIR> d-------- C:\Documents and Settings\Troy\Application Data\F-Secure 2008-10-09 19:25 . 2008-06-25 06:41 79,904 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-10-09 19:24 . 2008-10-10 13:39 <DIR> d-------- C:\Program Files\F-Secure Internet Security 2008-10-09 18:07 . 2008-10-09 18:07 <DIR> d-------- C:\VundoFix Backups 2008-10-09 16:08 . 2008-10-09 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-10-09 10:38 . 2008-10-09 10:38 <DIR> d-------- C:\Documents and Settings\Troy\log 2008-10-09 10:38 . 2008-10-09 10:38 142,096 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-10-09 10:37 . 2008-10-09 10:37 <DIR> d-------- C:\Documents and Settings\Troy\Pavark 2008-10-09 00:33 . 2008-10-09 00:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-09 00:33 . 2008-10-09 00:33 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-08 18:15 . 2008-10-08 18:15 <DIR> d-------- C:\Documents and Settings\Troy\Application Data\sp2 2008-10-08 16:02 . 2008-10-08 16:02 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie 2008-10-08 11:53 . 2008-10-08 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-10-08 01:27 . 2008-10-09 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-10-07 22:17 . 2008-10-08 11:21 <DIR> d-------- C:\Documents and Settings\Troy\.housecall6.6 2008-10-07 21:03 . 2008-04-14 05:42 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-10-07 21:03 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-10-07 21:03 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-10-07 21:03 . 2008-04-14 05:42 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-10-07 21:03 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-10-07 21:01 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-10-07 21:00 . 2008-04-14 00:01 2,065,792 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-07 20:59 . 2001-08-23 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-10-07 20:58 . 2001-08-23 12:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll 2008-10-07 20:57 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-10-07 20:56 . 2001-08-23 12:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-10-07 20:55 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-10-07 20:54 . 2008-04-14 00:57 2,188,928 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-07 20:54 . 2001-08-23 12:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll 2008-10-07 20:54 . 2001-08-23 12:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx 2008-10-07 20:54 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll 2008-10-07 20:54 . 2001-08-23 12:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll 2008-10-07 20:54 . 2001-08-23 12:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe 2008-10-07 20:54 . 2001-08-23 12:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe 2008-10-07 20:54 . 2001-08-23 12:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll 2008-10-07 20:54 . 2001-08-23 12:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll 2008-10-07 20:54 . 2001-08-23 12:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll 2008-10-07 19:57 . 2008-10-08 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-10-07 19:56 . 2008-10-09 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\f-secure 2008-10-07 17:50 . 2008-10-07 22:54 <DIR> d-------- C:\SDFix 2008-10-06 23:14 . 2005-07-15 12:49 245,760 --a------ C:\WINDOWS\system32\aUpdateNow.ocx 2008-10-06 13:03 . 2008-10-06 13:03 <DIR> d-------- C:\Program Files\Duplicate Content Detonator 2008-10-06 12:01 . 2008-10-06 23:11 <DIR> d-------- C:\Program Files\Common Files\SB Solutions 2008-10-06 12:00 . 2008-10-06 23:26 <DIR> d-------- C:\Program Files\eWriterPro 2008-10-05 22:41 . 2008-10-05 22:41 207 --a------ C:\WINDOWS\HTML Brander 2008-10-05 21:01 . 2008-10-05 21:01 <DIR> d-------- C:\WINDOWS\Feedback Analyzer 2008-10-05 18:00 . 2008-10-05 18:00 <DIR> d-------- C:\Program Files\Common Files\Droppix 2008-10-05 17:48 . 2008-10-05 17:48 268 --ah----- C:\sqmdata00.sqm 2008-10-05 17:48 . 2008-10-05 17:48 244 --ah----- C:\sqmnoopt00.sqm 2008-10-04 22:32 . 2008-10-04 23:06 167 --a------ C:\Documents and Settings\Troy\udownload.dat 2008-10-03 21:37 . 2008-10-03 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\webcamXP5 2008-10-02 15:00 . 2008-10-02 15:03 <DIR> d-------- C:\Documents and Settings\Troy\Application Data\ooVoo Details 2008-10-02 14:24 . 2008-10-02 14:24 <DIR> d--hs---- C:\imx 2008-10-02 14:21 . 2008-09-18 14:53 352,256 --a------ C:\WINDOWS\system32\AlphaImageControl.ocx 2008-10-02 14:21 . 2008-09-12 16:30 237,568 --a------ C:\WINDOWS\system32\Abutton.ocx 2008-10-02 14:21 . 2001-06-26 15:35 131,072 --a------ C:\WINDOWS\system32\ARButton.ocx 2008-10-02 14:21 . 2002-07-04 10:27 61,440 --a------ C:\WINDOWS\system32\TransPictureBox.ocx 2008-10-01 20:46 . 2008-10-01 20:46 <DIR> d-------- C:\Documents and Settings\Troy\Application Data\Summitsoft 2008-10-01 20:38 . 2008-10-01 20:38 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-09-29 12:14 . 2008-09-29 12:14 <DIR> d-------- C:\Program Files\PandoBar 2008-09-29 12:13 . 2008-09-29 12:13 <DIR> d-------- C:\Documents and Settings\Troy\Application Data\Camfrog 2008-09-18 10:53 . 2008-09-18 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bryxen Software 2008-09-11 20:50 . 2008-09-11 20:50 724,984 --a------ C:\Documents and Settings\Troy\gotomypc_437.exe 2008-09-11 20:43 . 2008-09-11 20:43 3,902,784 --a------ C:\Documents and Settings\Troy\gosetup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-11 01:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-10 04:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-10 03:58 5,526 ----a-w C:\WINDOWS\system32\tmp.reg 2008-10-10 00:36 --------- d-----w C:\Documents and Settings\Troy\Application Data\SUPERAntiSpyware.com 2008-10-09 17:20 --------- d-----w C:\Documents and Settings\Troy\Application Data\uTorrent 2008-10-09 17:13 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-10-08 08:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-10-08 02:09 --------- d-----w C:\Documents and Settings\Troy\Application Data\Joost 2008-10-07 06:20 --------- d-----w C:\Program Files\FriendBlasterPro 2008-10-06 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-06 02:42 --------- d-----w C:\Program Files\Common Files\Real 2008-10-05 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix 2008-10-05 20:53 --------- d-----w C:\Documents and Settings\Troy\Application Data\Skype 2008-10-05 19:19 --------- d-----w C:\Documents and Settings\Troy\Application Data\SopCast 2008-10-05 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Watermark Factory 2008-10-05 15:00 --------- d-----w C:\Documents and Settings\Troy\Application Data\skypePM 2008-10-04 21:28 --------- d-----w C:\Documents and Settings\Troy\Application Data\iPhoneRingToneMaker 2008-09-06 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-09-05 23:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-05 20:32 --------- d-----w C:\Program Files\1stWORKS 2008-09-05 08:17 --------- d-----w C:\Documents and Settings\Troy\Application Data\IBP 2008-08-31 04:48 2,292,759 ----a-w C:\WINDOWS\Untitled Screen Saver.scr 2008-08-28 06:10 --------- d-----w C:\Documents and Settings\Troy\Application Data\LimeWire 2008-08-27 22:38 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-27 22:38 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-25 18:36 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-25 18:36 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-25 18:36 40,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-07-30 05:09 8 ----a-w C:\results.bin 2008-07-27 01:58 4,195 ----a-w C:\Documents and Settings\Troy\Application Data\SAS7_000.DAT 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-05-04 19:17 67,432 ----a-w C:\Documents and Settings\Troy\Application Data\GDIPFONTCACHEV1.DAT 2008-04-17 19:12 22,328 ----a-w C:\Documents and Settings\Troy\Application Data\PnkBstrK.sys 2008-02-19 05:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-06-20 17:00 27,976 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll 2008-06-20 17:00 125,848 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll 2008-05-11 18:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-09_22.48.21.90 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-08 18:47:21 96,256 ----a-w C:\WINDOWS\Installer\atl80.dll + 2008-10-10 20:08:48 96,256 ----a-w C:\WINDOWS\Installer\atl80.dll - 2008-10-08 18:47:22 159,168 ----a-w C:\WINDOWS\Installer\libexpat.dll + 2008-10-10 20:09:09 159,168 ----a-w C:\WINDOWS\Installer\libexpat.dll - 2008-10-08 18:47:22 1,101,824 ----a-w C:\WINDOWS\Installer\mfc80.dll + 2008-10-10 20:09:12 1,101,824 ----a-w C:\WINDOWS\Installer\mfc80.dll - 2008-10-08 18:47:23 1,093,120 ----a-w C:\WINDOWS\Installer\mfc80u.dll + 2008-10-10 20:09:15 1,093,120 ----a-w C:\WINDOWS\Installer\mfc80u.dll - 2008-10-08 18:47:23 69,632 ----a-w C:\WINDOWS\Installer\mfcm80.dll + 2008-10-10 20:09:16 69,632 ----a-w C:\WINDOWS\Installer\mfcm80.dll - 2008-10-08 18:47:23 57,856 ----a-w C:\WINDOWS\Installer\mfcm80u.dll + 2008-10-10 20:09:16 57,856 ----a-w C:\WINDOWS\Installer\mfcm80u.dll - 2008-10-08 18:47:23 479,232 ----a-w C:\WINDOWS\Installer\msvcm80.dll + 2008-10-10 20:09:18 479,232 ----a-w C:\WINDOWS\Installer\msvcm80.dll - 2008-10-08 18:47:23 548,864 ----a-w C:\WINDOWS\Installer\msvcp80.dll + 2008-10-10 20:09:21 548,864 ----a-w C:\WINDOWS\Installer\msvcp80.dll - 2008-10-08 18:47:23 626,688 ----a-w C:\WINDOWS\Installer\msvcr80.dll + 2008-10-10 20:09:24 626,688 ----a-w C:\WINDOWS\Installer\msvcr80.dll - 2008-10-08 18:47:23 24,576 ----a-w C:\WINDOWS\Installer\nlsdl.dll + 2008-10-10 20:09:25 24,576 ----a-w C:\WINDOWS\Installer\nlsdl.dll - 2008-10-08 18:47:31 126,208 ----a-w C:\WINDOWS\Installer\TmDbg32.dll + 2008-10-10 20:11:39 126,208 ----a-w C:\WINDOWS\Installer\TmDbg32.dll + 2008-04-29 18:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys + 2008-04-29 18:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys + 2008-04-29 18:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys + 2008-05-16 18:58:04 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((((((((((((( System Restore ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ctl3dv2.dll 2001-08-23 12:00 27200 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121325.dll C:\dllcache\cem28n5.sys 2001-08-17 12:13 22044 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP253\A0126733.sys C:\dllcache\es198x.sys 2001-08-17 12:19 174464 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121490.sys 2001-08-17 12:19 174464 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121490.sys C:\dllcache\esuimg.dll 2001-08-17 22:36 34816 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121501.dll C:\dllcache\fp4anscp.dll 2008-04-14 05:41 82035 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121543.dll C:\dllcache\fp4awel.dll 2008-04-14 05:41 876653 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121550.dll C:\dllcache\g200d.dll 2001-08-17 14:56 470144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121583.dll 2001-08-17 14:56 470144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121583.dll C:\dllcache\iiscrmap.dll 2001-08-23 12:00 19456 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121698.dll C:\dllcache\imscinst.exe 2004-08-03 23:31 59392 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121731.exe 2004-08-03 23:31 59392 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121731.exe C:\dllcache\ini910u.sys 2001-08-17 13:52 16000 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121741.sys 2001-08-17 13:52 16000 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121741.sys C:\dllcache\ipfltdrv.sys 2001-08-23 12:00 32896 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121748.sys C:\dllcache\kbd103.dll 2001-08-17 14:55 5632 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121774.dll C:\dllcache\kbda2.dll 2001-08-23 12:00 5632 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121776.dll C:\dllcache\kbda3.dll 2001-08-23 12:00 5632 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121777.dll C:\dllcache\kbdinpun.dll 2001-08-23 12:00 6144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121825.dll C:\dllcache\kbdir.dll 2001-08-23 12:00 5632 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121828.dll 2001-08-23 12:00 5632 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121828.dll C:\dllcache\kbdmac.dll 2001-08-23 12:00 6144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121840.dll C:\dllcache\kbdpo.dll 2001-08-23 12:00 6144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121849.dll 2001-08-23 12:00 6144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121849.dll C:\dllcache\kbdsf.dll 2001-08-23 12:00 6144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121853.dll C:\dllcache\kbdtat.dll 2001-08-23 12:00 5632 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121861.dll C:\dllcache\kbdth2.dll 2001-08-23 12:00 6144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121864.dll C:\dllcache\migwiz_a.exe 2004-08-04 01:56 236032 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0121958.exe C:\dllcache\msi.dll 2008-05-19 06:33 4445184 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122014.dll 2008-05-19 06:33 4445184 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122014.dll C:\dllcache\msvideo.dll 2001-08-23 12:00 126912 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122050.dll C:\dllcache\msxml6.dll 2008-04-14 05:42 1306624 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122055.dll C:\dllcache\mxport.dll 2001-08-17 22:36 7168 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122068.dll C:\dllcache\ntmtlfax.sys 2004-08-03 23:41 180360 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122123.sys 2004-08-03 23:41 180360 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122123.sys C:\dllcache\nv3.sys 2001-08-17 12:50 198144 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122128.sys C:\dllcache\ole2.dll 2001-08-23 12:00 39744 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122143.dll 2001-08-23 12:00 39744 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122143.dll C:\dllcache\ovcomc.dll 2001-08-17 22:36 20480 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122164.dll 2001-08-17 22:36 20480 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122164.dll C:\dllcache\paqsp.dll 2001-08-23 12:00 157696 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122176.dll C:\dllcache\pidgen.dll 2008-04-14 05:39 24064 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122202.dll 2008-04-14 05:39 24064 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122202.dll C:\dllcache\pmxmcro.dll 2001-08-23 12:00 11264 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122214.dll C:\dllcache\proxycfg.exe 2008-04-14 05:42 9216 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP248\A0125036.exe C:\dllcache\rvse.dll 2001-08-23 12:00 48706 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122308.dll C:\dllcache\s3sav4.dll 2001-08-17 14:56 198400 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122326.dll 2001-08-17 14:56 198400 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122326.dll C:\dllcache\skfpwin.sys 2001-08-17 12:12 91294 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122382.sys C:\dllcache\tsprof.exe 2001-08-23 12:00 14336 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122537.exe 2001-08-23 12:00 14336 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122537.exe C:\dllcache\twain.dll 2001-08-23 12:00 94784 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122539.dll C:\dllcache\twunk_32.exe 2001-08-23 12:00 25600 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122542.exe C:\dllcache\usb101et.sys 2004-08-03 22:31 32384 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122568.sys C:\dllcache\vdmindvd.sys 2001-08-23 12:00 58112 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122600.sys C:\dllcache\wadv09nt.sys 2004-08-03 23:29 11871 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122638.sys C:\dllcache\watv04nt.sys 2004-08-03 22:29 33599 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP245\A0122644.sys C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll 2008-07-15 20:39 168311 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP240\A0120531.dll C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll 2008-05-07 00:43 430451 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP240\A0120532.dll C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll 2008-06-20 20:38 307573 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP240\A0120533.dll C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll 2008-05-29 20:38 115063 {163BC911-622D-470B-B720-BB9A30ECE70C}\RP240\A0120534.dll C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll C:\System Volume Information\_r . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2005-12-06 22:16 176128 F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll "MSVideo"= CSvidcap.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^StartUp^iPhoneRingToneMaker.lnk] path=C:\Documents and Settings\Troy\Start Menu\Programs\StartUp\iPhoneRingToneMaker.lnk backup=C:\WINDOWS\pss\iPhoneRingToneMaker.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^StartUp^LimeWire On Startup.lnk] path=C:\Documents and Settings\Troy\Start Menu\Programs\StartUp\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone] --a------ 2007-08-28 14:24 1191936 F:\Program Files\iCall\iCall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --------- 2005-12-04 17:39 461584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 13:10 267048 F:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] --a------ 2008-08-06 23:38 160832 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-04-01 18:35 3587120 F:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "F:\\Program Files\\Call of Duty\\CoDMP.exe"= "F:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\RpcSandraSrv.exe"= "F:\\Program Files\\Nero 7\\Nero Home\\NeroHome.exe"= "F:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "F:\\Program Files\\e frontier\\Poser 7\\Poser.exe"= "F:\\Program Files\\Alias\\Maya6.0\\bin\\maya.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "F:\\Program Files\\IBP 9\\IBP.exe"= "F:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "F:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Documents and Settings\\Troy\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "F:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "F:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"= "F:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "F:\\Program Files\\iCall\\iCall.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "F:\\Program Files\\RNmail\\rn.exe"= "F:\\Program Files\\LimeWire\\LimeWire.exe"= "F:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "F:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "<NO NAME>"= "58765:TCP"= 58765:TCP:Pando P2P TCP Listening Port "58765:UDP"= 58765:UDP:Pando P2P UDP Listening Port "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] C:\WINDOWS\system32\hidec /W "C:\Program Files\VAIOXP\Tools\regtlib.exe" "C:\Program Files\Windows Sidebar\sidebar.exe" . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-10 20:06:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe F:\Program Files\Alias\Maya6.0\docs\Wrapper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE F:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\WINDOWS\vVX1000.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe F:\Program Files\RNmail\rn.exe C:\Program Files\QuickTime\QTTask.exe F:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe F:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe F:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe F:\Program Files\ooVoo\ooVoo.exe F:\Program Files\UltraMon\UltraMon.exe F:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe F:\Program Files\Styler\Styler.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe . ************************************************************************ . Completion time: 2008-10-10 20:30:48 - machine was rebooted [Troy] ComboFix-quarantined-files.txt 2008-10-11 03:30:20 ComboFix2.txt 2008-10-10 05:56:39 ComboFix3.txt 2008-10-08 01:39:20 ComboFix4.txt 2008-10-08 00:36:26 ComboFix5.txt 2008-10-11 02:58:30 Pre-Run: 3,882,938,368 bytes free Post-Run: 3,919,986,688 bytes free 510 --- E O F --- 2008-10-06 02:23:44

emeraldnzl

Oct 11 2008, 01:21 PM

Post #6

Trusted Helper
Group Icon

Posts: 3,330
OS: XP Pro

Yep some bits went missing it seems.

Moving on then.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Next

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Onli