Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pmropn.exe [RESOLVED]

Started by zestron , Apr 27 2008 07:40 AM

  • This topic is locked This topic is locked

#1
zestron
Posted 27 April 2008 - 07:40 AM

zestron

    Member

  • Member
  • PipPipPip
  • 334 posts
I've noticed recently that "pmropn.exe" has been popping up everywhere, and my computer is being very slow with other things running.


It has been showing up in the Task Manager with a Mem Usage of 90,000 K.

I found it in my msconfig startup list, turned it off, and it went back on.
"pmropn C:\windows\system32\pmropn.exe -boot"

I've updated and ran Spybot S&D, and AVG Anti-Spyware.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:36 AM, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\perfmonss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\QQ\Africa2003\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\QQ\Africa2003\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ\Africa2003\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ\Africa2003\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfmonss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

Edited by zestron, 27 April 2008 - 07:43 AM.

  • 0

Advertisements

#2
greyknight17
Posted 27 April 2008 - 08:10 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfmonss.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop AFinding
sc delete AFinding
sc stop perfmons
sc delete perfmons
sc stop Routing
sc delete Routing
sc stop WServing
sc delete WServing
del delete.bat

Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\pmai.dll
C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\perfmonss.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\wserving.exe

If any of the files above are giving you problems deleting them, just make note of it and continue with the below steps.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Edited by greyknight17, 27 April 2008 - 08:11 AM.

  • 0

#3
zestron
Posted 27 April 2008 - 10:06 AM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts
Malwarebytes' Anti-Malware 1.11
Database version: 689

Scan type: Full Scan (C:\|)
Objects scanned: 67309
Time elapsed: 1 hour(s), 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Wow that was long.



Ahh what the [bleep], this program is deleting tons of stuff!

ComboFix 08-04-26.5 - Peter van Gurp 2008-04-27 12:32:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1211 [GMT -3:00]
Running from: C:\Documents and Settings\Peter van Gurp\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mwinsys.ini
C:\WINDOWS\System\AlxRes070927.exe
C:\WINDOWS\system32\_000111_.tmp.dll
C:\WINDOWS\system32\_000114_.tmp.dll
C:\WINDOWS\system32\_000125_.tmp.dll
C:\WINDOWS\system32\_000228_.tmp.dll
C:\WINDOWS\system32\_000232_.tmp.dll
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\dllcache\spoolsv.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\inf\scrsys070927.scr
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\tmp0_112201625566.bk
C:\WINDOWS\system32\tmp0_128096751395.bk
C:\WINDOWS\system32\tmp0_140840754365.bk
C:\WINDOWS\system32\tmp0_141251477798.bk
C:\WINDOWS\system32\tmp0_142048322506.bk
C:\WINDOWS\system32\tmp0_148521273752.bk
C:\WINDOWS\system32\tmp0_1564446357.bk
C:\WINDOWS\system32\tmp0_15886843276.bk
C:\WINDOWS\system32\tmp0_17066336957.bk
C:\WINDOWS\system32\tmp0_17143278353.bk
C:\WINDOWS\system32\tmp0_173911343187.bk
C:\WINDOWS\system32\tmp0_187974723756.bk
C:\WINDOWS\system32\tmp0_216266145664.bk
C:\WINDOWS\system32\tmp0_217983882493.bk
C:\WINDOWS\system32\tmp0_238023662943.bk
C:\WINDOWS\system32\tmp0_250199251563.bk
C:\WINDOWS\system32\tmp0_250361355691.bk
C:\WINDOWS\system32\tmp0_264397696126.bk
C:\WINDOWS\system32\tmp0_269030436330.bk
C:\WINDOWS\system32\tmp0_301721530039.bk
C:\WINDOWS\system32\tmp0_304268341384.bk
C:\WINDOWS\system32\tmp0_314710545337.bk
C:\WINDOWS\system32\tmp0_32583165158.bk
C:\WINDOWS\system32\tmp0_332026597740.bk
C:\WINDOWS\system32\tmp0_333999613617.bk
C:\WINDOWS\system32\tmp0_335031745519.bk
C:\WINDOWS\system32\tmp0_343117669088.bk
C:\WINDOWS\system32\tmp0_352459809416.bk
C:\WINDOWS\system32\tmp0_352679773798.bk
C:\WINDOWS\system32\tmp0_377138611190.bk
C:\WINDOWS\system32\tmp0_393877877227.bk
C:\WINDOWS\system32\tmp0_422363788704.bk
C:\WINDOWS\system32\tmp0_424570709824.bk
C:\WINDOWS\system32\tmp0_428705222007.bk
C:\WINDOWS\system32\tmp0_435466676815.bk
C:\WINDOWS\system32\tmp0_435890408821.bk
C:\WINDOWS\system32\tmp0_443807300369.bk
C:\WINDOWS\system32\tmp0_459834117234.bk
C:\WINDOWS\system32\tmp0_465391640652.bk
C:\WINDOWS\system32\tmp0_532225759426.bk
C:\WINDOWS\system32\tmp0_536406503950.bk
C:\WINDOWS\system32\tmp0_538005601831.bk
C:\WINDOWS\system32\tmp0_53855171737.bk
C:\WINDOWS\system32\tmp0_54122874177.bk
C:\WINDOWS\system32\tmp0_597263546383.bk
C:\WINDOWS\system32\tmp0_618075253173.bk
C:\WINDOWS\system32\tmp0_634279430667.bk
C:\WINDOWS\system32\tmp0_64630374557.bk
C:\WINDOWS\system32\tmp0_689877302464.bk
C:\WINDOWS\system32\tmp0_691188599493.bk
C:\WINDOWS\system32\tmp0_709803367220.bk
C:\WINDOWS\system32\tmp0_719728568249.bk
C:\WINDOWS\system32\tmp0_724133844709.bk
C:\WINDOWS\system32\tmp0_728378560860.bk
C:\WINDOWS\system32\tmp0_730569258972.bk
C:\WINDOWS\system32\tmp0_740288472098.bk
C:\WINDOWS\system32\tmp0_740908527449.bk
C:\WINDOWS\system32\tmp0_74709240260.bk
C:\WINDOWS\system32\tmp0_756572169059.bk
C:\WINDOWS\system32\tmp0_769796180301.bk
C:\WINDOWS\system32\tmp0_775021163813.bk
C:\WINDOWS\system32\tmp0_78904573819.bk
C:\WINDOWS\system32\tmp0_818028826619.bk
C:\WINDOWS\system32\tmp0_825750103463.bk
C:\WINDOWS\system32\tmp0_833545878359.bk
C:\WINDOWS\system32\tmp0_85429858828.bk
C:\WINDOWS\system32\tmp0_85508061187.bk
C:\WINDOWS\system32\tmp0_868464821952.bk
C:\WINDOWS\system32\tmp0_875335599626.bk
C:\WINDOWS\system32\tmp0_881924891006.bk
C:\WINDOWS\system32\tmp0_887153252113.bk
C:\WINDOWS\system32\tmp0_899195140736.bk
C:\WINDOWS\system32\tmp0_93267732606.bk
C:\WINDOWS\system32\tmp0_98109649708.bk
C:\WINDOWS\system32\tmp1_108558840675.bk
C:\WINDOWS\system32\tmp1_118280803039.bk
C:\WINDOWS\system32\tmp1_14449300703.bk
C:\WINDOWS\system32\tmp1_174861698918.bk
C:\WINDOWS\system32\tmp1_176400581139.bk
C:\WINDOWS\system32\tmp1_188475775565.bk
C:\WINDOWS\system32\tmp1_190593523680.bk
C:\WINDOWS\system32\tmp1_190818495702.bk
C:\WINDOWS\system32\tmp1_19734159630.bk
C:\WINDOWS\system32\tmp1_226285309128.bk
C:\WINDOWS\system32\tmp1_23430243050.bk
C:\WINDOWS\system32\tmp1_235045669666.bk
C:\WINDOWS\system32\tmp1_23778953751.bk
C:\WINDOWS\system32\tmp1_241129589778.bk
C:\WINDOWS\system32\tmp1_255908206190.bk
C:\WINDOWS\system32\tmp1_259996343334.bk
C:\WINDOWS\system32\tmp1_26211105991.bk
C:\WINDOWS\system32\tmp1_283707650011.bk
C:\WINDOWS\system32\tmp1_29888193474.bk
C:\WINDOWS\system32\tmp1_325574664130.bk
C:\WINDOWS\system32\tmp1_339093546727.bk
C:\WINDOWS\system32\tmp1_345124582240.bk
C:\WINDOWS\system32\tmp1_347409885272.bk
C:\WINDOWS\system32\tmp1_380530102633.bk
C:\WINDOWS\system32\tmp1_381427651356.bk
C:\WINDOWS\system32\tmp1_382213226608.bk
C:\WINDOWS\system32\tmp1_389365173983.bk
C:\WINDOWS\system32\tmp1_401975710778.bk
C:\WINDOWS\system32\tmp1_412720116938.bk
C:\WINDOWS\system32\tmp1_471106540296.bk
C:\WINDOWS\system32\tmp1_473896714263.bk
C:\WINDOWS\system32\tmp1_53842442783.bk
C:\WINDOWS\system32\tmp1_557658793916.bk
C:\WINDOWS\system32\tmp1_5805744191.bk
C:\WINDOWS\system32\tmp1_587058792074.bk
C:\WINDOWS\system32\tmp1_596293539407.bk
C:\WINDOWS\system32\tmp1_641499310815.bk
C:\WINDOWS\system32\tmp1_650715402243.bk
C:\WINDOWS\system32\tmp1_655402116752.bk
C:\WINDOWS\system32\tmp1_68129288306.bk
C:\WINDOWS\system32\tmp1_690835625338.bk
C:\WINDOWS\system32\tmp1_738470613854.bk
C:\WINDOWS\system32\tmp1_743513393996.bk
C:\WINDOWS\system32\tmp1_751221594657.bk
C:\WINDOWS\system32\tmp1_798971639543.bk
C:\WINDOWS\system32\tmp1_835880104582.bk
C:\WINDOWS\system32\tmp1_84048373704.bk
C:\WINDOWS\system32\tmp1_859103402862.bk
C:\WINDOWS\system32\tmp1_870245287816.bk
C:\WINDOWS\system32\tmp1_870906723348.bk
C:\WINDOWS\system32\tmp1_893689804843.bk
C:\WINDOWS\system32\tmp1_96749282281.bk
C:\WINDOWS\system32\tmp2_101093334711.bk
C:\WINDOWS\system32\tmp2_177450235572.bk
C:\WINDOWS\system32\tmp2_671006390660.bk
C:\WINDOWS\system32\tmp3_108771215727.bk
C:\WINDOWS\system32\tmp3_118828719530.bk
C:\WINDOWS\system32\tmp3_125980536222.bk
C:\WINDOWS\system32\tmp3_134417879251.bk
C:\WINDOWS\system32\tmp3_140235153756.bk
C:\WINDOWS\system32\tmp3_148971562650.bk
C:\WINDOWS\system32\tmp3_158498725529.bk
C:\WINDOWS\system32\tmp3_18205329054.bk
C:\WINDOWS\system32\tmp3_18638566193.bk
C:\WINDOWS\system32\tmp3_209460192105.bk
C:\WINDOWS\system32\tmp3_214936370016.bk
C:\WINDOWS\system32\tmp3_230487299028.bk
C:\WINDOWS\system32\tmp3_234389652535.bk
C:\WINDOWS\system32\tmp3_235642644278.bk
C:\WINDOWS\system32\tmp3_238605395725.bk
C:\WINDOWS\system32\tmp3_240536308162.bk
C:\WINDOWS\system32\tmp3_25634424059.bk
C:\WINDOWS\system32\tmp3_291307241381.bk
C:\WINDOWS\system32\tmp3_310954315955.bk
C:\WINDOWS\system32\tmp3_319998470242.bk
C:\WINDOWS\system32\tmp3_321407104019.bk
C:\WINDOWS\system32\tmp3_332860330269.bk
C:\WINDOWS\system32\tmp3_333390149806.bk
C:\WINDOWS\system32\tmp3_334480544835.bk
C:\WINDOWS\system32\tmp3_344030807624.bk
C:\WINDOWS\system32\tmp3_351629483019.bk
C:\WINDOWS\system32\tmp3_354113341799.bk
C:\WINDOWS\system32\tmp3_369184647104.bk
C:\WINDOWS\system32\tmp3_400871257937.bk
C:\WINDOWS\system32\tmp3_400971808870.bk
C:\WINDOWS\system32\tmp3_401515113600.bk
C:\WINDOWS\system32\tmp3_427105258.bk
C:\WINDOWS\system32\tmp3_427536393880.bk
C:\WINDOWS\system32\tmp3_456601854036.bk
C:\WINDOWS\system32\tmp3_45694733004.bk
C:\WINDOWS\system32\tmp3_476923530543.bk
C:\WINDOWS\system32\tmp3_477912428431.bk
C:\WINDOWS\system32\tmp3_48982791731.bk
C:\WINDOWS\system32\tmp3_500837382760.bk
C:\WINDOWS\system32\tmp3_524060742208.bk
C:\WINDOWS\system32\tmp3_543370354794.bk
C:\WINDOWS\system32\tmp3_547195203487.bk
C:\WINDOWS\system32\tmp3_549489841399.bk
C:\WINDOWS\system32\tmp3_554203585329.bk
C:\WINDOWS\system32\tmp3_564284320107.bk
C:\WINDOWS\system32\tmp3_566338775803.bk
C:\WINDOWS\system32\tmp3_568568112671.bk
C:\WINDOWS\system32\tmp3_57693708855.bk
C:\WINDOWS\system32\tmp3_590898727817.bk
C:\WINDOWS\system32\tmp3_60797345441.bk
C:\WINDOWS\system32\tmp3_6218826220.bk
C:\WINDOWS\system32\tmp3_628597346538.bk
C:\WINDOWS\system32\tmp3_63315780916.bk
C:\WINDOWS\system32\tmp3_647625870264.bk
C:\WINDOWS\system32\tmp3_661290685321.bk
C:\WINDOWS\system32\tmp3_698866228378.bk
C:\WINDOWS\system32\tmp3_708238614743.bk
C:\WINDOWS\system32\tmp3_730288279075.bk
C:\WINDOWS\system32\tmp3_73076670702.bk
C:\WINDOWS\system32\tmp3_73732343007.bk
C:\WINDOWS\system32\tmp3_741405605431.bk
C:\WINDOWS\system32\tmp3_74311221258.bk
C:\WINDOWS\system32\tmp3_751343694984.bk
C:\WINDOWS\system32\tmp3_756171259873.bk
C:\WINDOWS\system32\tmp3_777652341555.bk
C:\WINDOWS\system32\tmp3_782092136163.bk
C:\WINDOWS\system32\tmp3_79379649563.bk
C:\WINDOWS\system32\tmp3_815047423959.bk
C:\WINDOWS\system32\tmp3_82126170997.bk
C:\WINDOWS\system32\tmp3_845845768525.bk
C:\WINDOWS\system32\tmp3_859441873463.bk
C:\WINDOWS\system32\tmp3_860357363858.bk
C:\WINDOWS\system32\tmp3_862039793164.bk
C:\WINDOWS\system32\tmp3_876913321556.bk
C:\WINDOWS\system32\tmp3_879735654788.bk
C:\WINDOWS\system32\tmp3_886318609507.bk
C:\WINDOWS\system32\tmp3_886965535596.bk
C:\WINDOWS\system32\tmp4_10283629201.bk
C:\WINDOWS\system32\tmp4_109747581818.bk
C:\WINDOWS\system32\tmp4_126078752266.bk
C:\WINDOWS\system32\tmp4_126625309501.bk
C:\WINDOWS\system32\tmp4_130691895259.bk
C:\WINDOWS\system32\tmp4_14162552448.bk
C:\WINDOWS\system32\tmp4_142333742261.bk
C:\WINDOWS\system32\tmp4_178157169450.bk
C:\WINDOWS\system32\tmp4_17938697628.bk
C:\WINDOWS\system32\tmp4_190138836188.bk
C:\WINDOWS\system32\tmp4_196183612472.bk
C:\WINDOWS\system32\tmp4_199370479252.bk
C:\WINDOWS\system32\tmp4_201305101807.bk
C:\WINDOWS\system32\tmp4_201338196239.bk
C:\WINDOWS\system32\tmp4_240516692643.bk
C:\WINDOWS\system32\tmp4_24405424129.bk
C:\WINDOWS\system32\tmp4_262108841254.bk
C:\WINDOWS\system32\tmp4_32570977857.bk
C:\WINDOWS\system32\tmp4_334108612407.bk
C:\WINDOWS\system32\tmp4_33598629907.bk
C:\WINDOWS\system32\tmp4_342956192213.bk
C:\WINDOWS\system32\tmp4_343736449963.bk
C:\WINDOWS\system32\tmp4_346385158475.bk
C:\WINDOWS\system32\tmp4_363516101851.bk
C:\WINDOWS\system32\tmp4_3757362560.bk
C:\WINDOWS\system32\tmp4_382244232439.bk
C:\WINDOWS\system32\tmp4_382374837908.bk
C:\WINDOWS\system32\tmp4_386228567351.bk
C:\WINDOWS\system32\tmp4_399081635125.bk
C:\WINDOWS\system32\tmp4_399371696829.bk
C:\WINDOWS\system32\tmp4_431194328740.bk
C:\WINDOWS\system32\tmp4_436439857007.bk
C:\WINDOWS\system32\tmp4_446912484238.bk
C:\WINDOWS\system32\tmp4_452540879284.bk
C:\WINDOWS\system32\tmp4_456320245386.bk
C:\WINDOWS\system32\tmp4_460634250.bk
C:\WINDOWS\system32\tmp4_495142585346.bk
C:\WINDOWS\system32\tmp4_50209514351.bk
C:\WINDOWS\system32\tmp4_518145685661.bk
C:\WINDOWS\system32\tmp4_533352150702.bk
C:\WINDOWS\system32\tmp4_5383429616.bk
C:\WINDOWS\system32\tmp4_541717809030.bk
C:\WINDOWS\system32\tmp4_557419554461.bk
C:\WINDOWS\system32\tmp4_55934445647.bk
C:\WINDOWS\system32\tmp4_575999812575.bk
C:\WINDOWS\system32\tmp4_587755323066.bk
C:\WINDOWS\system32\tmp4_607660191905.bk
C:\WINDOWS\system32\tmp4_614246572026.bk
C:\WINDOWS\system32\tmp4_624254599168.bk
C:\WINDOWS\system32\tmp4_6325743300.bk
C:\WINDOWS\system32\tmp4_63260649842.bk
C:\WINDOWS\system32\tmp4_64872527695.bk
C:\WINDOWS\system32\tmp4_651875346311.bk
C:\WINDOWS\system32\tmp4_658154149638.bk
C:\WINDOWS\system32\tmp4_658598517614.bk
C:\WINDOWS\system32\tmp4_683077285387.bk
C:\WINDOWS\system32\tmp4_688026666237.bk
C:\WINDOWS\system32\tmp4_695594348833.bk
C:\WINDOWS\system32\tmp4_700701464300.bk
C:\WINDOWS\system32\tmp4_71214152876.bk
C:\WINDOWS\system32\tmp4_716720246202.bk
C:\WINDOWS\system32\tmp4_718404460691.bk
C:\WINDOWS\system32\tmp4_71903019660.bk
C:\WINDOWS\system32\tmp4_719343522761.bk
C:\WINDOWS\system32\tmp4_726907393605.bk
C:\WINDOWS\system32\tmp4_7655496039.bk
C:\WINDOWS\system32\tmp4_772784888767.bk
C:\WINDOWS\system32\tmp4_784681432363.bk
C:\WINDOWS\system32\tmp4_815305478540.bk
C:\WINDOWS\system32\tmp4_820921876886.bk
C:\WINDOWS\system32\tmp4_837991836085.bk
C:\WINDOWS\system32\tmp4_854262672522.bk
C:\WINDOWS\system32\tmp4_887817109852.bk
C:\WINDOWS\system32\tmp4_950238211.bk
C:\WINDOWS\system32\tmp4_95386479561.bk
C:\WINDOWS\system32\vtUnOebB.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Service_NPF
-------\Service_perfmons


((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2010-12-29 13:24 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-12-29 13:24 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-27 12:31 . 2008-04-27 12:31 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\Malwarebytes
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-27 10:37 . 2008-04-27 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 16:11 . 2008-04-25 16:11 1,024 --a------ C:\.rnd
2008-04-25 16:11 . 2008-04-25 16:11 22 --a------ C:\WINDOWS\FileName
2008-04-25 16:10 . 2008-04-25 16:10 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-04-25 15:45 . 2006-03-23 19:53 442,368 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2008-04-25 15:44 . 2006-03-23 15:51 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-04-25 15:44 . 2006-02-20 08:00 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1036.dll
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1034.dll
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1031.dll
2008-04-25 15:43 . 2006-03-22 09:22 158,720 --a------ C:\WINDOWS\system32\fdco_l1046.dll
2008-04-25 15:43 . 2006-03-22 09:22 158,720 --a------ C:\WINDOWS\system32\fdco_l1040.dll
2008-04-25 15:43 . 2006-03-22 09:22 156,672 --a------ C:\WINDOWS\system32\fdco_l1042.dll
2008-04-25 15:43 . 2006-03-22 09:22 156,672 --a------ C:\WINDOWS\system32\fdco_l1041.dll
2008-04-25 15:43 . 2006-03-22 09:22 155,648 --a------ C:\WINDOWS\system32\fdco_l1028.dll
2008-04-25 15:43 . 2006-03-22 09:22 155,136 --a------ C:\WINDOWS\system32\fdco_l2052.dll
2008-04-25 11:10 . 2008-04-25 11:10 <DIR> d-------- C:\Program Files\ShellUploader
2008-04-20 18:50 . 2007-10-10 16:41 42,112 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2008-04-20 18:50 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-04-20 18:50 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-20 18:50 . 2007-11-02 14:36 18,176 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-04-20 18:50 . 2007-01-22 18:33 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-04-20 18:50 . 2007-11-02 14:51 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-04-20 18:05 . 2008-04-20 19:22 <DIR> d-------- C:\Program Files\P2KC
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-20 11:03 . 2008-04-20 11:03 <DIR> d-------- C:\Program Files\Motorola
2008-04-20 10:45 . 2008-04-20 10:45 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-19 13:56 . 2008-04-19 13:56 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2008-04-18 16:44 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-15 22:08 . 2008-04-15 22:16 <DIR> d-------- C:\Program Files\Dark Messiah of Might and Magic
2008-04-15 20:39 . 2008-04-15 20:39 286,720 --a------ C:\WINDOWS\system32\pmxf.dll
2008-04-15 20:10 . 2008-04-15 20:10 712,704 --a------ C:\WINDOWS\system32\pmph.dll
2008-04-14 22:26 . 2008-04-15 15:48 368,640 --a------ C:\WINDOWS\system32\pmls.dll
2008-04-14 22:26 . 2003-05-07 14:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-12 14:03 . 2008-04-12 14:03 <DIR> d-------- C:\Program Files\TechSmith
2008-04-12 14:03 . 2008-04-12 14:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2008-04-10 16:24 . 2008-04-10 16:27 <DIR> d-------- C:\Program Files\ArtMoney
2008-04-10 08:21 . 2008-04-10 08:21 <DIR> d-------- C:\Program Files\HyCam2
2008-04-09 19:44 . 2008-04-09 19:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-09 19:44 . 2008-04-09 19:44 2,557 --a------ C:\WINDOWS\unins000.dat
2008-04-06 23:46 . 2008-04-06 23:46 <DIR> d-------- C:\Program Files\doc2word
2008-04-06 10:59 . 2008-04-06 11:01 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-03 07:28 . 2008-04-03 07:28 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Skype
2008-04-02 20:25 . 2008-04-09 17:23 145 --a------ C:\WINDOWS\system32\1.tsk
2008-03-31 18:12 . 2008-03-31 18:12 268 --ah----- C:\sqmdata00.sqm
2008-03-31 18:12 . 2008-03-31 18:12 244 --ah----- C:\sqmnoopt00.sqm
2008-03-30 18:44 . 2008-03-30 19:45 <DIR> d-------- C:\Program Files\mobile PhoneTools
2008-03-30 18:44 . 2008-03-30 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-03-30 18:44 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-03-30 18:44 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 05:39 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\uTorrent
2008-04-27 00:03 --------- d-----w C:\Program Files\Steam
2008-04-26 20:12 --------- d-----w C:\Program Files\PC Tools AntiVirus
2008-04-25 19:40 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-25 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 20:09 --------- d-----w C:\Program Files\Avatar Sizer
2008-04-20 20:09 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Cabos
2008-04-19 14:07 --------- d-----w C:\Program Files\Photomatix
2008-04-18 20:40 --------- d-----w C:\Program Files\MagicISO
2008-04-18 01:55 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-16 01:07 --------- d-----w C:\Program Files\Free Download Manager
2008-04-12 17:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 10:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 01:16 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Skype
2008-04-09 22:52 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\skypePM
2008-04-09 21:50 --------- d-----w C:\Program Files\Vstplugins
2008-04-09 21:50 --------- d-----w C:\Program Files\u-he
2008-04-09 21:50 --------- d-----w C:\Program Files\MediaCoder
2008-04-09 21:48 --------- d-----w C:\Program Files\Gadwin Systems
2008-04-09 21:47 --------- d-----w C:\Program Files\Image-Line
2008-04-09 21:47 --------- d-----w C:\Program Files\DivX
2008-04-09 21:45 --------- d-----w C:\Program Files\Autodesk
2008-04-09 21:44 --------- d-----w C:\Program Files\Apophysis 2.0
2008-04-09 03:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-06 14:01 71,184 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-01 00:38 --------- d-----w C:\Program Files\Net Tools
2008-03-31 01:37 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-26 00:52 --------- d-----w C:\Program Files\WinPcap
2008-03-24 04:42 --------- d-----w C:\Program Files\Real Alternative
2008-03-24 04:38 --------- d-----w C:\Program Files\Media Player Classic
2008-03-24 04:38 --------- d-----w C:\Program Files\Cloudbrain
2008-03-24 03:38 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-24 01:34 --------- d-----w C:\Program Files\Second Sight Software
2008-03-23 16:14 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-23 03:00 --------- d-----w C:\Program Files\Warcraft III
2008-03-23 02:02 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-23 02:02 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-22 00:11 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-22 00:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2008-03-21 21:13 --------- d-----w C:\Program Files\iTunes Library Updater
2008-03-21 19:58 --------- d-----w C:\Program Files\tamasoftware
2008-03-20 14:07 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\CasaPortale.de
2008-03-20 13:59 --------- d-----w C:\Program Files\PosteRazor
2008-03-19 19:41 --------- d-----w C:\Program Files\dirLock
2008-03-19 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-03-17 23:00 --------- d-----w C:\Program Files\autostitch
2008-03-17 19:16 --------- d-----w C:\Program Files\eMule
2008-03-08 19:14 4,337,664 ----a-w C:\Program Files\mplayerc.exe
2008-03-06 00:47 --------- d-----w C:\Program Files\Java
2008-03-05 01:52 --------- d-----w C:\Program Files\iTunes
2008-03-05 01:52 --------- d-----w C:\Program Files\iPod
2008-03-05 01:08 --------- d-----w C:\Program Files\Red Kawa
2008-03-05 00:58 --------- d-----w C:\Program Files\DVDVideoSoft
2008-03-05 00:58 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-04 12:12 --------- d-----w C:\Program Files\MP3ToIpodAudioBookConverter
2008-03-04 12:12 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\MP3toiPodAudioBookConverter
2008-03-03 02:10 3,146,183 ----a-w C:\WINDOWS\win_habbo_screensaver.SCR
2008-03-03 02:09 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\iScreensaver
2008-03-02 15:03 --------- d-----w C:\Program Files\MediaMonkey
2008-03-02 15:03 --------- d-----w C:\Program Files\AV Soft
2008-03-02 14:54 --------- d-----w C:\Program Files\TuneSleeve
2008-03-02 14:54 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-03-02 14:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\eSellerate
2008-03-02 14:33 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\albumart
2008-03-02 04:54 --------- d-----w C:\Program Files\QuickTime
2008-02-29 20:40 --------- d-----w C:\Program Files\Ipod Video Converter
2008-02-29 02:36 --------- d-----w C:\Program Files\SWFSOFT Flash Compiler & Decompiler
2008-02-29 02:36 --------- d-----w C:\Program Files\SWF To Image
2008-02-27 00:15 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\dvdcss
2008-02-08 03:18 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-01-30 15:43 5,292,066 ----a-w C:\Program Files\hl2 2008-01-30 11-43-20-31.bmp
2008-01-21 00:17 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2007-12-29 04:26 113,503 ----a-w C:\Program Files\INSTALL.LOG
2007-12-27 04:42 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2007-12-27 04:32 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLds.DAT
2007-12-14 01:09 38,201 ----a-w C:\Program Files\uninstall.exe
2006-10-26 09:44 2,838,528 ----a-w C:\Program Files\fraps.exe
2006-10-26 09:43 122,880 ----a-w C:\Program Files\frapslcd.dll
2006-10-26 09:43 110,592 ----a-w C:\Program Files\fraps.dll
2006-10-26 08:36 11,066 ----a-w C:\Program Files\changes.txt
2006-10-26 02:44 1,859 ----a-w C:\Program Files\README.HTM
2006-10-21 00:56 56,320 ----a-w C:\Program Files\fraps64.dll
2006-10-21 00:56 293,376 ----a-w C:\Program Files\fraps64.dat
2004-10-01 18:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-09-12 14:19 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 14:22 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 09:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS

2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 08:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 09:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-20 10:15 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SsAAD.exe"="C:\PROGRA~1\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 22:01 54832]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 10:39 98304]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 15:31 259440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoTaskMng"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"VIDC.JPGL"= jpgl.dll
"vidc.dvsd"= pdvcodec.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"vidc.MP42"= MPG4c32..dll
"vidc.MP43"= MPG4c32..dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 18:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 13:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
-ra------ 2005-05-03 08:38 64512 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2007-10-04 16:44 1082664 C:\Program Files\PC Tools AntiVirus\PCTAV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
C:\windows\system32\pmropn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon.exe]
--a------ 2007-12-03 20:31 790528 C:\Documents and Settings\Peter van Gurp\My Documents\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\drivers\\etc\\nop9\\WINClock.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Documents and Settings\\Peter van Gurp\\My Documents\\winlogon.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37]
S3 mamovec;mamovec;C:\WINDOWS\system32\Drivers\mamovec.sys [2005-06-16 19:11]
S3 mamovem;mamovem;C:\WINDOWS\system32\Drivers\mamovem.sys [2005-06-16 19:13]
S3 mamoveu;mamoveu;C:\WINDOWS\system32\DRIVERS\mamoveu.sys [2007-08-13 15:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 18:33]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys [2001-09-24 10:42]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 19:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe /autorun
\Shell\directx\command - H:\DirectX\dxsetup.exe
\Shell\setup\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0e9e84-0d7f-11dd-a454-00161777a7bf}]
\Shell\AutoRun\command - H:\Startup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43311404-4402-5425-5052-340321331144}]
C:\Documents and Settings\Peter van Gurp\My Documents\winlogon.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:54:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-09-23 16:54:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 12:40:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-04-27 13:06:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 16:05:39

Pre-Run: 97,486,061,568 bytes free
Post-Run: 98,771,779,584 bytes free

657 --- E O F --- 2008-04-21 03:03:51
  • 0

#4
greyknight17
Posted 27 April 2008 - 05:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\Documents and Settings\Peter van Gurp\My Documents\winlogon.exe
C:\windows\system32\pmropn.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43311404-4402-5425-5052-340321331144}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#5
zestron
Posted 27 April 2008 - 08:20 PM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts
Oh, well you see. I deleted that program. My computer is running fine now, thank you.
  • 0

#6
greyknight17
Posted 29 April 2008 - 08:06 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please post the new log created after you ran that script. It should be located at C:\Combofix.txt. I just want to take one more quick look before we close this issue.
  • 0

#7
zestron
Posted 30 April 2008 - 10:52 AM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts

Please post the new log created after you ran that script. It should be located at C:\Combofix.txt. I just want to take one more quick look before we close this issue.


Okay, it finished. Do you know where it placed the log, I accidentally pressed Enter, and skipped where it told me where it was.

Edited by zestron, 01 May 2008 - 01:30 PM.

  • 0

#8
greyknight17
Posted 01 May 2008 - 06:55 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. It's at C:\ComboFix.txt
  • 0

#9
zestron
Posted 01 May 2008 - 07:31 PM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts
ComboFix 08-04-29.5 - Peter van Gurp 2008-04-30 13:37:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1421 [GMT -3:00]
Running from: C:\Documents and Settings\Peter van Gurp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter van Gurp\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Peter van Gurp\My Documents\winlogon.exe
C:\windows\system32\pmropn.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Peter van Gurp\My Documents\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2010-12-29 13:24 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-12-29 13:24 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-30 12:14 . 2008-04-30 12:17 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\SecondLife
2008-04-30 11:27 . 2008-04-30 12:17 <DIR> d-------- C:\Program Files\SecondLife
2008-04-29 10:16 . 2008-04-29 10:16 268 --ah----- C:\sqmdata04.sqm
2008-04-29 10:16 . 2008-04-29 10:16 244 --ah----- C:\sqmnoopt04.sqm
2008-04-29 10:14 . 2008-04-29 10:14 172 --ah----- C:\sqmnoopt03.sqm
2008-04-29 10:14 . 2008-04-29 10:14 172 --ah----- C:\sqmdata03.sqm
2008-04-29 10:06 . 2008-04-29 10:06 268 --ah----- C:\sqmdata02.sqm
2008-04-29 10:06 . 2008-04-29 10:06 244 --ah----- C:\sqmnoopt02.sqm
2008-04-29 09:56 . 2008-04-29 09:56 268 --ah----- C:\sqmdata01.sqm
2008-04-29 09:56 . 2008-04-29 09:56 244 --ah----- C:\sqmnoopt01.sqm
2008-04-27 23:29 . 2008-04-27 23:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PY_Software
2008-04-27 23:28 . 2008-04-27 23:37 <DIR> d-------- C:\Program Files\Active WebCam
2008-04-27 23:22 . 2008-04-27 23:23 <DIR> d-------- C:\Program Files\Fake Webcam
2008-04-27 22:58 . 2008-04-27 22:58 <DIR> d-------- C:\Program Files\Microsoft LifeChat
2008-04-27 13:58 . 2008-04-27 13:58 <DIR> d-------- C:\Program Files\I wanna be the guy
2008-04-27 13:54 . 2008-04-27 13:54 <DIR> d-------- C:\Program Files\InterMute
2008-04-27 12:31 . 2008-04-30 13:37 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\Malwarebytes
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-27 10:37 . 2008-04-27 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 16:11 . 2008-04-25 16:11 1,024 --a------ C:\.rnd
2008-04-25 16:11 . 2008-04-25 16:11 22 --a------ C:\WINDOWS\FileName
2008-04-25 16:10 . 2008-04-25 16:10 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-04-25 15:45 . 2006-03-23 19:53 442,368 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2008-04-25 15:44 . 2006-03-23 15:51 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-04-25 15:44 . 2006-02-20 08:00 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1036.dll
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1034.dll
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1031.dll
2008-04-25 15:43 . 2006-03-22 09:22 158,720 --a------ C:\WINDOWS\system32\fdco_l1046.dll
2008-04-25 15:43 . 2006-03-22 09:22 158,720 --a------ C:\WINDOWS\system32\fdco_l1040.dll
2008-04-25 15:43 . 2006-03-22 09:22 156,672 --a------ C:\WINDOWS\system32\fdco_l1042.dll
2008-04-25 15:43 . 2006-03-22 09:22 156,672 --a------ C:\WINDOWS\system32\fdco_l1041.dll
2008-04-25 15:43 . 2006-03-22 09:22 155,648 --a------ C:\WINDOWS\system32\fdco_l1028.dll
2008-04-25 15:43 . 2006-03-22 09:22 155,136 --a------ C:\WINDOWS\system32\fdco_l2052.dll
2008-04-25 11:10 . 2008-04-25 11:10 <DIR> d-------- C:\Program Files\ShellUploader
2008-04-20 18:50 . 2007-10-10 16:41 42,112 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2008-04-20 18:50 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-04-20 18:50 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-20 18:50 . 2007-11-02 14:36 18,176 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-04-20 18:50 . 2007-01-22 18:33 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-04-20 18:50 . 2007-11-02 14:51 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-04-20 18:05 . 2008-04-20 19:22 <DIR> d-------- C:\Program Files\P2KC
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-20 11:03 . 2008-04-20 11:03 <DIR> d-------- C:\Program Files\Motorola
2008-04-20 10:45 . 2008-04-20 10:45 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-19 13:56 . 2008-04-19 13:56 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2008-04-18 16:44 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-15 22:08 . 2008-04-15 22:16 <DIR> d-------- C:\Program Files\Dark Messiah of Might and Magic
2008-04-15 20:39 . 2008-04-15 20:39 286,720 --a------ C:\WINDOWS\system32\pmxf.dll
2008-04-15 20:10 . 2008-04-15 20:10 712,704 --a------ C:\WINDOWS\system32\pmph.dll
2008-04-14 22:26 . 2008-04-15 15:48 368,640 --a------ C:\WINDOWS\system32\pmls.dll
2008-04-14 22:26 . 2003-05-07 14:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-12 14:03 . 2008-04-12 14:03 <DIR> d-------- C:\Program Files\TechSmith
2008-04-12 14:03 . 2008-04-12 14:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2008-04-10 16:24 . 2008-04-10 16:27 <DIR> d-------- C:\Program Files\ArtMoney
2008-04-10 08:21 . 2008-04-10 08:21 <DIR> d-------- C:\Program Files\HyCam2
2008-04-09 19:44 . 2008-04-09 19:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-09 19:44 . 2008-04-09 19:44 2,557 --a------ C:\WINDOWS\unins000.dat
2008-04-06 23:46 . 2008-04-06 23:46 <DIR> d-------- C:\Program Files\doc2word
2008-04-06 10:59 . 2008-04-06 11:01 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-02 20:25 . 2008-04-09 17:23 145 --a------ C:\WINDOWS\system32\1.tsk
2008-03-31 18:12 . 2008-03-31 18:12 268 --ah----- C:\sqmdata00.sqm
2008-03-31 18:12 . 2008-03-31 18:12 244 --ah----- C:\sqmnoopt00.sqm
2008-03-30 18:44 . 2008-03-30 19:45 <DIR> d-------- C:\Program Files\mobile PhoneTools
2008-03-30 18:44 . 2008-03-30 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-03-30 18:44 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-03-30 18:44 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-03-24 15:49 . 2008-04-09 18:48 <DIR> d-------- C:\iGrabber
2008-03-24 15:21 . 2008-03-24 15:21 7 --ahs---- C:\WINDOWS\iTiAN.id.uses
2008-03-24 01:42 . 2008-03-24 01:42 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-24 01:38 . 2008-03-24 01:38 <DIR> d-------- C:\Program Files\Media Player Classic
2008-03-24 01:36 . 2008-03-08 16:14 4,337,664 --a------ C:\Program Files\mplayerc.exe
2008-03-23 22:34 . 2008-03-23 22:34 <DIR> d-------- C:\Program Files\Second Sight Software
2008-03-22 22:54 . 2008-03-22 23:02 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-22 22:54 . 2008-03-22 23:08 75,693 --a------ C:\WINDOWS\War3Unin.dat
2008-03-22 22:54 . 2008-03-22 23:02 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-22 22:50 . 2008-03-23 00:00 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-21 21:11 . 2008-03-21 21:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2008-03-21 18:13 . 2008-03-21 18:13 <DIR> d-------- C:\Program Files\iTunes Library Updater
2008-03-21 16:58 . 2008-03-21 16:58 <DIR> d-------- C:\Program Files\tamasoftware
2008-03-20 11:07 . 2008-03-20 11:07 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\CasaPortale.de
2008-03-20 10:59 . 2008-03-20 10:59 <DIR> d-------- C:\Program Files\PosteRazor
2008-03-17 15:49 . 2008-03-17 16:16 <DIR> d-------- C:\Program Files\eMule
2008-03-05 09:55 . 2008-04-18 17:40 <DIR> d-------- C:\Program Files\MagicISO
2008-03-04 22:52 . 2008-03-04 22:52 <DIR> d-------- C:\Program Files\iPod
2008-03-04 22:08 . 2008-03-04 22:08 <DIR> d-------- C:\Program Files\Red Kawa
2008-03-04 22:08 . 2008-03-23 13:14 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-03-04 21:57 . 2008-03-05 11:58 <DIR> d-------- C:\DVDVideoSoft
2008-03-04 18:33 . 2008-04-30 10:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 18:33 . 2008-03-04 22:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 09:12 . 2008-03-04 09:12 <DIR> d-------- C:\Program Files\MP3ToIpodAudioBookConverter
2008-03-04 09:12 . 2008-03-04 09:12 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\MP3toiPodAudioBookConverter
2008-03-02 23:10 . 2008-03-02 23:10 3,146,183 --a------ C:\WINDOWS\win_habbo_screensaver.SCR
2008-03-02 23:10 . 2008-03-02 23:10 471 --a------ C:\WINDOWS\iScreensaver.ini
2008-03-02 23:09 . 2008-03-02 23:09 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\iScreensaver
2008-03-02 20:40 . 2008-03-04 21:58 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-02 20:40 . 2008-03-04 21:58 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\AV Soft
2008-03-02 11:54 . 2008-03-02 11:54 <DIR> d-------- C:\Program Files\TuneSleeve
2008-03-02 11:54 . 2008-03-02 11:54 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-03-02 11:54 . 2008-03-02 11:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\eSellerate
2008-03-02 11:39 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\MediaMonkey
2008-03-02 11:32 . 2008-03-02 11:33 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\albumart
2008-03-02 11:20 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-02 11:20 . 2002-11-27 13:12 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-03-02 11:20 . 2002-11-27 13:12 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-03-02 01:55 . 2008-03-04 22:52 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 14:18 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\uTorrent
2008-04-30 02:22 --------- d-----w C:\Program Files\Steam
2008-04-29 04:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-26 20:12 --------- d-----w C:\Program Files\PC Tools AntiVirus
2008-04-25 19:40 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-25 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 20:09 --------- d-----w C:\Program Files\Avatar Sizer
2008-04-20 20:09 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Cabos
2008-04-19 14:07 --------- d-----w C:\Program Files\Photomatix
2008-04-18 20:36 185,344 ----a-w C:\WINDOWS\system32\perfmonss.exe
2008-04-16 01:07 --------- d-----w C:\Program Files\Free Download Manager
2008-04-16 01:02 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-12 17:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 10:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 01:16 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Skype
2008-04-09 22:52 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\skypePM
2008-04-09 21:50 --------- d-----w C:\Program Files\Vstplugins
2008-04-09 21:50 --------- d-----w C:\Program Files\u-he
2008-04-09 21:50 --------- d-----w C:\Program Files\MediaCoder
2008-04-09 21:48 --------- d-----w C:\Program Files\Gadwin Systems
2008-04-09 21:47 --------- d-----w C:\Program Files\Image-Line
2008-04-09 21:47 --------- d-----w C:\Program Files\DivX
2008-04-09 21:45 --------- d-----w C:\Program Files\Autodesk
2008-04-09 21:44 --------- d-----w C:\Program Files\Apophysis 2.0
2008-04-09 03:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-06 14:01 71,184 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-01 00:38 --------- d-----w C:\Program Files\Net Tools
2008-03-31 01:37 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-26 00:52 --------- d-----w C:\Program Files\WinPcap
2008-03-24 04:38 --------- d-----w C:\Program Files\Cloudbrain
2008-03-24 03:38 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-22 00:11 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-19 19:41 --------- d-----w C:\Program Files\dirLock
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-03-17 23:00 --------- d-----w C:\Program Files\autostitch
2008-03-06 00:47 --------- d-----w C:\Program Files\Java
2008-03-02 04:54 --------- d-----w C:\Program Files\QuickTime
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 20:40 --------- d-----w C:\Program Files\Ipod Video Converter
2008-02-29 02:36 --------- d-----w C:\Program Files\SWFSOFT Flash Compiler & Decompiler
2008-02-29 02:36 --------- d-----w C:\Program Files\SWF To Image
2008-02-23 22:13 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-23 22:04 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-02-23 22:04 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-02-23 22:04 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 22:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-08 03:18 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-02-01 06:21 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2008-01-30 15:43 5,292,066 ----a-w C:\Program Files\hl2 2008-01-30 11-43-20-31.bmp
2008-01-21 00:17 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-01-16 02:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-16 01:41 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-01-16 01:41 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-12-29 04:26 113,503 ----a-w C:\Program Files\INSTALL.LOG
2007-12-27 04:42 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2007-12-27 04:32 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLds.DAT
2007-12-14 01:09 38,201 ----a-w C:\Program Files\uninstall.exe
2006-10-26 09:44 2,838,528 ----a-w C:\Program Files\fraps.exe
2006-10-26 09:43 122,880 ----a-w C:\Program Files\frapslcd.dll
2006-10-26 09:43 110,592 ----a-w C:\Program Files\fraps.dll
2006-10-26 08:36 11,066 ----a-w C:\Program Files\changes.txt
2006-10-26 02:44 1,859 ----a-w C:\Program Files\README.HTM
2006-10-21 00:56 56,320 ----a-w C:\Program Files\fraps64.dll
2006-10-21 00:56 293,376 ----a-w C:\Program Files\fraps64.dat
2004-10-01 18:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-09-16 05:19 99,544 ----a-w C:\WINDOWS\inf\virprn.exe
2003-09-16 05:19 90,624 ----a-w C:\WINDOWS\inf\prtproc.dll
2003-09-16 05:19 18,950 ----a-w C:\WINDOWS\inf\virpntd.dll
2003-09-16 05:19 10,240 ----a-w C:\WINDOWS\inf\virport.dll
2007-09-12 14:19 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 14:22 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 09:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS

2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 08:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 09:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_13.05.25.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 15:40:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 13:22:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-24 01:34:32 3,873 ----a-w C:\WINDOWS\mozver.dat
+ 2008-04-27 19:33:43 3,873 ----a-w C:\WINDOWS\mozver.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-20 10:15 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SsAAD.exe"="C:\PROGRA~1\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 22:01 54832]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 10:39 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoTaskMng"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"VIDC.JPGL"= jpgl.dll
"vidc.dvsd"= pdvcodec.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"vidc.MP42"= MPG4c32..dll
"vidc.MP43"= MPG4c32..dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 18:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 13:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
-ra------ 2005-05-03 08:38 64512 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2007-10-04 16:44 1082664 C:\Program Files\PC Tools AntiVirus\PCTAV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\drivers\\etc\\nop9\\WINClock.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37]
R3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys [2001-09-24 10:42]
S3 mamovec;mamovec;C:\WINDOWS\system32\Drivers\mamovec.sys [2005-06-16 19:11]
S3 mamovem;mamovem;C:\WINDOWS\system32\Drivers\mamovem.sys [2005-06-16 19:13]
S3 mamoveu;mamoveu;C:\WINDOWS\system32\DRIVERS\mamoveu.sys [2007-08-13 15:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 18:33]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 19:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe /autorun
\Shell\directx\command - H:\DirectX\dxsetup.exe
\Shell\setup\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0e9e84-0d7f-11dd-a454-00161777a7bf}]
\Shell\AutoRun\command - H:\Startup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:54:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-09-23 16:54:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 13:41:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-04-30 13:51:02
ComboFix-quarantined-files.txt 2008-04-30 16:50:00
ComboFix2.txt 2008-04-27 16:06:03

Pre-Run: 96,373,207,040 bytes free
Post-Run: 96,382,672,896 bytes free

369 --- E O F --- 2008-04-21 03:03:51
  • 0

#10
greyknight17
Posted 03 May 2008 - 01:24 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you know what this program is for?
C:\Program Files\I wanna be the guy

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\perfmonss.exe
C:\WINDOWS\_MSRSTRT.EXE

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#11
zestron
Posted 03 May 2008 - 04:42 PM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts

Do you know what this program is for?
C:\Program Files\I wanna be the guy


Yeah, it's a really funny game that's actually the hardest game in the world. : D


C:\WINDOWS\system32\perfmonss.exe moved successfully.
C:\WINDOWS\_MSRSTRT.EXE moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05032008_194014


  • 0

#12
zestron
Posted 03 May 2008 - 05:21 PM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts
Oh, I thought you wanted me to run the combofix again, :facepalm:

Thank you sooo much greyknight17
I am in debt to you. :) :)
  • 0

#13
greyknight17
Posted 03 May 2008 - 06:39 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP