Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojandownloader.xs / Trusted Antivirus / Spyhunter [RESOLVED]

Started by hysteria , Mar 30 2008 03:42 PM

  • This topic is locked This topic is locked

#1
hysteria
Posted 30 March 2008 - 03:42 PM

hysteria

    Member

  • Member
  • PipPipPip
  • 164 posts
I've recently contracted this terrible malware, which seems to be an epidemic as of late.

Here are some of the popup's I've been seeing:

Posted Image

Posted Image

Posted Image

These two actually popped up while I have been typing this:

Posted Image

Posted Image


I also sometimes get a drop-down list on my IE telling me I have a virus and to go to this website:

http://trustedantivi...dAntivirus.html

Actually every link from every pop up goes to this website. BEWARE! if you go to the above address, do not download Spyhunter. I believe it to be the cause of my problems. I downloaded it to get rid of it; now it's made it worse.

I've followed all procedures before posting to this forum.
Although I found AVG to work to some extent (no results listed / file) and Panda to not work for me.

AVG:
Posted Image

Posted Image

Panda:
Posted Image



Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:12 PM, on 3/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\qpsrktwp\wvchqtkb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\ahqbujql.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Daniel\Desktop\Geeks\HiJackThis_v2.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [umizeacv] C:\Windows\system32\ahqbujql.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [8uhDvdhLRf] C:\ProgramData\qpsrktwp\wvchqtkb.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8161 bytes


And my uninstall list:

µTorrent
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 7.10
Ashampoo WinOptimizer 4.40
AVG Anti-Spyware 7.5
AviSynth 2.5
Bit Che
Bonjour
CDisplay 1.8
C-Media PCI Audio Driver
DebugMode Wax 2.0
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Driver Magician 3.21
DriverGuide Toolkit
DVD Rebuilder
Easy DVD Shrink
Exact Audio Copy 0.99pb3
Eye Candy 4000
Final Draft 7
GIF Construction Set Professional 3
Google Earth
HijackThis 2.0.2
iTunes
JASP Ver 1.6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Kaspersky Internet Security 7.0
Kaspersky Internet Security 7.0
Magic DVD Ripper V5.1
MarkelSoft Dupe Eliminator for iTunes 3.9
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.2)
Nero 8
neroxml
Network Stumbler 0.4.0 (remove only)
PDF Settings
Photodex Presenter
Photoshop Camera Raw
PowerISO
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
SONAR 6 Producer Edition
Sony Media Manager 2.2
Sony Sound Forge 8.0d
Sony Vegas 7.0
SUPERAntiSpyware Free Edition
TubeHunter Ultra
Ulead GIF Animator 5
Uniblue SpeedUpMyPC
Unlocker 1.8.6
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb936644)
Update for Word 2007 (KB934173)
VCRedistSetup
VIA Platform Device Manager
VideoLAN VLC media player 0.8.6c
Winamp
Winamp Toolbar
Windows Live installer
WinRAR archiver
Xilisoft DVD Creator



Please help me!

Thanks,
Daniel

Edited by hysteria, 30 March 2008 - 03:51 PM.

  • 0

Advertisements

#2
kahdah
Posted 30 March 2008 - 05:56 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello hysteria

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
hysteria
Posted 30 March 2008 - 07:57 PM

hysteria

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Kahdah,

Here are the logs requested:

Deckard's System Scanner v20071014.68
Run by Daniel on 2008-03-30 18:49:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-03-30 23:38:35 UTC - RP414 - Scheduled Checkpoint
2: 2008-03-30 09:35:15 UTC - RP413 - Installed SUPERAntiSpyware Free Edition
1: 2008-03-30 07:29:14 UTC - RP412 - Pre-Geeks


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Daniel.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:36 PM, on 3/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\qpsrktwp\wvchqtkb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\ahqbujql.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Daniel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [umizeacv] C:\Windows\system32\ahqbujql.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [8uhDvdhLRf] C:\ProgramData\qpsrktwp\wvchqtkb.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8016 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 18430 - \??\c:\windows\system32\18430.sys
R3 cmuda3 (C-Media PCI Audio Interface) - c:\windows\system32\drivers\cmuda3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 FA31x (Netgear FA311/312 NDIS 5.0 Miniport Driver) - c:\windows\system32\drivers\fa31xnd5.sys <Not Verified; NETGEAR Corp.; NETGEAR FA311/312 NDIS 5.0 Miniport Driver>
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys

S1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - \??\c:\windows\system32\nsndis5.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: USB\VID_04F9&PID_01AB&MI_01\6&3747D8AC&4&0001
Manufacturer:
Name:
PNP Device ID: USB\VID_04F9&PID_01AB&MI_01\6&3747D8AC&4&0001
Service:

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_A2321297&REV_30\3&18D45AA6&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_A2321297&REV_30\3&18D45AA6&0&8D
Service:

Class GUID:
Description:
Device ID: ACPI\PNPB006\3&18D45AA6&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\3&18D45AA6&0
Service:


-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-30 14:34:58 0 d-------- C:\Program Files\Trend Micro
2008-03-30 02:38:17 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-30 02:36:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 00:33:07 0 d-------- C:\Users\All Users\Grisoft
2008-03-28 21:24:20 0 d-------- C:\Program Files\Enigma Software Group
2008-03-28 10:38:02 91700 --a------ C:\Windows\system32\drivers\klin.dat
2008-03-28 10:38:02 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-03-28 10:35:54 91714592 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-03-28 10:35:54 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-03-28 10:35:54 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-28 10:33:42 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-03-28 01:01:10 0 d-a------ C:\Users\All Users\TEMP
2008-03-28 00:56:03 221184 --a------ C:\Windows\vbgtorfd.dll
2008-03-28 00:56:03 323584 --a------ C:\Windows\dwnrpofk.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32winsystem.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32vbsys2.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32thun32.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32thun.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32temp#01.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32taack.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32taack.dat
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32sysreq.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ssvchost.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ssvchost.com
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ssurf022.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32sncntr.exe
2008-03-28 00:55:48 0 d-------- C:\Windows\system32smp
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32Rundl1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32regm64.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32regc64.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32psoft1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32psof1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ps1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32newsd32.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32netode.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32mwin32.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32mtr2.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32msvchost.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32mssecu.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32msnbho.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32msgp.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32medup020.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32medup012.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32hoproxy.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32emesx.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32bdn.com
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32awtoolb.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32anticipator.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32akttzn.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\mssecu.exe
2008-03-28 00:55:48 0 d-------- C:\Windows\mslagent
2008-03-28 00:55:48 4096 --a------ C:\Windows\iTunesMusic.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\bdn.com
2008-03-28 00:55:48 4096 --a------ C:\Windows\a.bat
2008-03-28 00:55:48 0 d-------- C:\Users\Daniel\Desktopvirii
2008-03-28 00:55:48 4096 --a------ C:\Users\Daniel\DesktopFWebdEditor.exe
2008-03-28 00:55:48 4096 --a------ C:\Users\Daniel\Desktopfwebd.exe
2008-03-28 00:55:48 4096 --a------ C:\Users\Daniel\Desktopfilemanagerclient.exe
2008-03-28 00:55:42 110592 --a------ C:\Windows\system32\ahqbujql.exe
2008-03-28 00:55:42 0 d-------- C:\Users\All Users\qpsrktwp
2008-03-27 23:49:58 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-25 18:05:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 18:04:09 0 d-------- C:\Program Files\Windows Live
2008-03-25 18:02:34 0 d-------- C:\Users\All Users\WLInstaller
2008-03-21 00:53:12 0 d-------- C:\Program Files\Bit Che


-- Find3M Report ---------------------------------------------------------------

2008-03-30 02:45:33 0 d-------- C:\Users\Daniel\AppData\Roaming\uTorrent
2008-03-30 02:36:20 0 d-------- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2008-03-30 02:35:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 00:33:24 0 d-------- C:\Users\Daniel\AppData\Roaming\Grisoft
2008-03-29 01:12:47 0 d-------- C:\Program Files\Winamp Toolbar
2008-03-28 10:03:15 0 d-------- C:\Users\Daniel\AppData\Roaming\Desktopicon
2008-03-28 00:03:55 0 d-------- C:\Users\Daniel\AppData\Roaming\Adobe
2008-03-28 00:03:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-27 23:49:58 0 d-------- C:\Program Files\Common Files
2008-03-22 22:44:11 0 d-------- C:\Users\Daniel\AppData\Roaming\Apple Computer
2008-03-13 00:45:39 0 d-------- C:\Program Files\Java
2008-03-02 21:42:27 0 d-------- C:\Program Files\Xilisoft
2008-02-28 13:13:22 0 d-------- C:\Program Files\Winamp
2008-02-28 13:11:38 0 d-------- C:\Users\Daniel\AppData\Roaming\Winamp
2008-02-28 08:45:59 0 d-------- C:\Users\Daniel\AppData\Roaming\DAEMON Tools
2008-02-28 01:14:53 0 d-------- C:\Program Files\FirstClass
2008-02-28 01:06:28 0 d-------- C:\Program Files\iTunes
2008-02-28 01:06:16 0 d-------- C:\Program Files\iPod
2008-02-16 03:26:13 0 d-------- C:\Program Files\Bonjour
2008-02-16 03:25:40 0 d-------- C:\Program Files\QuickTime
2008-02-07 15:02:44 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-06 21:45:18 0 d-------- C:\Program Files\Aspin
2008-02-04 09:07:37 0 d-------- C:\Users\Daniel\AppData\Roaming\dvdcss
2008-01-31 13:28:37 0 d-------- C:\Program Files\Common Files\NSV
2008-01-04 14:58:50 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-01-04 14:57:22 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 14:57:22 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 14:57:12 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 14:57:10 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:56:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="CMICNFG3.CPL" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/09/2006 09:55 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/09/2006 09:55 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/09/2006 09:55 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/28/2007 11:01 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [02/29/2008 10:10 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM]
"Aim6"="" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"umizeacv"="C:\Windows\system32\ahqbujql.exe" [03/28/2008 12:55 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/30/2008 02:01 PM]

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"8uhDvdhLRf"=C:\ProgramData\qpsrktwp\wvchqtkb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=0 (0x0)
"HideClock"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/30/2008 02:01 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{475c78b1-ba7b-11dc-a3f1-0040f45375c8}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdac5dc0-335b-11dc-b893-0018f8a2c99b}]
AutoRun\command- H:\Setup.exe -auto


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-30 18:54:17 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2200+
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1535.48 MiB / 999.89 MiB
Pagefile Memory (total/avail): 3307.39 MiB / 2671.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.01 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 298.08 GiB total, 54.95 GiB free.
D: is Fixed (NTFS) - 74.52 GiB total, 2.99 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD3200JB-00KFA0 ATA Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD800JB-00DUA3 ATA Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - D:

\\.\PHYSICALDRIVE2 - Brother MFC-240C USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab) Disabled
AV: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab) Disabled
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab) Disabled
AS: SUPERAntiSpyware v3, 6, 0, 1000 (SUPERAntiSpyware.com)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Daniel\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DANIEL-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\Daniel
LOCALAPPDATA=C:\Users\Daniel\AppData\Local
LOGONSERVER=\\DANIEL-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Daniel\AppData\Local\Temp
TMP=C:\Users\Daniel\AppData\Local\Temp
USERDOMAIN=Daniel-PC
USERNAME=Daniel
USERPROFILE=C:\Users\Daniel
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Daniel (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS4 --> MsiExec.exe /I{0F99EAFA-4054-4ABC-A3D3-D2299210572F}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS4 --> C:\Program Files\Common Files\Adobe\Installers\b741c3c52d3108664cedeb2b76f6d96\Setup.exe
Adobe Photoshop CS4 --> MsiExec.exe /I{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{A1C9D1DA-7803-4586-B509-450009938312}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ashampoo Burning Studio 7.10 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
Ashampoo WinOptimizer 4.40 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bit Che --> "C:\Program Files\Bit Che\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C-Media PCI Audio Driver --> C:\Windows\system32\CMRMDRV3.exe
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
DebugMode Wax 2.0 --> "C:\Program Files\DebugMode\Wax 2.0\uninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Magician 3.21 --> "C:\Program Files\Driver Magician\unins000.exe"
DriverGuide Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D13D318A-43CB-4D0C-9EF6-E1B01FF25279}\setup.exe"
DVD Rebuilder --> "C:\Program Files\DVD-RB PRO\unins000.exe"
Easy DVD Shrink --> C:\PROGRA~1\EASYDV~1\UNWISE.EXE C:\PROGRA~1\EASYDV~1\INSTALL.LOG
Exact Audio Copy 0.99pb3 --> C:\Program Files\Exact Audio Copy\uninst.exe
Eye Candy 4000 --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\EYECAN~1\INSTALL.LOG
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
GIF Construction Set Professional 3 --> C:\Windows\ALCHUNIN.EXE C:\Program Files\Alchemy Mindworks\GIF Construction Set Professional 3\INSTALLD.TXT
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
JASP Ver 1.6 --> MsiExec.exe /I{92716164-752C-4948-8BBF-765FB6F28F6C}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Magic DVD Ripper V5.1 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
MarkelSoft Dupe Eliminator for iTunes 3.9 --> C:\Program Files\DupeEliminator\uninstall.exe
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Photoshop Camera Raw --> MsiExec.exe /I{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SONAR 6 Producer Edition --> "C:\Program Files\Cakewalk\SONAR 6 Producer Edition\unins000.exe"
Sony Media Manager 2.2 --> MsiExec.exe /X{565286F6-CE28-45D5-A64B-DCDCD3130881}
Sony Sound Forge 8.0d --> MsiExec.exe /X{5636E517-8100-4E2A-B69E-2B16AFFA2360}
Sony Vegas 7.0 --> MsiExec.exe /X{0E27A421-0701-43D6-B214-D90C92821A7A}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TubeHunter Ultra --> MsiExec.exe /I{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}
Ulead GIF Animator 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Uniblue SpeedUpMyPC --> "C:\Program Files\Uniblue\SpeedUpMyPC\unins000.exe"
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb936644) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B581052-BF85-4AA6-91C5-7B0090712B65}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft DVD Creator --> C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type219222 / Warning
Event Submitted/Written: 03/30/2008 03:35:03 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{80FD852F-5AAC-4129-B931-06AAFFA43138}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'

Event Record #/Type219221 / Warning
Event Submitted/Written: 03/30/2008 03:35:03 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{80FD852F-5AAC-4129-B931-06AAFFA43138}', feature 'iTunes', component '{1E8FB090-55AD-4B36-BF1D-F6EAA520797E}' failed. The resource 'HKEY_CLASSES_ROOT\pcast\' does not exist.

Event Record #/Type219218 / Success
Event Submitted/Written: 03/30/2008 02:01:33 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type219210 / Success
Event Submitted/Written: 03/30/2008 01:59:20 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type219209 / Success
Event Submitted/Written: 03/30/2008 01:59:10 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35228 / Error
Event Submitted/Written: 03/30/2008 02:13:53 PM
Event ID/Source: 1001 / Microsoft-Windows-LanguagePackSetup
Event Description:
0x80004005

Event Record #/Type35227 / Error
Event Submitted/Written: 03/30/2008 02:13:53 PM
Event ID/Source: 1000 / Microsoft-Windows-LanguagePackSetup
Event Description:
0x80040154

Event Record #/Type35223 / Error
Event Submitted/Written: 03/30/2008 02:01:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
SASDIFSV%%183

Event Record #/Type35139 / Warning
Event Submitted/Written: 03/30/2008 01:57:26 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type35122 / Error
Event Submitted/Written: 03/30/2008 02:47:44 AM
Event ID/Source: 1001 / Microsoft-Windows-LanguagePackSetup
Event Description:
0x80004005



-- End of Deckard's System Scanner: finished at 2008-03-30 18:54:17 ------------
  • 0

#4
kahdah
Posted 31 March 2008 - 02:52 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi Please go to Start>Search then type in >Run then type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.
@Echo off
Sc stop "18430"
Sc delete "18430"
quit
Then please double click on fixthis.bat a window will open and close quickly.This is normal.
==========================
After that Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\vbgtorfd.dll
C:\Windows\dwnrpofk.dll
C:\Windows\system32WINWGPX.EXE
C:\Windows\system32winsystem.exe
C:\Windows\system32winlogonpc.exe
C:\Windows\system32vcatchpi.dll
C:\Windows\system32vbsys2.dll
C:\Windows\system32thun32.dll
C:\Windows\system32thun.dll
C:\Windows\system32temp#01.exe
C:\Windows\system32taack.exe
C:\Windows\system32taack.dat
C:\Windows\system32sysreq.exe
C:\Windows\system32ssvchost.exe
C:\Windows\system32ssvchost.com
C:\Windows\system32ssurf022.dll
C:\Windows\system32sncntr.exe
C:\Windows\system32smp
C:\Windows\system32Rundl1.exe
C:\Windows\system32regm64.dll
C:\Windows\system32regc64.dll
C:\Windows\system32psoft1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32ps1.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32netode.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mssecu.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32msgp.exe
C:\Windows\system32medup020.dll
C:\Windows\system32medup012.dll
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hoproxy.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32emesx.dll
C:\Windows\system32dpcproxy.exe
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32bdn.com
C:\Windows\system32awtoolb.dll
C:\Windows\system32anticipator.dll
C:\Windows\system32akttzn.exe
C:\Windows\mssecu.exe
C:\Windows\mslagent
C:\Windows\iTunesMusic.exe
C:\Windows\bdn.com
C:\Windows\a.bat
C:\Users\Daniel\Desktopvirii
C:\Users\Daniel\DesktopFWebdEditor.exe
C:\Users\Daniel\Desktopfwebd.exe
C:\Users\Daniel\Desktopfilemanagerclient.exe
C:\Windows\system32\ahqbujql.exe
C:\Users\All Users\qpsrktwp
C:\Windows\system32\ahqbujql.exe
c:\windows\system32\18430.sys
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\umizeacv
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#5
hysteria
Posted 31 March 2008 - 10:53 PM

hysteria

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Okay, did everything.

The OTMoveit program however did not produce a log. As you can see in the screenshot below, this is all I found inside that folder, another folder with this .dll file:

Posted Image

Here is the log produced by the Malwarebytes program:

Malwarebytes' Anti-Malware 1.09
Database version: 574

Scan type: Full Scan (A:\|C:\|D:\|F:\|)
Objects scanned: 188004
Time elapsed: 1 hour(s), 47 minute(s), 32 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 15

Memory Processes Infected:
c:\programdata\qpsrktwp\wvchqtkb.exe (Trojan.FakeAlert) -> Unloaded process successfully.
c:\Windows\System32\ahqbujql.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Windows\System32\ahqbujql.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f9b56a55-30f2-489f-88d0-2b7e5d498a5f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bfc56573-6cdd-4a62-b607-184d9e2550c8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.bfag (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d322f612-158e-421d-b8ce-acde0d343553} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{927c066d-b471-48a2-af20-7642539acd70} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\qvdntlmw.bfag (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\qvdntlmw.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\8uhDvdhLRf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\umizeacv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Daniel\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\qpsrktwp\wvchqtkb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\ahqbujql.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\dwnrpofk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03312008_101701\Windows\vbgtorfd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Daniel\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Daniel\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Daniel\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Daniel\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Daniel\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. ???
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.


Here is a screenshot (like you mentioned) produced after the cleanup asking me to restart if this helps at all:
Posted Image
  • 0

#6
kahdah
Posted 01 April 2008 - 03:16 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi can you run dss again and post the log it produces please.

If you are wwondering about the itunes music .exe it is malware despite the name it is in the wrong Directory.
  • 0

#7
hysteria
Posted 01 April 2008 - 10:38 AM

hysteria

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Okay, here is the new DSS log:

Deckard's System Scanner v20071014.68
Run by Daniel on 2008-04-01 09:34:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 39.42 GiB (less than 15%) free.


-- HijackThis (run as Daniel.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:05 AM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Daniel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7637 bytes

-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-03-31 10:39:55 0 d-------- C:\Users\All Users\Malwarebytes
2008-03-31 10:39:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 19:50:03 0 d-------- C:\Program Files\X-Chat 2
2008-03-30 14:34:58 0 d-------- C:\Program Files\Trend Micro
2008-03-30 02:38:17 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-30 02:36:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 00:33:07 0 d-------- C:\Users\All Users\Grisoft
2008-03-28 21:24:20 0 d-------- C:\Program Files\Enigma Software Group
2008-03-28 10:38:02 91700 --a------ C:\Windows\system32\drivers\klin.dat
2008-03-28 10:38:02 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-03-28 10:35:54 108953632 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-03-28 10:35:54 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-03-28 10:35:54 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-28 10:33:42 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-03-28 01:01:10 0 d-a------ C:\Users\All Users\TEMP
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32winsystem.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32vbsys2.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32thun32.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32thun.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32temp#01.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32taack.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32taack.dat
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32sysreq.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ssvchost.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ssvchost.com
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ssurf022.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32sncntr.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32Rundl1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32regm64.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32regc64.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32psoft1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32psof1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32ps1.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32newsd32.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32netode.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32mwin32.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32mtr2.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32msvchost.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32mssecu.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32msnbho.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32msgp.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32medup020.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32medup012.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32hoproxy.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32emesx.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32bdn.com
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32awtoolb.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32anticipator.dll
2008-03-28 00:55:48 4096 --a------ C:\Windows\system32akttzn.exe
2008-03-28 00:55:48 4096 --a------ C:\Windows\a.bat
2008-03-28 00:55:48 4096 --a------ C:\Users\Daniel\DesktopFWebdEditor.exe
2008-03-28 00:55:48 4096 --a------ C:\Users\Daniel\Desktopfwebd.exe
2008-03-28 00:55:48 4096 --a------ C:\Users\Daniel\Desktopfilemanagerclient.exe
2008-03-28 00:55:42 0 d-------- C:\Users\All Users\qpsrktwp
2008-03-27 23:49:58 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-25 18:05:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 18:04:09 0 d-------- C:\Program Files\Windows Live
2008-03-25 18:02:34 0 d-------- C:\Users\All Users\WLInstaller
2008-03-21 00:53:12 0 d-------- C:\Program Files\Bit Che


-- Find3M Report ---------------------------------------------------------------

2008-03-31 10:40:16 0 d-------- C:\Users\Daniel\AppData\Roaming\Malwarebytes
2008-03-31 10:19:42 0 d-------- C:\Users\Daniel\AppData\Roaming\uTorrent
2008-03-30 19:59:55 0 d-------- C:\Users\Daniel\AppData\Roaming\X-Chat 2
2008-03-30 02:36:20 0 d-------- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2008-03-30 02:35:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 00:33:24 0 d-------- C:\Users\Daniel\AppData\Roaming\Grisoft
2008-03-29 01:12:47 0 d-------- C:\Program Files\Winamp Toolbar
2008-03-28 10:03:15 0 d-------- C:\Users\Daniel\AppData\Roaming\Desktopicon
2008-03-28 00:03:55 0 d-------- C:\Users\Daniel\AppData\Roaming\Adobe
2008-03-28 00:03:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-27 23:49:58 0 d-------- C:\Program Files\Common Files
2008-03-22 22:44:11 0 d-------- C:\Users\Daniel\AppData\Roaming\Apple Computer
2008-03-13 00:45:39 0 d-------- C:\Program Files\Java
2008-03-02 21:42:27 0 d-------- C:\Program Files\Xilisoft
2008-02-28 13:13:22 0 d-------- C:\Program Files\Winamp
2008-02-28 13:11:38 0 d-------- C:\Users\Daniel\AppData\Roaming\Winamp
2008-02-28 08:45:59 0 d-------- C:\Users\Daniel\AppData\Roaming\DAEMON Tools
2008-02-28 01:14:53 0 d-------- C:\Program Files\FirstClass
2008-02-28 01:06:28 0 d-------- C:\Program Files\iTunes
2008-02-28 01:06:16 0 d-------- C:\Program Files\iPod
2008-02-16 03:26:13 0 d-------- C:\Program Files\Bonjour
2008-02-16 03:25:40 0 d-------- C:\Program Files\QuickTime
2008-02-07 15:02:44 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-06 21:45:18 0 d-------- C:\Program Files\Aspin
2008-02-04 09:07:37 0 d-------- C:\Users\Daniel\AppData\Roaming\dvdcss
2008-01-04 14:58:50 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-01-04 14:57:22 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 14:57:22 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 14:57:12 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 14:57:10 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:57:10 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 14:56:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="CMICNFG3.CPL" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/09/2006 09:55 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/09/2006 09:55 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/09/2006 09:55 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/28/2007 11:01 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [02/29/2008 10:10 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM]
"Aim6"="" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/30/2008 02:01 PM]

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=0 (0x0)
"HideClock"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/30/2008 02:01 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{475c78b1-ba7b-11dc-a3f1-0040f45375c8}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdac5dc0-335b-11dc-b893-0018f8a2c99b}]
AutoRun\command- H:\Setup.exe -auto


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-01 09:36:06 ------------
  • 0

#8
kahdah
Posted 01 April 2008 - 02:40 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#9
hysteria
Posted 01 April 2008 - 06:11 PM

hysteria

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
ComboFix 08-04-01.2 - Daniel 2008-04-01 16:50:21.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.835 [GMT -7:00]
Running from: C:\Users\Daniel\Desktop\Geeks\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Daniel\Desktopblackbird.jpg
C:\Users\Daniel\DesktopEditorFKWP1.5.exe
C:\Users\Daniel\DesktopEditorFKWP2.0.exe
C:\Users\Daniel\Desktopfilemanagerclient.exe
C:\Users\Daniel\Desktopfkwp1.5.exe
C:\Users\Daniel\Desktopfkwp2.0.exe
C:\Users\Daniel\Desktopfwebd.exe
C:\Users\Daniel\DesktopFWebdEditor.exe
C:\Users\Daniel\DesktopTrojan.Win32.BlackBird.exe
C:\Windows\a.bat
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE

.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-31 10:40 . 2008-03-31 10:40 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\Malwarebytes
2008-03-31 10:39 . 2008-03-31 10:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-03-31 10:39 . 2008-03-31 10:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-03-31 10:39 . 2008-03-31 10:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-31 10:17 . 2008-03-31 10:17 <DIR> d-------- C:\_OTMoveIt
2008-03-30 19:52 . 2008-03-30 19:59 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\X-Chat 2
2008-03-30 19:50 . 2008-03-30 19:50 <DIR> d-------- C:\Program Files\X-Chat 2
2008-03-30 18:49 . 2008-03-30 18:49 <DIR> d-------- C:\Deckard
2008-03-30 14:34 . 2008-03-30 14:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 02:38 . 2008-03-30 02:38 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-30 02:38 . 2008-03-30 02:38 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-03-30 02:36 . 2008-03-30 02:36 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2008-03-30 02:36 . 2008-03-30 14:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 00:33 . 2008-03-30 00:33 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\Grisoft
2008-03-30 00:33 . 2008-03-30 00:33 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-30 00:33 . 2008-03-30 00:33 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-30 00:33 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-28 21:24 . 2008-03-28 21:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-28 10:38 . 2008-03-28 10:38 91,700 --a------ C:\Windows\System32\drivers\klin.dat
2008-03-28 10:38 . 2008-03-28 10:38 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-03-28 10:35 . 2008-03-31 21:43 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-03-28 10:35 . 2008-03-31 21:43 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-03-28 10:35 . 2008-03-28 10:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-28 10:35 . 2008-04-01 16:56 112,372,768 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-03-28 10:35 . 2008-03-31 21:40 1,452,632 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-03-28 10:33 . 2008-03-28 10:33 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-03-28 10:33 . 2008-03-28 10:33 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-03-28 10:03 . 2008-03-28 10:03 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\Desktopicon
2008-03-28 01:01 . 2008-03-28 10:03 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-28 01:01 . 2008-03-28 10:03 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-28 00:55 . 2008-03-31 21:39 <DIR> d-------- C:\Users\All Users\qpsrktwp
2008-03-28 00:55 . 2008-03-31 21:39 <DIR> d-------- C:\ProgramData\qpsrktwp
2008-03-27 23:49 . 2008-03-27 23:49 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-25 18:05 . 2008-03-25 18:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 18:04 . 2008-03-25 18:04 <DIR> d-------- C:\Program Files\Windows Live
2008-03-25 18:02 . 2008-03-25 18:02 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-25 18:02 . 2008-03-25 18:02 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-21 00:53 . 2008-03-21 00:55 <DIR> d-------- C:\Program Files\Bit Che
2008-03-21 00:53 . 2004-03-09 00:00 124,688 --a------ C:\Windows\System32\mswinsck.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 23:50 --------- d-----w C:\Users\Daniel\AppData\Roaming\uTorrent
2008-04-01 18:58 --------- d-----w C:\Program Files\DriverGuide Toolkit
2008-03-30 09:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 08:12 --------- d-----w C:\Program Files\Winamp Toolbar
2008-03-28 17:03 --------- d-----w C:\Program Files\Unlocker
2008-03-28 07:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 05:44 --------- d-----w C:\Users\Daniel\AppData\Roaming\Apple Computer
2008-03-13 07:45 --------- d-----w C:\Program Files\Java
2008-03-03 04:42 --------- d-----w C:\Program Files\Xilisoft
2008-02-28 20:13 --------- d-----w C:\Program Files\Winamp
2008-02-28 20:11 --------- d-----w C:\Users\Daniel\AppData\Roaming\Winamp
2008-02-28 15:45 --------- d-----w C:\Users\Daniel\AppData\Roaming\DAEMON Tools
2008-02-28 08:14 --------- d-----w C:\Program Files\FirstClass
2008-02-28 08:06 --------- d-----w C:\Program Files\iTunes
2008-02-28 08:06 --------- d-----w C:\Program Files\iPod
2008-02-16 10:26 --------- d-----w C:\Program Files\Bonjour
2008-02-16 10:25 --------- d-----w C:\Program Files\QuickTime
2008-02-09 01:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-09 01:35 23,604 ----a-w C:\Windows\system32\drivers\klopp.dat
2008-02-07 22:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-07 04:45 --------- d-----w C:\Program Files\Aspin
2008-02-04 16:07 --------- d-----w C:\Users\Daniel\AppData\Roaming\dvdcss
2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-09-15 18:06 174 --sha-w C:\Program Files\desktop.ini
2007-12-04 01:56 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-04 01:56 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-04 01:56 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"Aim6"="" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-30 14:01 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="CMICNFG3.CPL" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-10-09 21:55 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-10-09 21:55 7741440]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-10-09 21:55 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-28 23:01 185632]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 22:10 15872]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-30 14:01 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71C316BD-7DA1-4004-B539-8770924338DC}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{D2452BD5-E827-4F3E-90AD-574774B12FB1}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{229F6055-87C7-4C67-A1B1-D27FC2336BF5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4AF6170-F901-4510-9408-DAAEE2A4A695}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{61D4D27E-7835-4F54-A771-A0E24F14765C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{46D5FBDB-1AC3-49E9-9FB6-F8ED9105D3A5}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6C806AC0-C6A4-408C-B3BE-E84EB772D524}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{48A5805D-CF04-45F9-858B-D520AAAAD85B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E87EF552-536D-4275-A97E-4FF738D7101E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{168DA30B-3FF7-4439-BF43-17177560CECB}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{35EE7F9D-AB53-4911-82BB-279B0C11A0D9}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{DD95F643-0CF0-44CA-8E51-9963A61C7291}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{3B6FF27E-D505-466B-A26B-52EC49F88AAE}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{1EB30BA4-3AEA-4872-BBD3-3E9F3C03CE3F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{62FEDB95-AAF2-4535-852F-E8AC95EE413E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E9E56670-C20A-42B8-BF69-CE006993B5F0}C:\\users\\daniel\\desktop\\myspacemp3gopher.exe"= UDP:C:\users\daniel\desktop\myspacemp3gopher.exe:myspacemp3gopher.exe
"UDP Query User{70E0E502-08AE-401E-B358-E036D8D3BDB0}C:\\users\\daniel\\desktop\\myspacemp3gopher.exe"= TCP:C:\users\daniel\desktop\myspacemp3gopher.exe:myspacemp3gopher.exe
"TCP Query User{8C2913AC-E12E-42FE-8EBC-83CB92EF74ED}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D237B94C-9C8B-4AC8-80D1-791FD169F4E8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{F16DAAC8-6440-4296-82E7-3493F2FF67E3}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6A04B10A-2F8D-41E0-847B-85154A45A1AC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{2BE05AD5-B2D1-4F4D-BF31-831EF56C71CC}"= UDP:C:\Users\Daniel\Desktop\utorrent-1.8-alpha-7928.upx.exe:µTorrent (TCP-In)
"{B17658AD-881C-4199-8183-3CF8A2FC21B9}"= TCP:C:\Users\Daniel\Desktop\utorrent-1.8-alpha-7928.upx.exe:µTorrent (UDP-In)
"{155D1F64-B49D-49F9-AD80-1B5532C9F9FE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E2140E76-BB62-4BFC-BAEF-5456A6935847}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1CB2038C-2950-40A0-8AB5-190B68F3EB58}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{92C39F2B-B881-400F-8004-4A21944D0B38}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3F8CCE78-2CA6-4A7E-B28A-1C83E4E292F4}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{177305BA-66CE-4945-9524-8EB1BDEEFAF7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{792E72A6-BAA4-414A-B3F3-4F78F85E6FA2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{50D3D06E-B6A0-4B4B-9754-953A9E863C12}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D48F88C2-0425-4F68-9243-AD2F582D785B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{017BF4D7-D890-4A63-94FD-5F3EC4AFDA22}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E2F7C078-DF1A-429C-ACAB-7944C60E6CE4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{374183C3-C72C-4331-BD27-DA6B38A28C51}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R3 FA31x;Netgear FA311/312 NDIS 5.0 Miniport Driver;C:\Windows\system32\DRIVERS\FA31xND5.SYS [2001-04-17 19:41]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\Windows\system32\NSNDIS5.SYS [2004-03-23 19:12]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-11-21 09:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{475c78b1-ba7b-11dc-a3f1-0040f45375c8}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdac5dc0-335b-11dc-b893-0018f8a2c99b}]
\shell\AutoRun\command - H:\Setup.exe -auto

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 16:56:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 16:58:20
ComboFix-quarantined-files.txt 2008-04-01 23:58:11
Pre-Run: 40,300,441,600 bytes free
Post-Run: 40,279,449,600 bytes free
.
2007-09-14 10:02:12 --- E O F ---




Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:22 PM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DriverGuide Toolkit\drvgdtk2.exe
C:\Program Files\DriverGuide Toolkit\drvgdtk2.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7443 bytes





Good News: Haven't had any popup's today! I know we're not finished completely checking my machine, but I'd just like to know what your recommendation for a good malware fighter is to keep around. My machine's kinda running slow since I've put all these on here. And I already had Kaspersky (althought I think the ones you gave me to work with work better!). Thanks Kahdah!
  • 0

#10
kahdah
Posted 01 April 2008 - 08:39 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Malwarebytes would be a good one to keep around.
Put together with Kaspersky that is good.
But Malwarebytes is only a trial version.
But it would be good to keep around as an on demand scanner.(always do the updates before any scan)
==============================================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Users\All Users\qpsrktwp
C:\ProgramData\qpsrktwp


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements

#11
hysteria
Posted 01 April 2008 - 11:59 PM

hysteria

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
ComboFix 08-04-01.2 - Daniel 2008-04-01 21:45:15.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.748 [GMT -7:00]
Running from: C:\Users\Daniel\Desktop\Geeks\ComboFix.exe
Command switches used :: C:\Users\Daniel\Desktop\Geeks\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\qpsrktwp

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-03-31 10:40 . 2008-03-31 10:40 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\Malwarebytes
2008-03-31 10:39 . 2008-03-31 10:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-03-31 10:39 . 2008-03-31 10:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-03-31 10:39 . 2008-03-31 10:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-31 10:17 . 2008-03-31 10:17 <DIR> d-------- C:\_OTMoveIt
2008-03-30 19:52 . 2008-03-30 19:59 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\X-Chat 2
2008-03-30 19:50 . 2008-03-30 19:50 <DIR> d-------- C:\Program Files\X-Chat 2
2008-03-30 18:49 . 2008-03-30 18:49 <DIR> d-------- C:\Deckard
2008-03-30 14:34 . 2008-03-30 14:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 02:38 . 2008-03-30 02:38 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-30 02:38 . 2008-03-30 02:38 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-03-30 02:36 . 2008-03-30 02:36 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2008-03-30 02:36 . 2008-03-30 14:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 00:33 . 2008-03-30 00:33 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\Grisoft
2008-03-30 00:33 . 2008-03-30 00:33 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-30 00:33 . 2008-03-30 00:33 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-30 00:33 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-28 21:24 . 2008-03-28 21:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-28 10:38 . 2008-03-28 10:38 91,700 --a------ C:\Windows\System32\drivers\klin.dat
2008-03-28 10:38 . 2008-03-28 10:38 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-03-28 10:35 . 2008-03-31 21:43 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-03-28 10:35 . 2008-03-31 21:43 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-03-28 10:35 . 2008-03-28 10:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-28 10:35 . 2008-04-01 21:50 114,641,440 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-03-28 10:35 . 2008-03-31 21:40 1,452,632 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-03-28 10:33 . 2008-03-28 10:33 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-03-28 10:33 . 2008-03-28 10:33 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-03-28 10:03 . 2008-03-28 10:03 <DIR> d-------- C:\Users\Daniel\AppData\Roaming\Desktopicon
2008-03-28 01:01 . 2008-03-28 10:03 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-28 01:01 . 2008-03-28 10:03 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-27 23:49 . 2008-03-27 23:49 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-25 18:05 . 2008-03-25 18:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 18:04 . 2008-03-25 18:04 <DIR> d-------- C:\Program Files\Windows Live
2008-03-25 18:02 . 2008-03-25 18:02 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-25 18:02 . 2008-03-25 18:02 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-21 00:53 . 2008-03-21 00:55 <DIR> d-------- C:\Program Files\Bit Che
2008-03-21 00:53 . 2004-03-09 00:00 124,688 --a------ C:\Windows\System32\mswinsck.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 04:45 --------- d-----w C:\Users\Daniel\AppData\Roaming\uTorrent
2008-04-01 18:58 --------- d-----w C:\Program Files\DriverGuide Toolkit
2008-03-30 09:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 08:12 --------- d-----w C:\Program Files\Winamp Toolbar
2008-03-28 17:03 --------- d-----w C:\Program Files\Unlocker
2008-03-28 07:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 05:44 --------- d-----w C:\Users\Daniel\AppData\Roaming\Apple Computer
2008-03-13 07:45 --------- d-----w C:\Program Files\Java
2008-03-03 04:42 --------- d-----w C:\Program Files\Xilisoft
2008-02-28 20:13 --------- d-----w C:\Program Files\Winamp
2008-02-28 20:11 --------- d-----w C:\Users\Daniel\AppData\Roaming\Winamp
2008-02-28 15:45 --------- d-----w C:\Users\Daniel\AppData\Roaming\DAEMON Tools
2008-02-28 08:14 --------- d-----w C:\Program Files\FirstClass
2008-02-28 08:06 --------- d-----w C:\Program Files\iTunes
2008-02-28 08:06 --------- d-----w C:\Program Files\iPod
2008-02-16 10:26 --------- d-----w C:\Program Files\Bonjour
2008-02-16 10:25 --------- d-----w C:\Program Files\QuickTime
2008-02-09 01:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-09 01:35 23,604 ----a-w C:\Windows\system32\drivers\klopp.dat
2008-02-07 22:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-07 04:45 --------- d-----w C:\Program Files\Aspin
2008-02-04 16:07 --------- d-----w C:\Users\Daniel\AppData\Roaming\dvdcss
2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-09-15 18:06 174 --sha-w C:\Program Files\desktop.ini
2007-12-04 01:56 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-04 01:56 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-04 01:56 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_16.57.34.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-01 18:25:32 102,400 ----a-r C:\Windows\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe
+ 2008-04-02 00:43:14 102,400 ----a-r C:\Windows\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"Aim6"="" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-30 14:01 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="CMICNFG3.CPL" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-10-09 21:55 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-10-09 21:55 7741440]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-10-09 21:55 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-28 23:01 185632]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 22:10 15872]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-30 14:01 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71C316BD-7DA1-4004-B539-8770924338DC}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{D2452BD5-E827-4F3E-90AD-574774B12FB1}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{229F6055-87C7-4C67-A1B1-D27FC2336BF5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4AF6170-F901-4510-9408-DAAEE2A4A695}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{61D4D27E-7835-4F54-A771-A0E24F14765C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{46D5FBDB-1AC3-49E9-9FB6-F8ED9105D3A5}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6C806AC0-C6A4-408C-B3BE-E84EB772D524}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{48A5805D-CF04-45F9-858B-D520AAAAD85B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E87EF552-536D-4275-A97E-4FF738D7101E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{168DA30B-3FF7-4439-BF43-17177560CECB}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{35EE7F9D-AB53-4911-82BB-279B0C11A0D9}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{DD95F643-0CF0-44CA-8E51-9963A61C7291}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{3B6FF27E-D505-466B-A26B-52EC49F88AAE}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{1EB30BA4-3AEA-4872-BBD3-3E9F3C03CE3F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{62FEDB95-AAF2-4535-852F-E8AC95EE413E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E9E56670-C20A-42B8-BF69-CE006993B5F0}C:\\users\\daniel\\desktop\\myspacemp3gopher.exe"= UDP:C:\users\daniel\desktop\myspacemp3gopher.exe:myspacemp3gopher.exe
"UDP Query User{70E0E502-08AE-401E-B358-E036D8D3BDB0}C:\\users\\daniel\\desktop\\myspacemp3gopher.exe"= TCP:C:\users\daniel\desktop\myspacemp3gopher.exe:myspacemp3gopher.exe
"TCP Query User{8C2913AC-E12E-42FE-8EBC-83CB92EF74ED}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D237B94C-9C8B-4AC8-80D1-791FD169F4E8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{F16DAAC8-6440-4296-82E7-3493F2FF67E3}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6A04B10A-2F8D-41E0-847B-85154A45A1AC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{2BE05AD5-B2D1-4F4D-BF31-831EF56C71CC}"= UDP:C:\Users\Daniel\Desktop\utorrent-1.8-alpha-7928.upx.exe:µTorrent (TCP-In)
"{B17658AD-881C-4199-8183-3CF8A2FC21B9}"= TCP:C:\Users\Daniel\Desktop\utorrent-1.8-alpha-7928.upx.exe:µTorrent (UDP-In)
"{155D1F64-B49D-49F9-AD80-1B5532C9F9FE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E2140E76-BB62-4BFC-BAEF-5456A6935847}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1CB2038C-2950-40A0-8AB5-190B68F3EB58}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{92C39F2B-B881-400F-8004-4A21944D0B38}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3F8CCE78-2CA6-4A7E-B28A-1C83E4E292F4}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{177305BA-66CE-4945-9524-8EB1BDEEFAF7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{792E72A6-BAA4-414A-B3F3-4F78F85E6FA2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{50D3D06E-B6A0-4B4B-9754-953A9E863C12}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D48F88C2-0425-4F68-9243-AD2F582D785B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{017BF4D7-D890-4A63-94FD-5F3EC4AFDA22}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{BBCE00A5-11C8-4517-A1C3-99DCD23EFA31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8A6B3050-65A0-4A63-8619-61D00D8560FA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R3 FA31x;Netgear FA311/312 NDIS 5.0 Miniport Driver;C:\Windows\system32\DRIVERS\FA31xND5.SYS [2001-04-17 19:41]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\Windows\system32\NSNDIS5.SYS [2004-03-23 19:12]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-11-21 09:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{475c78b1-ba7b-11dc-a3f1-0040f45375c8}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdac5dc0-335b-11dc-b893-0018f8a2c99b}]
\shell\AutoRun\command - H:\Setup.exe -auto

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 21:51:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-04-01 21:54:19
ComboFix-quarantined-files.txt 2008-04-02 04:54:06
ComboFix2.txt 2008-04-01 23:58:22
Pre-Run: 31,728,910,336 bytes free
Post-Run: 31,708,495,872 bytes free
.
2007-09-14 10:02:12 --- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:08 PM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DriverGuide Toolkit\drvgdtk2.exe
C:\Program Files\DriverGuide Toolkit\drvgdtk2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7588 bytes



Thanks for the recommendations. How do you think my machine is looking now?
  • 0

#12
kahdah
Posted 02 April 2008 - 03:01 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
looks better.
Please go ahead and update Kaspersky and run a full system scan with it please post that log.
  • 0

#13
hysteria
Posted 02 April 2008 - 09:53 PM

hysteria

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
You know what, I had Kaspersky run and it deleted a bunch of stuff, but when it came to saving the log file. The log file turned out to be 117 megabytes (in TEXT format!). That must be a lot of data, because I can't even get it to open in notepad without it freezing. So all I can tell you is that it did the job and deleted some spyware, but not much else. Is there anything else I can post? I have Kaspersky Internet Security; I don't know if it's the main Kaspersky program.
  • 0

#14
kahdah
Posted 03 April 2008 - 03:23 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
All I need to know is if it said something coudn't be deleted ?
If not then we will finish up. :)
  • 0

#15
hysteria
Posted 03 April 2008 - 02:26 PM

hysteria

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Nope everything went fine! Thank you Kahdah! I really really appreciate it! You have no idea. You're the man!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP