[Egwene]

Please do not attach your logs, please only copy and paste them. Thanks

I will put your logs myself so

I will prepare you the next handling

---

Logfile of random's system information tool (written by random/random)
Run by Max Well at 2008-09-08 07:14:34
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 30 GB (40%) free of 76 GB
Total RAM: 1007 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:14:55, on 8/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Max Well\Desktop\HiJackThis.exe
C:\Program Files\IrfanView\i_view32.exe
C:\Documents and Settings\Max Well\Desktop\RSIT.exe
C:\Documents and Settings\Max Well\Desktop\Max Well.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nca.connect.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193015734890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193015572453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: cbXpQGWo - C:\WINDOWS\
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5793 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Mmm"=C:\Program Files\HACE\Mmm\MmmTray.exe [2006-12-10 15872]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-10-17 2582288]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2008-06-09 3215360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXpQGWo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E07D22E1-CE3A-487F-B754-8044DBEDB049}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\iifdbxxy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Filetopia.exe"="C:\Program Files\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"="C:\Program Files\Windows Media Components\Encoder\WMEnc.exe:*:Enabled:Windows Media Encoder"
"C:\Program Files\ESET\ESET Smart Security\egui.exe"="C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:ESET Smart Security"
"C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe"="C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe:*:Enabled:Uninstall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df290c00-70ab-11dc-a2aa-001485ebe2d0}]
shell\AutoRun\command - I:\InstallTomTomHOME.exe


List of files/folders created in the last three months

2008-09-08 07:14:34 ----D---- C:\rsit
2008-09-08 01:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-08 01:13:49 ----D---- C:\Program Files\Common Files\iS3
2008-09-08 01:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-08 00:58:01 ----A---- C:\SMit Fix 07 09 2008-Final.txt
2008-09-07 18:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-07 18:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-07 18:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-07 18:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-07 18:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-07 18:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-07 18:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-07 18:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-07 18:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-07 18:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-07 18:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-07 18:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-09-07 18:04:54 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 18:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-09-07 17:05:04 ----D---- C:\Program Files\ERUNT
2008-09-07 13:20:38 ----A---- C:\SMit Fix 07 09 2008-02.txt
2008-09-07 12:23:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 12:23:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-07 11:39:20 ----A---- C:\SMit Fix 07 09 2008-01.txt
2008-09-06 19:00:01 ----A---- C:\SMit Fix 06 09 2008-05.txt
2008-09-06 17:58:40 ----A---- C:\SMit Fix 06 09 2008-04.txt
2008-09-06 17:45:19 ----A---- C:\SMit Fix 06 09 2008-03.txt
2008-09-06 17:38:20 ----A---- C:\SMit Fix 06 09 2008-02.txt
2008-09-06 17:14:54 ----A---- C:\SMit Fix 06 09 2008.txt
2008-09-06 17:11:54 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-06 17:11:37 ----A---- C:\rapport.txt
2008-09-06 00:44:11 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 00:34:27 ----A---- C:\WINDOWS\system32\7b1e0242-.txt
2008-09-06 00:26:52 ----ASH---- C:\WINDOWS\system32\yxxbdfii.ini
2008-09-06 00:21:05 ----D---- C:\Documents and Settings\Max Well\Application Data\TmpRecentIcons
2008-09-06 00:20:17 ----D---- C:\Program Files\MSA
2008-09-06 00:19:59 ----A---- C:\WINDOWS\sxmaokgf.exe
2008-09-06 00:19:59 ----A---- C:\WINDOWS\eeka.exe
2008-09-04 14:17:03 ----D---- C:\Program Files\The KMPlayer1431
2008-09-03 23:05:29 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-29 07:22:42 ----D---- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2008-08-29 07:21:52 ----D---- C:\Documents and Settings\Max Well\Application Data\Future Systems Solutions
2008-08-25 12:57:29 ----D---- C:\Program Files\Boilsoft Video Splitter
2008-08-25 12:51:21 ----D---- C:\Program Files\Boilsoft Video Joiner
2008-08-24 07:49:59 ----D---- C:\Program Files\Sudoku 50000
2008-08-21 23:06:01 ----D---- C:\Documents and Settings\Max Well\Application Data\Offline Explorer
2008-08-21 23:05:54 ----D---- C:\download
2008-08-12 22:14:19 ----D---- C:\Program Files\ESET
2008-08-11 12:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\java.exe
2008-07-18 16:01:12 ----D---- C:\tmp
2008-07-15 22:59:28 ----D---- C:\Program Files\Ashampoo
2008-07-08 08:55:35 ----A---- C:\WINDOWS\UninstallFirefox.exe
2008-07-07 23:13:27 ----D---- C:\my dvd
2008-07-07 23:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-07-07 23:11:28 ----D---- C:\WINDOWS\WinAVI Video Converter 9.0
2008-07-07 20:43:30 ----D---- C:\Program Files\D-Link DSLs
2008-07-05 15:49:24 ----D---- C:\Documents and Settings\Max Well\Application Data\Hide IP NG
2008-07-05 14:51:33 ----D---- C:\Documents and Settings\Max Well\Application Data\HideIP
2008-06-30 08:30:25 ----D---- C:\Program Files\Foxit Software
2008-06-27 23:53:44 ----D---- C:\Program Files\TweakNow PowerPack Pro
2008-06-27 23:53:44 ----D---- C:\Documents and Settings\Max Well\Application Data\TweakNow PowerPack
2008-06-27 17:27:34 ----D---- C:\Program Files\SRS Labs
2008-06-27 00:12:04 ----D---- C:\Documents and Settings\Max Well\Application Data\MouseLight
2008-06-27 00:10:37 ----D---- C:\Program Files\MouseLight
2008-06-27 00:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Dynamic Library2
2008-06-27 00:10:37 ----A---- C:\WINDOWS\system32\50001T.dll
2008-06-26 23:47:50 ----D---- C:\VueScan
2008-06-14 10:50:47 ----A---- C:\Program Files\Shortcut to HiJackThis.exe.lnk
2008-06-09 15:00:48 ----A---- C:\Documents and Settings\Max Well\Application Data\inst.exe

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-05-06 17005]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AUD;DTV-DVB 3054 Analog Audio Capture; C:\WINDOWS\system32\DRIVERS\3054AudCap.sys [2005-09-23 10112]
R3 CX23880;DTV-DVB 3054 Video Capture; C:\WINDOWS\system32\drivers\3054VidCap.sys [2005-09-23 163072]
R3 CXAVSTS;DTV-DVB 3054 Digital TS Capture; C:\WINDOWS\system32\drivers\3054BDACap.sys [2005-09-23 18432]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-08-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
R3 THAVXBar;DTV-DVB 3054 Analog AVStream Crossbar; C:\WINDOWS\system32\drivers\3054AVXBar.sys [2005-09-23 10368]
R3 THBDATUNE;DTV-DVB 3054 Digital Tuner/Demod; C:\WINDOWS\system32\drivers\3054BDATune.sys [2005-09-23 110336]
R3 THIR;DTV-DVB 3054 IR Decoder; C:\WINDOWS\system32\drivers\3054IR.sys [2005-09-23 17408]
R3 THTUNE;DTV-DVB 3054 Analog Tuner; C:\WINDOWS\system32\drivers\3054Tune.sys [2005-09-23 33408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-08-23 189704]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

info.txt logfile of random's system information tool 2008-09-08 07:14:58

Uninstall list

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ACDSee Photo Editor-->MsiExec.exe /I{2C6D03AC-02ED-4417-9F40-6A0CB55CEF2B}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Amazing Slow Downer (remove only)-->"C:\PROGRAMS\Amazing Slow Downer\uninstall.exe"
Ashampoo Burning Studio 8.03-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Boilsoft Video Joiner 5.01-->"C:\Program Files\Boilsoft Video Joiner\unins000.exe"
Boilsoft Video Splitter 5.01-->"C:\Program Files\Boilsoft Video Splitter\unins000.exe"
Casper 5.0-->MsiExec.exe /X{C0AAB819-A07C-4F22-9D64-DBA66CCF19D8}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
D'Accord Easy Tuner 2.0-->"C:\Program Files\D'Accord Music Software\D'Accord Easy Tuner 2.0\unins000.exe"
dBpoweramp [Calculate Audio CRC] Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp Monkeys Audio Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Mp2 and BwfMp2 codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp WavPack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
DFX 8 for Windows Media Player-->MsiExec.exe /I{5c957825-3e9e-41d4-95a6-0c72557d5df5}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
D-Link DSLs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{509E7E30-8EC3-449B-8C59-B952E7489B0F}\setup.exe" -l0x9
DU Meter-->"C:\Program Files\DU Meter\unins000.exe"
DVB-TV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C19DBE5E-712E-4F02-8380-ECEDD951B374}\setup.exe" -l0x9
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.5-->"C:\PROGRAMS\DVDFab 5\unins000.exe"
ELSAVISION 410U-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FF90D04-A60F-42A0-8F78-88623F99DCAC}\setup.exe" -l0x9 -removeonly
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Smart Security-->MsiExec.exe /I{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}
Filetopia Client v3.04d-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108-->"C:\PROGRAMS\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Hard Drive Inspector Professional 2.50 build # 435-->C:\PROGRAMS\Hard Drive Inspector\Uninst.exe
HijackThis 2.0.2-->"C:\PROGRAMS\hijackthis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Karen's Directory Printer-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\DirPrn\ST6UNST.LOG"
LimeWire PRO 4.18.5-->"C:\Program Files\LimeWire\uninstall.exe"
LView Pro Evaluation Version-->C:\PROGRAMS\LView Pro 2005\LVUninst.exe
Masterra PostSmile 6.2-->"C:\PROGRAMS\PostSmile\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero Sipps-->C:\WINDOWS\UNNeroSipps.exe /UNINSTALL
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Noiseware Professional Edition-->MsiExec.exe /I{554EB98C-D995-471F-8874-D2BA7BF5EB3E}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SoundTaxi 1.3.5-->"C:\Program Files\SoundTaxi\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SRS Audio Sandbox-->MsiExec.exe /X{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}
Sudoku 50,000-->MsiExec.exe /I{ABA9C988-1E66-43F1-8315-15055E82CD68}
System TuneUp-->"C:\PROGRAMS\System TuneUp\uninstall.exe"
Total Video Converter 3.11-->"C:\PROGRAMS\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TweakNow PowerPack Professional-->"C:\Program Files\TweakNow PowerPack Pro\unins000.exe"
UltimateDefrag 2008-->C:\Program Files\DiskTrix\UltimateDefrag2008\Uninstall.EXE /u:"UltimateDefrag 2008"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb955433)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VueScan-->C:\VueScan\vuescan.exe /remove
WinAVI Video Converter-->"C:\PROGRAMS\WinAVI Video Converter\unins000.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Live Messenger-->MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Live Sign-in Assistant-->MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Encoder 7.1-->C:\Program Files\Windows Media Components\Encoder\_instENC.exe /U
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Your Birthday News-->"C:\WINDOWS\Your Birthday News\uninstall.exe" "/U:C:\PROGRAMS\Birthday Hl\irunin.xml"
YoutubeGet 4-->"C:\PROGRAMS\YoutubeGet\unins000.exe"

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip

-----------------EOF-----------------

[Advertisements]

Hey Learnatic,

Let's go on with the removal

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

No worries about that, it's Spybot S&D which has put these entries in your host file to prevent you being infected from sites known as bad

1) Set up HijackThis correctly :

You are currently using HijackThis from a wrong folder, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder
1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

2. Download HijackThis to the new folder:

3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
2) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

• Java™ 6 Update 5
• LimeWire PRO 4.18.5

Optional Removals : You have at least one peer-to-peer softwares on your computer. If you wish to find out whether the one you're using does, click Here.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.

3) Fix with HijackThis :

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below :

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
>> Fix these entries in red if it's not you who have put these restrictions on Internet Explorer.
O20 - Winlogon Notify: cbXpQGWo - C:\WINDOWS\

Now close all windows other than HiJackThis, then click Fix Checked.

4) Backing up your registry :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Registry Modifications

• Open up Notepad (if you can't find it: Click Start | Run | type Notepad and hit enter). Copy and paste the following text into the blank document.
  
  

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

• Save the file to your Desktop as fix.reg (make sure All Files is selected when saving.
• Go to your desktop and double click the new file. It will ask you if you want to merge the changes in the file with the registry, click Yes and you'll receive a confirmation message.

Then reboot your computer and post me a fresh RSIT log.

5) Run OTmoveIT2 :

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df290c00-70ab-11dc-a2aa-001485ebe2d0}
  C:\WINDOWS\system32\yxxbdfii.ini
  C:\WINDOWS\sxmaokgf.exe
  C:\WINDOWS\eeka.exe
  C:\Program Files\MSA
  C:\WINDOWS\system32\7b1e0242-.txt
  purity
  emptytemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


6) Look in folders :

Please download DirLook by jpshortstuff from here.

• Double-click DirLook.exe to run it.
• Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
• Copy the content of the following codebox into the main textfield:
  
  

  C:\Documents and Settings\Max Well\Application Data\TmpRecentIcons
  C:\download

• Click the DirLook button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)

Note: Scanning may take longer for large folders.

And please post a fresh RSIT log in your next answer.

Regards,
Egwene.

[Egwene]

Hey Learnatic,

Let's go on with the removal

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

No worries about that, it's Spybot S&D which has put these entries in your host file to prevent you being infected from sites known as bad

1) Set up HijackThis correctly :

You are currently using HijackThis from a wrong folder, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder
1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

2. Download HijackThis to the new folder:

3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
2) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

• Java™ 6 Update 5
• LimeWire PRO 4.18.5

Optional Removals : You have at least one peer-to-peer softwares on your computer. If you wish to find out whether the one you're using does, click Here.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.

3) Fix with HijackThis :

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below :

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
>> Fix these entries in red if it's not you who have put these restrictions on Internet Explorer.
O20 - Winlogon Notify: cbXpQGWo - C:\WINDOWS\

Now close all windows other than HiJackThis, then click Fix Checked.

4) Backing up your registry :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Registry Modifications

• Open up Notepad (if you can't find it: Click Start | Run | type Notepad and hit enter). Copy and paste the following text into the blank document.
  
  

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

• Save the file to your Desktop as fix.reg (make sure All Files is selected when saving.
• Go to your desktop and double click the new file. It will ask you if you want to merge the changes in the file with the registry, click Yes and you'll receive a confirmation message.

Then reboot your computer and post me a fresh RSIT log.

5) Run OTmoveIT2 :

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df290c00-70ab-11dc-a2aa-001485ebe2d0}
  C:\WINDOWS\system32\yxxbdfii.ini
  C:\WINDOWS\sxmaokgf.exe
  C:\WINDOWS\eeka.exe
  C:\Program Files\MSA
  C:\WINDOWS\system32\7b1e0242-.txt
  purity
  emptytemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


6) Look in folders :

Please download DirLook by jpshortstuff from here.

• Double-click DirLook.exe to run it.
• Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
• Copy the content of the following codebox into the main textfield:
  
  

  C:\Documents and Settings\Max Well\Application Data\TmpRecentIcons
  C:\download

• Click the DirLook button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)

Note: Scanning may take longer for large folders.

And please post a fresh RSIT log in your next answer.

Regards,
Egwene.

[Learnatic]

Logfile of random's system information tool (written by random/random)
Run by Max Well at 2008-09-08 23:41:45
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 33 GB (43%) free of 76 GB
Total RAM: 1007 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:01, on 8/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Max Well\Desktop\RSIT.exe
C:\HJT\Max Well.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nca.connect.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi...b?1193015734890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.mi...b?1193015572453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe

--
End of file - 6010 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Ad Muncher"=C:\Program Files\Ad Muncher\AdMunch.exe [2008-09-08 779776]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Mmm"=C:\Program Files\HACE\Mmm\MmmTray.exe [2006-12-10 15872]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-10-17 2582288]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2008-06-09 3215360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E07D22E1-CE3A-487F-B754-8044DBEDB049}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows

Messenger and Voice"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Filetopia.exe"="C:\Program Files\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"="C:\Program Files\Windows Media Components\Encoder\WMEnc.exe:*:Enabled:Windows

Media Encoder"
"C:\Program Files\ESET\ESET Smart Security\egui.exe"="C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:ESET Smart Security"
"C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe"="C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe:*:Enabled:Uninstall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df290c00-70ab-11dc-a2aa-001485ebe2d0}]
shell\AutoRun\command - I:\InstallTomTomHOME.exe


List of files/folders created in the last three months

2008-09-08 23:13:09 ----D---- C:\HJT
2008-09-08 16:34:06 ----D---- C:\MAGICDVDCOPY_TEMP
2008-09-08 16:33:58 ----D---- C:\Program Files\MagicDVDCopier
2008-09-08 14:40:14 ----D---- C:\Program Files\trend micro
2008-09-08 13:37:24 ----A---- C:\WINDOWS\mqgldfvo.exe
2008-09-08 13:37:24 ----A---- C:\WINDOWS\eleo.exe
2008-09-08 11:00:54 ----D---- C:\Program Files\Ad Muncher
2008-09-08 11:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-09-08 08:56:10 ----D---- C:\Documents and Settings\Max Well\Application Data\PingTesterDataBas
2008-09-08 07:14:34 ----D---- C:\rsit
2008-09-08 01:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-08 01:13:49 ----D---- C:\Program Files\Common Files\iS3
2008-09-08 01:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-08 00:58:01 ----A---- C:\SMit Fix 07 09 2008-Final.txt
2008-09-07 18:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-07 18:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-07 18:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-07 18:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-07 18:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-07 18:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-07 18:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-07 18:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-07 18:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-07 18:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-07 18:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-07 18:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-09-07 18:04:54 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 18:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-09-07 17:05:04 ----D---- C:\Program Files\ERUNT
2008-09-07 13:20:38 ----A---- C:\SMit Fix 07 09 2008-02.txt
2008-09-07 12:23:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 12:23:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-07 11:39:20 ----A---- C:\SMit Fix 07 09 2008-01.txt
2008-09-06 19:00:01 ----A---- C:\SMit Fix 06 09 2008-05.txt
2008-09-06 17:58:40 ----A---- C:\SMit Fix 06 09 2008-04.txt
2008-09-06 17:45:19 ----A---- C:\SMit Fix 06 09 2008-03.txt
2008-09-06 17:38:20 ----A---- C:\SMit Fix 06 09 2008-02.txt
2008-09-06 17:14:54 ----A---- C:\SMit Fix 06 09 2008.txt
2008-09-06 17:11:54 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-06 17:11:37 ----A---- C:\rapport.txt
2008-09-06 00:44:11 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 00:34:27 ----A---- C:\WINDOWS\system32\7b1e0242-.txt
2008-09-06 00:26:52 ----ASH---- C:\WINDOWS\system32\yxxbdfii.ini
2008-09-06 00:21:05 ----D---- C:\Documents and Settings\Max Well\Application Data\TmpRecentIcons
2008-09-06 00:20:17 ----D---- C:\Program Files\MSA
2008-09-06 00:19:59 ----A---- C:\WINDOWS\sxmaokgf.exe
2008-09-06 00:19:59 ----A---- C:\WINDOWS\eeka.exe
2008-09-04 14:17:03 ----D---- C:\Program Files\The KMPlayer1431
2008-09-03 23:05:29 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-29 07:22:42 ----D---- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2008-08-29 07:21:52 ----D---- C:\Documents and Settings\Max Well\Application Data\Future Systems Solutions
2008-08-25 12:57:29 ----D---- C:\Program Files\Boilsoft Video Splitter
2008-08-25 12:51:21 ----D---- C:\Program Files\Boilsoft Video Joiner
2008-08-24 07:49:59 ----D---- C:\Program Files\Sudoku 50000
2008-08-21 23:06:01 ----D---- C:\Documents and Settings\Max Well\Application Data\Offline Explorer
2008-08-21 23:05:54 ----D---- C:\download
2008-08-12 22:14:19 ----D---- C:\Program Files\ESET
2008-08-11 12:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\java.exe
2008-07-18 16:01:12 ----D---- C:\tmp
2008-07-15 22:59:28 ----D---- C:\Program Files\Ashampoo
2008-07-08 08:55:35 ----A---- C:\WINDOWS\UninstallFirefox.exe
2008-07-07 23:13:27 ----D---- C:\my dvd
2008-07-07 23:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-07-07 23:11:28 ----D---- C:\WINDOWS\WinAVI Video Converter 9.0
2008-07-07 20:43:30 ----D---- C:\Program Files\D-Link DSLs
2008-07-05 15:49:24 ----D---- C:\Documents and Settings\Max Well\Application Data\Hide IP NG
2008-07-05 14:51:33 ----D---- C:\Documents and Settings\Max Well\Application Data\HideIP
2008-06-30 08:30:25 ----D---- C:\Program Files\Foxit Software
2008-06-27 23:53:44 ----D---- C:\Program Files\TweakNow PowerPack Pro
2008-06-27 23:53:44 ----D---- C:\Documents and Settings\Max Well\Application Data\TweakNow PowerPack
2008-06-27 17:27:34 ----D---- C:\Program Files\SRS Labs
2008-06-27 00:12:04 ----D---- C:\Documents and Settings\Max Well\Application Data\MouseLight
2008-06-27 00:10:37 ----D---- C:\Program Files\MouseLight
2008-06-27 00:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Dynamic Library2
2008-06-27 00:10:37 ----A---- C:\WINDOWS\system32\50001T.dll
2008-06-26 23:47:50 ----D---- C:\VueScan
2008-06-14 10:50:47 ----A---- C:\Program Files\Shortcut to HiJackThis.exe.lnk
2008-06-09 15:00:48 ----A---- C:\Documents and Settings\Max Well\Application Data\inst.exe

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-05-06 17005]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AUD;DTV-DVB 3054 Analog Audio Capture; C:\WINDOWS\system32\DRIVERS\3054AudCap.sys [2005-09-23 10112]
R3 CX23880;DTV-DVB 3054 Video Capture; C:\WINDOWS\system32\drivers\3054VidCap.sys [2005-09-23 163072]
R3 CXAVSTS;DTV-DVB 3054 Digital TS Capture; C:\WINDOWS\system32\drivers\3054BDACap.sys [2005-09-23 18432]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-08-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
R3 THAVXBar;DTV-DVB 3054 Analog AVStream Crossbar; C:\WINDOWS\system32\drivers\3054AVXBar.sys [2005-09-23 10368]
R3 THBDATUNE;DTV-DVB 3054 Digital Tuner/Demod; C:\WINDOWS\system32\drivers\3054BDATune.sys [2005-09-23 110336]
R3 THIR;DTV-DVB 3054 IR Decoder; C:\WINDOWS\system32\drivers\3054IR.sys [2005-09-23 17408]
R3 THTUNE;DTV-DVB 3054 Analog Tuner; C:\WINDOWS\system32\drivers\3054Tune.sys [2005-09-23 33408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-08-23 189704]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

RunOT Move 8th Sept 08

Explorer killed successfully
<

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df290

c00-70ab-11dc-a2aa-001485ebe2d0} >
Registry key

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df290

c00-70ab-11dc-a2aa-001485ebe2d0}\\ deleted successfully.
C:\WINDOWS\system32\yxxbdfii.ini moved successfully.
C:\WINDOWS\sxmaokgf.exe moved successfully.
C:\WINDOWS\eeka.exe moved successfully.
C:\Program Files\MSA moved successfully.
C:\WINDOWS\system32\7b1e0242-.txt moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\MAXCRA~1\LOCALS~1\Temp\etilqs_ZSevGPhN3yoEo0Uwa65S

scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09082008_235035

=============================================

DirLook.exe by jpshortstuff
Log created at 23:56:06 on Mon 08/09/2008

==============================

Contents of "C:\Documents and Settings\Max Well\Application

Data\TmpRecentIcons" (inc. hidden/system files/folders)

---FOLDERS---


---FILES---

Mindscape Sudoku 50,000.lnk (2295 bytes, created: 25/08/2008 15:27)

--a------
MS Antivirus.lnk (636 bytes, created: 06/09/2008 00:20) --a------
Shortcut to SolSuite.exe.lnk (581 bytes, created: 07/04/2008 09:16)

--a------

==============================

Contents of "C:\download" (inc. hidden/system files/folders)

---FOLDERS---


---FILES---


==============================

=EOF=

Hope I've gotten them all..
Cheers,
Max.

Edited by Learnatic, 08 September 2008 - 08:06 AM.

[Learnatic]

Hi Egwene,
I was wondering if this should still be there?
It's MS Antivirus . like the sort that initially froze my screens,
Cheers,
Max.

[Egwene]

Hey Learnatic,

You're still infected, but don't worry, we will fix all your issues

Could you please post me a fresh RSIT log now ?

Thanks

Regards,
Egwene.

[Learnatic]

G'day Egwene,
Nice chilly day here this morning ..
Thanks for your reassurance.
Here's the latest RSIT in Safe Mode.
Also the MBAM log ...

I have also been prompted to, and have installed Windows Update SP3..

Cheers,
Max.
-------------------------------------
Logfile of random's system information tool (written by random/random)
Run by Max Crane at 2008-09-09 14:48:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 1007 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:00, on 9/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Max Crane\Desktop\RSIT.exe
C:\HJT\Max Crane.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nca.connect.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193015734890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193015572453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4893 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Ad Muncher"=C:\Program Files\Ad Muncher\AdMunch.exe [2008-09-08 779776]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Mmm"=C:\Program Files\HACE\Mmm\MmmTray.exe [2006-12-10 15872]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-10-17 2582288]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2008-06-09 3215360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E07D22E1-CE3A-487F-B754-8044DBEDB049}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Filetopia.exe"="C:\Program Files\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"="C:\Program Files\Windows Media Components\Encoder\WMEnc.exe:*:Enabled:Windows Media Encoder"
"C:\Program Files\ESET\ESET Smart Security\egui.exe"="C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:ESET Smart Security"
"C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe"="C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe:*:Enabled:Uninstall"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-09 14:20:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-09-09 14:18:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-09 14:18:18 ----D---- C:\WINDOWS\Prefetch
2008-09-09 14:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-09 14:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-09 14:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-09 14:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-09 14:14:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-09 14:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-09 14:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-09 14:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-09 14:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-09 14:13:31 ----D---- C:\WINDOWS\LastGood.Tmp
2008-09-09 14:10:42 ----A---- C:\WINDOWS\setuplog.txt
2008-09-09 14:09:19 ----D---- C:\WINDOWS\system32\scripting
2008-09-09 14:09:18 ----D---- C:\WINDOWS\l2schemas
2008-09-09 14:09:17 ----D---- C:\WINDOWS\system32\en
2008-09-09 14:09:16 ----D---- C:\WINDOWS\system32\bits
2008-09-09 14:05:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-09 13:56:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-09 13:56:12 ----D---- C:\WINDOWS\EHome
2008-09-09 13:25:08 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-09 13:25:05 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-09 13:25:03 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-09 13:25:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-09 13:24:41 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-09 13:24:39 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\slrundll.exe
2008-09-09 13:24:32 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-09 13:24:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-09 13:24:27 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-09 13:24:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-09 13:24:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-09 13:24:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-09 13:24:16 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-09 13:24:12 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-09 13:24:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-09 13:23:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-09 13:23:32 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-09 13:23:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-09 13:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-09 13:22:56 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-09 13:22:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-09 13:22:51 ----A---- C:\WINDOWS\002761_.tmp
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-09 13:22:43 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-09 13:22:42 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-09 13:22:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-09 13:22:32 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-09 07:06:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 23:56:06 ----A---- C:\dl_log.txt
2008-09-08 23:50:35 ----D---- C:\_OTMoveIt
2008-09-08 23:13:09 ----D---- C:\HJT
2008-09-08 16:34:06 ----D---- C:\MAGICDVDCOPY_TEMP
2008-09-08 16:33:58 ----D---- C:\Program Files\MagicDVDCopier
2008-09-08 14:40:14 ----D---- C:\Program Files\trend micro
2008-09-08 11:00:54 ----D---- C:\Program Files\Ad Muncher
2008-09-08 11:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-09-08 08:56:10 ----D---- C:\Documents and Settings\Max Crane\Application Data\PingTesterDataBas
2008-09-08 07:14:34 ----D---- C:\rsit
2008-09-08 01:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-08 01:13:49 ----D---- C:\Program Files\Common Files\iS3
2008-09-08 01:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-08 00:58:01 ----A---- C:\SMit Fix 07 09 2008-Final.txt
2008-09-07 18:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-09-07 18:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-07 18:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-07 18:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-07 18:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-07 18:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-09-07 18:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-09-07 18:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-07 18:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-07 18:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-07 18:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-09-07 18:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-09-07 18:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-09-07 17:05:04 ----D---- C:\Program Files\ERUNT
2008-09-07 13:20:38 ----A---- C:\SMit Fix 07 09 2008-02.txt
2008-09-07 12:23:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 12:23:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-07 11:39:20 ----A---- C:\SMit Fix 07 09 2008-01.txt
2008-09-06 19:00:01 ----A---- C:\SMit Fix 06 09 2008-05.txt
2008-09-06 17:58:40 ----A---- C:\SMit Fix 06 09 2008-04.txt
2008-09-06 17:45:19 ----A---- C:\SMit Fix 06 09 2008-03.txt
2008-09-06 17:38:20 ----A---- C:\SMit Fix 06 09 2008-02.txt
2008-09-06 17:14:54 ----A---- C:\SMit Fix 06 09 2008.txt
2008-09-06 17:11:54 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-06 17:11:37 ----A---- C:\rapport.txt
2008-09-06 00:44:11 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 00:21:05 ----D---- C:\Documents and Settings\Max Crane\Application Data\TmpRecentIcons
2008-09-04 14:17:03 ----D---- C:\Program Files\The KMPlayer1431
2008-09-03 23:05:29 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-29 07:22:42 ----D---- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2008-08-29 07:21:52 ----D---- C:\Documents and Settings\Max Crane\Application Data\Future Systems Solutions
2008-08-25 12:57:29 ----D---- C:\Program Files\Boilsoft Video Splitter
2008-08-25 12:51:21 ----D---- C:\Program Files\Boilsoft Video Joiner
2008-08-24 07:49:59 ----D---- C:\Program Files\Sudoku 50000
2008-08-21 23:06:01 ----D---- C:\Documents and Settings\Max Crane\Application Data\Offline Explorer
2008-08-21 23:05:54 ----D---- C:\download
2008-08-12 22:14:19 ----D---- C:\Program Files\ESET
2008-08-11 12:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\java.exe
2008-07-18 16:01:12 ----D---- C:\tmp
2008-07-15 22:59:28 ----D---- C:\Program Files\Ashampoo
2008-07-08 08:55:35 ----A---- C:\WINDOWS\UninstallFirefox.exe
2008-07-07 23:13:27 ----D---- C:\my dvd
2008-07-07 23:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-07-07 23:11:28 ----D---- C:\WINDOWS\WinAVI Video Converter 9.0
2008-07-07 20:43:30 ----D---- C:\Program Files\D-Link DSLs
2008-07-05 15:49:24 ----D---- C:\Documents and Settings\Max Crane\Application Data\Hide IP NG
2008-07-05 14:51:33 ----D---- C:\Documents and Settings\Max Crane\Application Data\HideIP
2008-06-30 08:30:25 ----D---- C:\Program Files\Foxit Software
2008-06-27 23:53:44 ----D---- C:\Program Files\TweakNow PowerPack Pro
2008-06-27 23:53:44 ----D---- C:\Documents and Settings\Max Crane\Application Data\TweakNow PowerPack
2008-06-27 17:27:34 ----D---- C:\Program Files\SRS Labs
2008-06-27 00:12:04 ----D---- C:\Documents and Settings\Max Crane\Application Data\MouseLight
2008-06-27 00:10:37 ----D---- C:\Program Files\MouseLight
2008-06-27 00:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Dynamic Library2
2008-06-27 00:10:37 ----A---- C:\WINDOWS\system32\50001T.dll
2008-06-26 23:47:50 ----D---- C:\VueScan
2008-06-14 10:50:47 ----A---- C:\Program Files\Shortcut to HiJackThis.exe.lnk

List of drivers

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 THIR;DTV-DVB 3054 IR Decoder; C:\WINDOWS\system32\drivers\3054IR.sys [2005-09-23 17408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
S1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
S2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-05-06 17005]
S2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
S2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
S3 AUD;DTV-DVB 3054 Analog Audio Capture; C:\WINDOWS\system32\DRIVERS\3054AudCap.sys [2005-09-23 10112]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CX23880;DTV-DVB 3054 Video Capture; C:\WINDOWS\system32\drivers\3054VidCap.sys [2005-09-23 163072]
S3 CXAVSTS;DTV-DVB 3054 Digital TS Capture; C:\WINDOWS\system32\drivers\3054BDACap.sys [2005-09-23 18432]
S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-08-08 47360]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 THAVXBar;DTV-DVB 3054 Analog AVStream Crossbar; C:\WINDOWS\system32\drivers\3054AVXBar.sys [2005-09-23 10368]
S3 THBDATUNE;DTV-DVB 3054 Digital Tuner/Demod; C:\WINDOWS\system32\drivers\3054BDATune.sys [2005-09-23 110336]
S3 THTUNE;DTV-DVB 3054 Analog Tuner; C:\WINDOWS\system32\drivers\3054Tune.sys [2005-09-23 33408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

S2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-08-23 189704]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

Edited by Learnatic, 08 September 2008 - 11:38 PM.

[Learnatic]

Egwene !!
Good News !!
I successfully downloaded the MBAB executable file and have done a scan/clean and log.
Here are the results.
I am quite pleased with the amounts of 'hits' it has removed.

I await further instructions...
Max.

============================================
Malwarebytes' Anti-Malware 1.27
Database version: 1130
Windows 5.1.2600 Service Pack 2

9/09/2008 7:23:43 AM
mbam-log-2008-09-09 (07-23-43).txt

Scan type: Quick Scan
Objects scanned: 42247
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e07d22e1-ce3a-487f-b754-8044dbedb049} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Max Well\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max Well\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max Well\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\eleo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max Well\Application Data\ErrorKiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max Well\Application Data\ErrorKiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max Well\Application Data\ErrorKiller\Registry Backups\2007-08-21_02-10-21.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\mqgldfvo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max Well\Application Data\TmpRecentIcons\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.

[Egwene]

Hey Learnatic,

Let's go on

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

And please post a fresh RSIT log into normal mode in your next answer.

How your computer is running now ?

Regards,
Egwene.

[Learnatic]

G'day Egwene,
The computer is running quite well now thanks... a few peculiarities though.
I had trouble logging on to Geeks and had to switch off machine and log in.
Yesterday at 15:55HRS I lost connectivity to the Net.

But,
Here's the Kaspersky log, followed by the fresh RSIT log.

Cheers,
Max.

Wednesday, September 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 09, 2008 19:18:21
Records in database: 1203891

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics
Files scanned 89914
Threat name 2
Infected objects 4
Suspicious objects 0
Duration of the scan 01:26:20

File name Threat name Threats count
C:\Documents and Settings\Max Crane\desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Max Crane\desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\_OTMoveIt\MovedFiles\09082008_235035\Program Files\MSA\MSA.cpl Infected: not-a-virus:FraudTool.Win32.MSAntivirus.x 1

C:\_OTMoveIt\MovedFiles\09082008_235035\Program Files\MSA\MSA.exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.x 1

The selected area was scanned.
==============================================================

RSIT

Logfile of random's system information tool (written by random/random)
Run by Max Crane at 2008-09-10 09:06:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 1007 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:54, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Max Crane\Desktop\RSIT.exe
C:\HJT\Max Crane.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nca.connect.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193015734890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193015572453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5766 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Ad Muncher"=C:\Program Files\Ad Muncher\AdMunch.exe [2008-09-08 779776]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Mmm"=C:\Program Files\HACE\Mmm\MmmTray.exe [2006-12-10 15872]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-10-17 2582288]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2008-06-09 3215360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E07D22E1-CE3A-487F-B754-8044DBEDB049}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Filetopia.exe"="C:\Program Files\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"="C:\Program Files\Windows Media Components\Encoder\WMEnc.exe:*:Enabled:Windows Media Encoder"
"C:\Program Files\ESET\ESET Smart Security\egui.exe"="C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:ESET Smart Security"
"C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe"="C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe:*:Enabled:Uninstall"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-10 08:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-10 08:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 08:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 14:18:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-09 14:18:18 ----D---- C:\WINDOWS\Prefetch
2008-09-09 14:10:42 ----A---- C:\WINDOWS\setuplog.txt
2008-09-09 14:09:19 ----D---- C:\WINDOWS\system32\scripting
2008-09-09 14:09:18 ----D---- C:\WINDOWS\l2schemas
2008-09-09 14:09:17 ----D---- C:\WINDOWS\system32\en
2008-09-09 14:09:16 ----D---- C:\WINDOWS\system32\bits
2008-09-09 14:05:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-09 13:56:12 ----D---- C:\WINDOWS\EHome
2008-09-09 13:25:08 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-09 13:25:05 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-09 13:25:03 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-09 13:25:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-09 13:24:41 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-09 13:24:39 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\slrundll.exe
2008-09-09 13:24:32 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-09 13:24:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-09 13:24:27 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-09 13:24:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-09 13:24:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-09 13:24:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-09 13:24:16 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-09 13:24:12 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-09 13:24:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-09 13:23:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-09 13:23:32 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-09 13:23:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-09 13:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-09 13:22:56 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-09 13:22:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-09 13:22:43 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-09 13:22:42 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-09 13:22:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-09 13:22:32 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-09 07:06:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 23:56:06 ----A---- C:\dl_log.txt
2008-09-08 23:50:35 ----D---- C:\_OTMoveIt
2008-09-08 23:13:09 ----D---- C:\HJT
2008-09-08 16:34:06 ----D---- C:\MAGICDVDCOPY_TEMP
2008-09-08 16:33:58 ----D---- C:\Program Files\MagicDVDCopier
2008-09-08 14:40:14 ----D---- C:\Program Files\trend micro
2008-09-08 11:00:54 ----D---- C:\Program Files\Ad Muncher
2008-09-08 11:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-09-08 08:56:10 ----D---- C:\Documents and Settings\Max Crane\Application Data\PingTesterDataBas
2008-09-08 07:14:34 ----D---- C:\rsit
2008-09-08 01:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-08 01:13:49 ----D---- C:\Program Files\Common Files\iS3
2008-09-08 01:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-08 00:58:01 ----A---- C:\SMit Fix 07 09 2008-Final.txt
2008-09-07 18:04:54 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 17:05:04 ----D---- C:\Program Files\ERUNT
2008-09-07 13:20:38 ----A---- C:\SMit Fix 07 09 2008-02.txt
2008-09-07 12:23:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 12:23:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-07 11:39:20 ----A---- C:\SMit Fix 07 09 2008-01.txt
2008-09-06 19:00:01 ----A---- C:\SMit Fix 06 09 2008-05.txt
2008-09-06 17:58:40 ----A---- C:\SMit Fix 06 09 2008-04.txt
2008-09-06 17:45:19 ----A---- C:\SMit Fix 06 09 2008-03.txt
2008-09-06 17:38:20 ----A---- C:\SMit Fix 06 09 2008-02.txt
2008-09-06 17:14:54 ----A---- C:\SMit Fix 06 09 2008.txt
2008-09-06 17:11:54 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-06 17:11:37 ----A---- C:\rapport.txt
2008-09-06 00:44:11 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 00:21:05 ----D---- C:\Documents and Settings\Max Crane\Application Data\TmpRecentIcons
2008-09-04 14:17:03 ----D---- C:\Program Files\The KMPlayer1431
2008-09-03 23:05:29 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-29 07:22:42 ----D---- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2008-08-29 07:21:52 ----D---- C:\Documents and Settings\Max Crane\Application Data\Future Systems Solutions
2008-08-25 12:57:29 ----D---- C:\Program Files\Boilsoft Video Splitter
2008-08-25 12:51:21 ----D---- C:\Program Files\Boilsoft Video Joiner
2008-08-24 07:49:59 ----D---- C:\Program Files\Sudoku 50000
2008-08-21 23:06:01 ----D---- C:\Documents and Settings\Max Crane\Application Data\Offline Explorer
2008-08-21 23:05:54 ----D---- C:\download
2008-08-12 22:14:19 ----D---- C:\Program Files\ESET
2008-08-11 12:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\java.exe
2008-07-18 16:01:12 ----D---- C:\tmp
2008-07-15 22:59:28 ----D---- C:\Program Files\Ashampoo
2008-07-08 08:55:35 ----A---- C:\WINDOWS\UninstallFirefox.exe
2008-07-07 23:13:27 ----D---- C:\my dvd
2008-07-07 23:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-07-07 23:11:28 ----D---- C:\WINDOWS\WinAVI Video Converter 9.0
2008-07-07 20:43:30 ----D---- C:\Program Files\D-Link DSLs
2008-07-05 15:49:24 ----D---- C:\Documents and Settings\Max Crane\Application Data\Hide IP NG
2008-07-05 14:51:33 ----D---- C:\Documents and Settings\Max Crane\Application Data\HideIP
2008-06-30 08:30:25 ----D---- C:\Program Files\Foxit Software
2008-06-27 23:53:44 ----D---- C:\Program Files\TweakNow PowerPack Pro
2008-06-27 23:53:44 ----D---- C:\Documents and Settings\Max Crane\Application Data\TweakNow PowerPack
2008-06-27 17:27:34 ----D---- C:\Program Files\SRS Labs
2008-06-27 00:12:04 ----D---- C:\Documents and Settings\Max Crane\Application Data\MouseLight
2008-06-27 00:10:37 ----D---- C:\Program Files\MouseLight
2008-06-27 00:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Dynamic Library2
2008-06-27 00:10:37 ----A---- C:\WINDOWS\system32\50001T.dll
2008-06-26 23:47:50 ----D---- C:\VueScan
2008-06-14 10:50:47 ----A---- C:\Program Files\Shortcut to HiJackThis.exe.lnk

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-05-06 17005]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AUD;DTV-DVB 3054 Analog Audio Capture; C:\WINDOWS\system32\DRIVERS\3054AudCap.sys [2005-09-23 10112]
R3 CX23880;DTV-DVB 3054 Video Capture; C:\WINDOWS\system32\drivers\3054VidCap.sys [2005-09-23 163072]
R3 CXAVSTS;DTV-DVB 3054 Digital TS Capture; C:\WINDOWS\system32\drivers\3054BDACap.sys [2005-09-23 18432]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-08-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
R3 THAVXBar;DTV-DVB 3054 Analog AVStream Crossbar; C:\WINDOWS\system32\drivers\3054AVXBar.sys [2005-09-23 10368]
R3 THBDATUNE;DTV-DVB 3054 Digital Tuner/Demod; C:\WINDOWS\system32\drivers\3054BDATune.sys [2005-09-23 110336]
R3 THIR;DTV-DVB 3054 IR Decoder; C:\WINDOWS\system32\drivers\3054IR.sys [2005-09-23 17408]
R3 THTUNE;DTV-DVB 3054 Analog Tuner; C:\WINDOWS\system32\drivers\3054Tune.sys [2005-09-23 33408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-08-23 189704]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

[Learnatic]

Egwene,
Ya know? I think you've cleaned my system and prevented more 'Violence Aginst Machiney".

The machine is running well now.

If you can see no abherations in the most recent logs supplied, I feel we might stamp this thread "Resolved".

I am very appreciative of your help both in curing the problem and giving me knowledge.

Cheers,
Max.

[Egwene]

Hey Learnatic,

There are two letfovers, we will deal with them now

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Registry Modifications

• Open up Notepad (if you can't find it: Click Start | Run | type Notepad and hit enter). Copy and paste the following text into the blank document.
  
  

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{E07D22E1-CE3A-487F-B754-8044DBEDB049}"=-
  
  [-HKEY_CLASSES_ROOT\CLSID\{E07D22E1-CE3A-487F-B754-8044DBEDB049}]
  
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
  
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

• Save the file to your Desktop as fix.reg (make sure All Files is selected when saving.
• Go to your desktop and double click the new file. It will ask you if you want to merge the changes in the file with the registry, click Yes and you'll receive a confirmation message.

Then reboot your computer and post me a fresh RSIT log.

Regards,
Egwene.

[Learnatic]

G'day Egwene,

Here's the new RSIT,

Thanks,
Max.

Logfile of random's system information tool (written by random/random)
Run by Max Crane at 2008-09-11 07:10:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 35 GB (46%) free of 76 GB
Total RAM: 1007 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:10:56, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Max Crane\Desktop\RSIT.exe
C:\HJT\Max Crane.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nca.connect.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193015734890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193015572453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5733 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Ad Muncher"=C:\Program Files\Ad Muncher\AdMunch.exe [2008-09-08 779776]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Mmm"=C:\Program Files\HACE\Mmm\MmmTray.exe [2006-12-10 15872]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-10-17 2582288]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2008-06-09 3215360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Filetopia.exe"="C:\Program Files\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"="C:\Program Files\Windows Media Components\Encoder\WMEnc.exe:*:Enabled:Windows Media Encoder"
"C:\Program Files\ESET\ESET Smart Security\egui.exe"="C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:ESET Smart Security"
"C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe"="C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe:*:Enabled:Uninstall"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-09 14:18:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-09 14:18:18 ----D---- C:\WINDOWS\Prefetch
2008-09-09 14:10:42 ----A---- C:\WINDOWS\setuplog.txt
2008-09-09 14:09:19 ----D---- C:\WINDOWS\system32\scripting
2008-09-09 14:09:18 ----D---- C:\WINDOWS\l2schemas
2008-09-09 14:09:17 ----D---- C:\WINDOWS\system32\en
2008-09-09 14:09:16 ----D---- C:\WINDOWS\system32\bits
2008-09-09 14:05:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-09 13:56:12 ----D---- C:\WINDOWS\EHome
2008-09-09 13:25:08 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-09 13:25:05 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-09 13:25:03 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-09 13:25:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-09 13:24:41 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-09 13:24:39 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\slrundll.exe
2008-09-09 13:24:32 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-09 13:24:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-09 13:24:27 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-09 13:24:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-09 13:24:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-09 13:24:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-09 13:24:16 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-09 13:24:12 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-09 13:24:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-09 13:23:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-09 13:23:32 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-09 13:23:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-09 13:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-09 13:22:56 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-09 13:22:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-09 13:22:43 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-09 13:22:42 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-09 13:22:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-09 13:22:32 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-09 07:06:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 23:56:06 ----A---- C:\dl_log.txt
2008-09-08 23:50:35 ----D---- C:\_OTMoveIt
2008-09-08 23:13:09 ----D---- C:\HJT
2008-09-08 16:33:58 ----D---- C:\Program Files\MagicDVDCopier
2008-09-08 14:40:14 ----D---- C:\Program Files\trend micro
2008-09-08 11:00:54 ----D---- C:\Program Files\Ad Muncher
2008-09-08 11:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-09-08 08:56:10 ----D---- C:\Documents and Settings\Max Crane\Application Data\PingTesterDataBas
2008-09-08 07:14:34 ----D---- C:\rsit
2008-09-08 01:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-08 01:13:49 ----D---- C:\Program Files\Common Files\iS3
2008-09-08 00:58:01 ----A---- C:\SMit Fix 07 09 2008-Final.txt
2008-09-07 18:04:54 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 17:05:04 ----D---- C:\Program Files\ERUNT
2008-09-07 13:20:38 ----A---- C:\SMit Fix 07 09 2008-02.txt
2008-09-07 12:23:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 12:23:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-07 11:39:20 ----A---- C:\SMit Fix 07 09 2008-01.txt
2008-09-06 19:00:01 ----A---- C:\SMit Fix 06 09 2008-05.txt
2008-09-06 17:58:40 ----A---- C:\SMit Fix 06 09 2008-04.txt
2008-09-06 17:45:19 ----A---- C:\SMit Fix 06 09 2008-03.txt
2008-09-06 17:38:20 ----A---- C:\SMit Fix 06 09 2008-02.txt
2008-09-06 17:14:54 ----A---- C:\SMit Fix 06 09 2008.txt
2008-09-06 17:11:54 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-06 17:11:37 ----A---- C:\rapport.txt
2008-09-06 00:44:11 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 00:21:05 ----D---- C:\Documents and Settings\Max Crane\Application Data\TmpRecentIcons
2008-09-04 14:17:03 ----D---- C:\Program Files\The KMPlayer1431
2008-08-29 07:22:42 ----D---- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2008-08-29 07:21:52 ----D---- C:\Documents and Settings\Max Crane\Application Data\Future Systems Solutions
2008-08-25 12:57:29 ----D---- C:\Program Files\Boilsoft Video Splitter
2008-08-25 12:51:21 ----D---- C:\Program Files\Boilsoft Video Joiner
2008-08-24 07:49:59 ----D---- C:\Program Files\Sudoku 50000
2008-08-21 23:05:54 ----D---- C:\download
2008-08-12 22:14:19 ----D---- C:\Program Files\ESET
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\java.exe
2008-07-18 16:01:12 ----D---- C:\tmp
2008-07-15 22:59:28 ----D---- C:\Program Files\Ashampoo
2008-07-08 08:55:35 ----A---- C:\WINDOWS\UninstallFirefox.exe
2008-07-07 23:13:27 ----D---- C:\my dvd
2008-07-07 23:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-07-07 23:11:28 ----D---- C:\WINDOWS\WinAVI Video Converter 9.0
2008-07-07 20:43:30 ----D---- C:\Program Files\D-Link DSLs
2008-07-05 15:49:24 ----D---- C:\Documents and Settings\Max Crane\Application Data\Hide IP NG
2008-07-05 14:51:33 ----D---- C:\Documents and Settings\Max Crane\Application Data\HideIP
2008-06-30 08:30:25 ----D---- C:\Program Files\Foxit Software
2008-06-27 23:53:44 ----D---- C:\Program Files\TweakNow PowerPack Pro
2008-06-27 23:53:44 ----D---- C:\Documents and Settings\Max Crane\Application Data\TweakNow PowerPack
2008-06-27 17:27:34 ----D---- C:\Program Files\SRS Labs
2008-06-27 00:12:04 ----D---- C:\Documents and Settings\Max Crane\Application Data\MouseLight
2008-06-27 00:10:37 ----D---- C:\Program Files\MouseLight
2008-06-27 00:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Dynamic Library2
2008-06-27 00:10:37 ----A---- C:\WINDOWS\system32\50001T.dll
2008-06-26 23:47:50 ----D---- C:\VueScan
2008-06-14 10:50:47 ----A---- C:\Program Files\Shortcut to HiJackThis.exe.lnk

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-05-06 17005]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AUD;DTV-DVB 3054 Analog Audio Capture; C:\WINDOWS\system32\DRIVERS\3054AudCap.sys [2005-09-23 10112]
R3 CX23880;DTV-DVB 3054 Video Capture; C:\WINDOWS\system32\drivers\3054VidCap.sys [2005-09-23 163072]
R3 CXAVSTS;DTV-DVB 3054 Digital TS Capture; C:\WINDOWS\system32\drivers\3054BDACap.sys [2005-09-23 18432]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-08-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
R3 THAVXBar;DTV-DVB 3054 Analog AVStream Crossbar; C:\WINDOWS\system32\drivers\3054AVXBar.sys [2005-09-23 10368]
R3 THBDATUNE;DTV-DVB 3054 Digital Tuner/Demod; C:\WINDOWS\system32\drivers\3054BDATune.sys [2005-09-23 110336]
R3 THIR;DTV-DVB 3054 IR Decoder; C:\WINDOWS\system32\drivers\3054IR.sys [2005-09-23 17408]
R3 THTUNE;DTV-DVB 3054 Analog Tuner; C:\WINDOWS\system32\drivers\3054Tune.sys [2005-09-23 33408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-08-23 189704]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

[Egwene]

Hey Learnatic,

There is on leftovers now ! We will fix it

---

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

---

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Registry Modifications

• Open up Notepad (if you can't find it: Click Start | Run | type Notepad and hit enter). Copy and paste the following text into the blank document.
  
  

  REGEDIT4
  
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
  
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

• Save the file to your Desktop as fix.reg (make sure All Files is selected when saving.
• Go to your desktop and double click the new file. It will ask you if you want to merge the changes in the file with the registry, click Yes and you'll receive a confirmation message.

Then reboot your computer and post me a fresh RSIT log.

Regards,
Egwene.

[Learnatic]

Sorry to keep you up ...

Here's the fresh one ..
Thanks,
M.

RSIT

Logfile of random's system information tool (written by random/random)
Run by Max Crane at 2008-09-11 09:04:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 35 GB (46%) free of 76 GB
Total RAM: 1007 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05:06, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Max Crane\Desktop\RSIT.exe
C:\HJT\Max Crane.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nca.connect.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193015734890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193015572453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5614 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Ad Muncher"=C:\Program Files\Ad Muncher\AdMunch.exe [2008-09-08 779776]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Mmm"=C:\Program Files\HACE\Mmm\MmmTray.exe [2006-12-10 15872]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-10-17 2582288]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2008-06-09 3215360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Filetopia.exe"="C:\Program Files\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"="C:\Program Files\Windows Media Components\Encoder\WMEnc.exe:*:Enabled:Windows Media Encoder"
"C:\Program Files\ESET\ESET Smart Security\egui.exe"="C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:ESET Smart Security"
"C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe"="C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe:*:Enabled:Uninstall"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-09 14:18:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-09 14:18:18 ----D---- C:\WINDOWS\Prefetch
2008-09-09 14:10:42 ----A---- C:\WINDOWS\setuplog.txt
2008-09-09 14:09:19 ----D---- C:\WINDOWS\system32\scripting
2008-09-09 14:09:18 ----D---- C:\WINDOWS\l2schemas
2008-09-09 14:09:17 ----D---- C:\WINDOWS\system32\en
2008-09-09 14:09:16 ----D---- C:\WINDOWS\system32\bits
2008-09-09 14:05:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-09 13:56:12 ----D---- C:\WINDOWS\EHome
2008-09-09 13:25:08 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-09 13:25:05 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-09 13:25:03 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-09 13:25:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-09 13:24:50 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-09 13:24:41 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-09 13:24:39 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-09 13:24:36 ----N---- C:\WINDOWS\slrundll.exe
2008-09-09 13:24:32 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-09 13:24:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-09 13:24:27 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-09 13:24:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-09 13:24:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-09 13:24:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-09 13:24:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-09 13:24:16 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-09 13:24:12 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-09 13:24:01 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-09 13:24:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-09 13:23:59 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-09 13:23:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-09 13:23:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-09 13:23:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-09 13:23:32 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-09 13:23:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-09 13:23:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-09 13:23:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-09 13:22:56 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-09 13:22:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-09 13:22:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-09 13:22:45 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-09 13:22:43 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-09 13:22:42 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-09 13:22:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-09 13:22:37 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-09 13:22:36 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-09 13:22:32 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-09 07:06:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 23:56:06 ----A---- C:\dl_log.txt
2008-09-08 23:50:35 ----D---- C:\_OTMoveIt
2008-09-08 23:13:09 ----D---- C:\HJT
2008-09-08 16:33:58 ----D---- C:\Program Files\MagicDVDCopier
2008-09-08 14:40:14 ----D---- C:\Program Files\trend micro
2008-09-08 11:00:54 ----D---- C:\Program Files\Ad Muncher
2008-09-08 11:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Ad Muncher
2008-09-08 08:56:10 ----D---- C:\Documents and Settings\Max Crane\Application Data\PingTesterDataBas
2008-09-08 07:14:34 ----D---- C:\rsit
2008-09-08 01:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-08 01:13:49 ----D---- C:\Program Files\Common Files\iS3
2008-09-08 00:58:01 ----A---- C:\SMit Fix 07 09 2008-Final.txt
2008-09-07 18:04:54 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 17:05:04 ----D---- C:\Program Files\ERUNT
2008-09-07 13:20:38 ----A---- C:\SMit Fix 07 09 2008-02.txt
2008-09-07 12:23:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 12:23:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-07 11:39:20 ----A---- C:\SMit Fix 07 09 2008-01.txt
2008-09-06 19:00:01 ----A---- C:\SMit Fix 06 09 2008-05.txt
2008-09-06 17:58:40 ----A---- C:\SMit Fix 06 09 2008-04.txt
2008-09-06 17:45:19 ----A---- C:\SMit Fix 06 09 2008-03.txt
2008-09-06 17:38:20 ----A---- C:\SMit Fix 06 09 2008-02.txt
2008-09-06 17:14:54 ----A---- C:\SMit Fix 06 09 2008.txt
2008-09-06 17:11:54 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-06 17:11:37 ----A---- C:\rapport.txt
2008-09-06 00:44:11 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 00:21:05 ----D---- C:\Documents and Settings\Max Crane\Application Data\TmpRecentIcons
2008-09-04 14:17:03 ----D---- C:\Program Files\The KMPlayer1431
2008-08-29 07:22:42 ----D---- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2008-08-29 07:21:52 ----D---- C:\Documents and Settings\Max Crane\Application Data\Future Systems Solutions
2008-08-25 12:57:29 ----D---- C:\Program Files\Boilsoft Video Splitter
2008-08-25 12:51:21 ----D---- C:\Program Files\Boilsoft Video Joiner
2008-08-24 07:49:59 ----D---- C:\Program Files\Sudoku 50000
2008-08-21 23:05:54 ----D---- C:\download
2008-08-12 22:14:19 ----D---- C:\Program Files\ESET
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-19 01:02:08 ----A---- C:\WINDOWS\system32\java.exe
2008-07-18 16:01:12 ----D---- C:\tmp
2008-07-15 22:59:28 ----D---- C:\Program Files\Ashampoo
2008-07-08 08:55:35 ----A---- C:\WINDOWS\UninstallFirefox.exe
2008-07-07 23:13:27 ----D---- C:\my dvd
2008-07-07 23:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-07-07 23:11:28 ----D---- C:\WINDOWS\WinAVI Video Converter 9.0
2008-07-07 20:43:30 ----D---- C:\Program Files\D-Link DSLs
2008-07-05 15:49:24 ----D---- C:\Documents and Settings\Max Crane\Application Data\Hide IP NG
2008-07-05 14:51:33 ----D---- C:\Documents and Settings\Max Crane\Application Data\HideIP
2008-06-30 08:30:25 ----D---- C:\Program Files\Foxit Software
2008-06-27 23:53:44 ----D---- C:\Program Files\TweakNow PowerPack Pro
2008-06-27 23:53:44 ----D---- C:\Documents and Settings\Max Crane\Application Data\TweakNow PowerPack
2008-06-27 17:27:34 ----D---- C:\Program Files\SRS Labs
2008-06-27 00:12:04 ----D---- C:\Documents and Settings\Max Crane\Application Data\MouseLight
2008-06-27 00:10:37 ----D---- C:\Program Files\MouseLight
2008-06-27 00:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Dynamic Library2
2008-06-27 00:10:37 ----A---- C:\WINDOWS\system32\50001T.dll
2008-06-26 23:47:50 ----D---- C:\VueScan
2008-06-14 10:50:47 ----A---- C:\Program Files\Shortcut to HiJackThis.exe.lnk

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-05-06 17005]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AUD;DTV-DVB 3054 Analog Audio Capture; C:\WINDOWS\system32\DRIVERS\3054AudCap.sys [2005-09-23 10112]
R3 CX23880;DTV-DVB 3054 Video Capture; C:\WINDOWS\system32\drivers\3054VidCap.sys [2005-09-23 163072]
R3 CXAVSTS;DTV-DVB 3054 Digital TS Capture; C:\WINDOWS\system32\drivers\3054BDACap.sys [2005-09-23 18432]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-08-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
R3 THAVXBar;DTV-DVB 3054 Analog AVStream Crossbar; C:\WINDOWS\system32\drivers\3054AVXBar.sys [2005-09-23 10368]
R3 THBDATUNE;DTV-DVB 3054 Digital Tuner/Demod; C:\WINDOWS\system32\drivers\3054BDATune.sys [2005-09-23 110336]
R3 THIR;DTV-DVB 3054 IR Decoder; C:\WINDOWS\system32\drivers\3054IR.sys [2005-09-23 17408]
R3 THTUNE;DTV-DVB 3054 Analog Tuner; C:\WINDOWS\system32\drivers\3054Tune.sys [2005-09-23 33408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-08-23 189704]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

Edited by Learnatic, 10 September 2008 - 05:07 PM.

[Egwene]

Hey Learnatic,

Congralutations, your log looks clean

1) Run OTcleanIT :

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

2) Flush your system restore :

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore.
* Click Apply, and then click OK.


Restart your computer.

Turn ON System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.

3) Update windows :

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

4) Prevention/protection :

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• If you haven't a firewall on your computer, I advice you to install one of the following : Kerio / Commodo / ZoneAlarme.
  
• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
• To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
  
• SpywareBlaster protects against bad ActiveX.
  
• IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
  Have a look at this tutorial for IE-Spyad here
  
  Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here

Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Regards,
Egwene.