Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus on Operating Memory =( [CLOSED]

Started by freakwizard , Oct 19 2008 09:10 AM

  • This topic is locked This topic is locked

#1
freakwizard
Posted 19 October 2008 - 09:10 AM

freakwizard

    Member

  • Member
  • PipPip
  • 40 posts
Please help me, Avast is detecting a Virus on the Operating Memory but its not being deleted =(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:32 AM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\com\Desktop\??????????? flashdrive.exe /start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [L07AXLRD_23637062] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10184 bytes
  • 0

Advertisements

#2
Egwene
Posted 19 October 2008 - 09:24 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello freakwizard,

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :)

1) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):
  • ShoppingReport

2) Run RSIT :

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


N.B : Please check if you have posted me all the content of the log. If not, please post me what is missing in a other reply :)

Regards,
Egwene.
  • 0

#3
freakwizard
Posted 19 October 2008 - 09:32 AM

freakwizard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi Egwene! You guys are simply awesome and thanks for taking your precious time to help me =)

This is the log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by com at 2008-10-19 08:28:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 64 GB (77%) free of 82 GB
Total RAM: 2038 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:10 AM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\com\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\com.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\com\Desktop\??????????? flashdrive.exe /start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [L07AXLRD_23637062] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9819 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-09-17 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-17 651248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-09-17 433272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"protect_autorun"=C:\Documents and Settings\com\Desktop\??????????? flashdrive.exe /start []
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-09-18 289088]
"L07AXLRD_23637062"=C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000]
"Google Update"=C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-22 133104]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe []
"kamsoft"=C:\WINDOWS\system32\ckvo.exe [2008-10-19 105115]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\CTFMON.EXE [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\PROGRA~1\DAP\DAP.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-08-24 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-02-11 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\Metin2.us\metin2.bin"="D:\Program Files\Metin2.us\metin2.bin:*:Enabled:metin2"
"D:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="D:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Documents and Settings\All Users\Documents\Counter-Strike 1.6\hl.exe"="C:\Documents and Settings\All Users\Documents\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"D:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe"="D:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo"
"D:\Program Files\Age Of Empire-II The Conquerors\age2_x1.exe"="D:\Program Files\Age Of Empire-II The Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Program Files\Valve\hlds.exe"="D:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50f6911-91c9-11dd-8a26-00215c36d2a5}]
shell\AutoRun\command - G:\1t6yxlxx.cmd
shell\explore\command - G:\1t6yxlxx.cmd
shell\open\command - G:\1t6yxlxx.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e8f4c6-86c6-11dd-89e7-00215c36d2a5}]
shell\AutoRun\command - ktnquo.exe
shell\explore\command - ktnquo.exe
shell\open\command - ktnquo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e60cfb-7b50-11dd-89b2-00215c36d2a5}]
shell\AutoRun\command - H:\2fiji.com
shell\explore\command - H:\2fiji.com
shell\open\command - H:\2fiji.com


======List of files/folders created in the last 1 months======

2008-10-19 08:28:09 ----D---- C:\rsit
2008-10-19 08:09:17 ----D---- C:\Program Files\Trend Micro
2008-10-18 10:17:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-18 10:17:32 ----D---- C:\Program Files\Alwil Software
2008-10-18 09:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-17 23:38:50 ----RSH---- C:\2fiji.com
2008-10-17 05:53:07 ----RSH---- C:\b.exe
2008-10-16 06:01:31 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-10-16 03:33:58 ----RSH---- C:\9.cmd
2008-10-16 03:33:32 ----RSH---- C:\WINDOWS\system32\ckvo1.dll
2008-10-07 11:38:24 ----D---- C:\Program Files\Hamachi
2008-10-07 09:16:59 ----D---- C:\Documents and Settings\com\Application Data\Opera
2008-10-07 09:15:39 ----D---- C:\Program Files\Opera
2008-10-07 06:43:13 ----D---- C:\Program Files\KeepV Converter
2008-10-06 05:40:20 ----D---- C:\Program Files\Orbitdownloader
2008-10-03 23:26:57 ----D---- C:\Program Files\MSECache
2008-10-03 22:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-03 22:13:11 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-03 22:13:02 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-03 22:12:01 ----D---- C:\189016a8cff9dbed44
2008-10-03 22:01:47 ----RSH---- C:\WINDOWS\system32\ckvo0.dll
2008-10-03 22:01:47 ----RSH---- C:\WINDOWS\system32\ckvo.exe
2008-09-30 07:36:30 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 07:35:07 ----A---- C:\WINDOWS\BricoPackUninst.txt
2008-09-30 07:35:07 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 07:34:52 ----D---- C:\WINDOWS\BricoPacks
2008-09-27 13:12:47 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-27 13:12:40 ----D---- C:\Program Files\Common Files\Sandlot Shared
2008-09-24 07:34:01 ----D---- C:\Documents and Settings\com\Application Data\GrabPro
2008-09-24 07:32:47 ----D---- C:\Downloads
2008-09-24 07:32:17 ----D---- C:\Documents and Settings\com\Application Data\Orbit

======List of files/folders modified in the last 1 months======

2008-10-19 08:28:07 ----D---- C:\WINDOWS\Prefetch
2008-10-19 08:26:28 ----RD---- C:\Program Files
2008-10-19 08:22:48 ----D---- C:\Program Files\Mozilla Firefox
2008-10-19 08:21:28 ----D---- C:\Documents and Settings\com\Application Data\DNA
2008-10-19 08:18:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-19 08:05:42 ----D---- C:\WINDOWS\system32
2008-10-19 08:05:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-19 08:01:41 ----D---- C:\WINDOWS\Temp
2008-10-19 08:01:28 ----D---- C:\WINDOWS\system32\drivers
2008-10-19 07:47:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-19 07:16:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-19 07:14:20 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-19 01:41:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-18 17:26:20 ----D---- C:\WINDOWS\system32\config
2008-10-18 09:56:11 ----SD---- C:\Documents and Settings\com\Application Data\Microsoft
2008-10-18 09:56:11 ----D---- C:\WINDOWS
2008-10-18 09:56:10 ----D---- C:\WINDOWS\system
2008-10-16 03:42:49 ----SD---- C:\WINDOWS\Tasks
2008-10-14 02:43:27 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-11 10:30:41 ----D---- C:\WINDOWS\system32\Macromed
2008-10-07 11:45:55 ----D---- C:\Documents and Settings\com\Application Data\Hamachi
2008-10-07 09:15:46 ----SHD---- C:\WINDOWS\Installer
2008-10-03 23:43:16 ----RSD---- C:\WINDOWS\Fonts
2008-10-03 23:43:13 ----D---- C:\Program Files\Microsoft Office
2008-10-03 23:43:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-03 23:00:14 ----HD---- C:\WINDOWS\inf
2008-10-03 22:57:39 ----D---- C:\WINDOWS\AppPatch
2008-10-03 22:20:52 ----D---- C:\Program Files\SpeedFan
2008-10-03 22:15:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 22:13:34 ----D---- C:\WINDOWS\system32\dllcache
2008-10-03 22:13:25 ----A---- C:\WINDOWS\imsins.BAK
2008-10-03 22:12:58 ----D---- C:\Program Files\Windows Media Player
2008-10-03 22:12:58 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-03 22:12:55 ----D---- C:\WINDOWS\Help
2008-10-03 21:06:27 ----D---- C:\Documents and Settings\com\Application Data\Macromedia
2008-09-30 22:59:23 ----A---- C:\WINDOWS\win.ini
2008-09-30 07:36:29 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-09-30 07:35:48 ----D---- C:\WINDOWS\Cursors
2008-09-30 07:35:43 ----D---- C:\WINDOWS\Media
2008-09-27 13:12:40 ----D---- C:\Program Files\Common Files
2008-09-22 04:41:41 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-05-07 12672]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-25 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-11-15 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-15 862922]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-07 25280]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-12-19 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-25 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-05-07 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-05-07 210816]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-25 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-09-22 10368]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-09-10 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-08-31 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-10 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2005-07-29 121856]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-05-07 731136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-05 248832]
S3 ant7e8m5;ant7e8m5; C:\WINDOWS\system32\drivers\ant7e8m5.sys []
S3 BCM43XX;??????????????????????????? Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-11-15 30459]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-11-15 67672]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NETw3x32;?????????????????? Intel® PRO/Wireless 3945ABG ?????? Windows XP 32 ???; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-11-06 1711104]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-03-14 1428480]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; hex(2):73 []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; hex(2):73 []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-17 137200]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-11-29 144688]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-25 66872]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-30 72704]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

And this is the Info

info.txt logfile of random's system information tool 1.04 2008-10-19 08:28:12

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -I*.INF
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B5a.INF
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
Diamond Mine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61474E25-34B5-4B95-962D-415DBE39E148}\Setup.exe"
Dynomite Deluxe 2.71-->C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
GAMEHOUSE-->"C:\Program Files\GAMEHOUSE\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GrabPro - Toolbar-->regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\HXFSETUP.EXE -U -IHPQ0033M.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP Quick Launch Buttons 6.30 E2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Wireless Assistant-->MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KeepV Flash Converter-->"C:\Program Files\KeepV Converter\unins000.exe"
Learning Essentials for Microsoft Office-->MsiExec.exe /X{B348E585-E872-41DF-8234-E2D49917CFBB}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Math-->MsiExec.exe /I{07043840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Office 2003 Thai User Interface Pack-->MsiExec.exe /I{901E041E-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Student 2007 for Learning Essentials-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft Student with Encarta Premium 2007-->MsiExec.exe /I{07041881-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Visual Basic 6.0 Working Model Edition-->"C:\Program Files\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mpegable Broadcaster-->C:\WINDOWS\AKDeInstall.exe "/C:\Program Files\mpegable\"
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Need for Speed™ Most Wanted-->D:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe"
Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SLT DIRECTORY 2008-->MsiExec.exe /I{C87732F7-0ACC-4284-A323-9AF520524DC1}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795\UIU32m.exe -U -IhpqZ3795.inf
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
SpywareBlaster v3.5-->"C:\Program Files\SpywareBlaster\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Food Lover's Encyclopedia-->C:\PROGRA~1\TheFood\UNWISE.EXE C:\PROGRA~1\TheFood\INSTALL.LOG
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
What's Running 2.2-->"C:\Program Files\Utilities\WhatsRunning\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wolfenstein - Enemy Territory-->D:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u D:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080923-0] (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

-----------------EOF-----------------
  • 0

#4
Egwene
Posted 19 October 2008 - 01:46 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello freakwizard,

You're welcome :)

Let's go with the removal :)

First, please be sure you plug in your USB drive before doing the following handlings !

1) Disable real-time protections :

--> Please disable Avast! real-time protection, more help here : http://www.bleepingc...opic114351.html

2) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):
  • Adobe Reader 8.1.1
  • Ares 2.0.9

Optional Removals : You have at least one peer-to-peer softwares on your computer.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

3) Fix with HijackThis :

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

Now close all windows other than HiJackThis, then click Fix Checked.

4) Backing up your registry :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

5) Run OTmoveIT3 :

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50f6911-91c9-11dd-8a26-00215c36d2a5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e8f4c6-86c6-11dd-89e7-00215c36d2a5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e60cfb-7b50-11dd-89b2-00215c36d2a5}]
 
:files
H:\2fiji.com
G:\1t6yxlxx.cmd
C:\2fiji.com
C:\b.exe
C:\9.cmd
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

And please post me a fresh RSIT log in your next answer.

Regards,
Egwene.
  • 0

#5
freakwizard
Posted 19 October 2008 - 10:29 PM

freakwizard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hey Egwene, I did what you asked. =)

Here's your OT Timer Log File

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50f6911-91c9-11dd-8a26-00215c36d2a5}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e8f4c6-86c6-11dd-89e7-00215c36d2a5}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e60cfb-7b50-11dd-89b2-00215c36d2a5}\\ deleted successfully.
========== FILES ==========
File/Folder H:\2fiji.com not found.
File/Folder G:\1t6yxlxx.cmd not found.
C:\2fiji.com moved successfully.
C:\b.exe moved successfully.
C:\9.cmd moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo1.dll NOT unregistered.
C:\WINDOWS\system32\ckvo1.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo0.dll NOT unregistered.
C:\WINDOWS\system32\ckvo0.dll moved successfully.
C:\WINDOWS\system32\ckvo.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\com\LOCALS~1\Temp\etilqs_0ZHpEtauuDiuSMH8wCse scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10192008_212156

Files moved on Reboot...
File C:\DOCUME~1\com\LOCALS~1\Temp\etilqs_0ZHpEtauuDiuSMH8wCse not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat not found!
C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\com\Local Settings\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\XUL.mfl moved successfully.

And here's the RSIT Log


Logfile of random's system information tool 1.04 (written by random/random)
Run by com at 2008-10-19 21:28:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 65 GB (78%) free of 82 GB
Total RAM: 2038 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:12 PM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\com\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\com.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [protect_autorun] C:\Documents and Settings\com\Desktop\??????????? flashdrive.exe /start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [L07AXLRD_23637062] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9154 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-09-17 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-17 651248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-09-17 433272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"protect_autorun"=C:\Documents and Settings\com\Desktop\??????????? flashdrive.exe /start []
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-09-18 289088]
"L07AXLRD_23637062"=C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000]
"Google Update"=C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-22 133104]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\CTFMON.EXE [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\PROGRA~1\DAP\DAP.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-08-24 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-02-11 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\Metin2.us\metin2.bin"="D:\Program Files\Metin2.us\metin2.bin:*:Enabled:metin2"
"D:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="D:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Documents and Settings\All Users\Documents\Counter-Strike 1.6\hl.exe"="C:\Documents and Settings\All Users\Documents\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"D:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe"="D:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo"
"D:\Program Files\Age Of Empire-II The Conquerors\age2_x1.exe"="D:\Program Files\Age Of Empire-II The Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Program Files\Valve\hlds.exe"="D:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-10-19 21:21:56 ----D---- C:\_OTMoveIt
2008-10-19 21:20:03 ----D---- C:\WINDOWS\ERDNT
2008-10-19 21:19:17 ----D---- C:\Program Files\ERUNT
2008-10-19 21:15:50 ----SHD---- C:\Config.Msi
2008-10-19 08:28:09 ----D---- C:\rsit
2008-10-19 08:09:17 ----D---- C:\Program Files\Trend Micro
2008-10-18 10:17:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-18 10:17:32 ----D---- C:\Program Files\Alwil Software
2008-10-18 09:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-16 06:01:31 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-10-07 11:38:24 ----D---- C:\Program Files\Hamachi
2008-10-07 09:16:59 ----D---- C:\Documents and Settings\com\Application Data\Opera
2008-10-07 09:15:39 ----D---- C:\Program Files\Opera
2008-10-07 06:43:13 ----D---- C:\Program Files\KeepV Converter
2008-10-06 05:40:20 ----D---- C:\Program Files\Orbitdownloader
2008-10-03 23:26:57 ----D---- C:\Program Files\MSECache
2008-10-03 22:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-03 22:13:11 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-03 22:13:02 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-03 22:12:01 ----D---- C:\189016a8cff9dbed44
2008-09-30 07:36:30 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 07:35:07 ----A---- C:\WINDOWS\BricoPackUninst.txt
2008-09-30 07:35:07 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 07:34:52 ----D---- C:\WINDOWS\BricoPacks
2008-09-27 13:12:47 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-27 13:12:40 ----D---- C:\Program Files\Common Files\Sandlot Shared
2008-09-24 07:34:01 ----D---- C:\Documents and Settings\com\Application Data\GrabPro
2008-09-24 07:32:47 ----D---- C:\Downloads
2008-09-24 07:32:17 ----D---- C:\Documents and Settings\com\Application Data\Orbit

======List of files/folders modified in the last 1 months======

2008-10-19 21:26:34 ----D---- C:\Program Files\Mozilla Firefox
2008-10-19 21:26:19 ----D---- C:\WINDOWS\Temp
2008-10-19 21:24:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-19 21:24:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-19 21:24:43 ----D---- C:\Documents and Settings\com\Application Data\DNA
2008-10-19 21:21:57 ----D---- C:\WINDOWS\system32
2008-10-19 21:20:54 ----D---- C:\WINDOWS\Prefetch
2008-10-19 21:20:03 ----D---- C:\WINDOWS
2008-10-19 21:19:17 ----RD---- C:\Program Files
2008-10-19 21:16:10 ----SHD---- C:\WINDOWS\Installer
2008-10-19 21:15:59 ----D---- C:\Program Files\Adobe
2008-10-19 21:15:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-19 21:15:57 ----D---- C:\Program Files\Common Files\Adobe
2008-10-19 20:52:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-19 20:49:06 ----D---- C:\WINDOWS\system32\drivers
2008-10-19 09:09:58 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-19 07:16:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-19 01:41:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-18 17:26:20 ----D---- C:\WINDOWS\system32\config
2008-10-18 09:56:11 ----SD---- C:\Documents and Settings\com\Application Data\Microsoft
2008-10-18 09:56:10 ----D---- C:\WINDOWS\system
2008-10-16 03:42:49 ----SD---- C:\WINDOWS\Tasks
2008-10-14 02:43:27 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-11 10:30:41 ----D---- C:\WINDOWS\system32\Macromed
2008-10-07 11:45:55 ----D---- C:\Documents and Settings\com\Application Data\Hamachi
2008-10-03 23:43:16 ----RSD---- C:\WINDOWS\Fonts
2008-10-03 23:43:13 ----D---- C:\Program Files\Microsoft Office
2008-10-03 23:43:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-03 23:00:14 ----HD---- C:\WINDOWS\inf
2008-10-03 22:57:39 ----D---- C:\WINDOWS\AppPatch
2008-10-03 22:20:52 ----D---- C:\Program Files\SpeedFan
2008-10-03 22:15:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 22:13:34 ----D---- C:\WINDOWS\system32\dllcache
2008-10-03 22:13:25 ----A---- C:\WINDOWS\imsins.BAK
2008-10-03 22:12:58 ----D---- C:\Program Files\Windows Media Player
2008-10-03 22:12:58 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-03 22:12:55 ----D---- C:\WINDOWS\Help
2008-10-03 21:06:27 ----D---- C:\Documents and Settings\com\Application Data\Macromedia
2008-09-30 22:59:23 ----A---- C:\WINDOWS\win.ini
2008-09-30 07:36:29 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-09-30 07:35:48 ----D---- C:\WINDOWS\Cursors
2008-09-30 07:35:43 ----D---- C:\WINDOWS\Media
2008-09-27 13:12:40 ----D---- C:\Program Files\Common Files
2008-09-22 04:41:41 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-05-07 12672]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-25 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-11-15 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-15 862922]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-07 25280]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-12-19 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-25 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-05-07 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-05-07 210816]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-25 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-09-22 10368]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-09-10 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-08-31 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-10 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2005-07-29 121856]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-05-07 731136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-05 248832]
S3 aezltufg;aezltufg; C:\WINDOWS\system32\drivers\aezltufg.sys []
S3 BCM43XX;??????????????????????????? Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-11-15 30459]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-11-15 67672]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NETw3x32;?????????????????? Intel® PRO/Wireless 3945ABG ?????? Windows XP 32 ???; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-11-06 1711104]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-03-14 1428480]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; hex(2):73 []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; hex(2):73 []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-17 137200]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-11-29 144688]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-25 66872]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-30 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
  • 0

#6
Egwene
Posted 20 October 2008 - 12:35 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello freakwizard,

You log looks nearly clean, but there is something i need to check, sounds like suspicous :)

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post


Regards,
Egwene.
  • 0

#7
freakwizard
Posted 21 October 2008 - 08:50 AM

freakwizard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hey Egwene, just for your information my Avast Anti-Virus is still detecting a virus on the operating memory called CKVO.exe or something like that and it asks me if I want to delete it or ignore. But I click the ignore button.

Here's a screeshot -

Posted Image

I did what you asked me to...

Attached File  runfile.run   174.68KB   166 downloads

Here's the log file generated from runscanner just in case you needed it :)

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : STEFAN
Creation time : 10/21/2008 7:44:29 AM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)
* C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
* C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
* C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
* C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
* C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
* C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
* C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\PnkBstrA.exe
* C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
* C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
* C:\Documents and Settings\com\Desktop\runscanner\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

Unrated items
-------------
002 * C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
002 C:\Program Files\Google\Google Talk\googletalk.exe (Google)
002 * C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
002 * C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
003 * C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
003 * C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
003 C:\WINDOWS\system32\ckvo.exe
005 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
008 C:\WINDOWS\system32\msnsc.exe (dgelwin )
009 C:\WINDOWS\system32\msnsc.exe (dgelwin )
010 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe LM Service)
010 * C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Bluetooth Service)
010 * C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google Updater Service)
010 * C:\WINDOWS\system32\PnkBstrA.exe (PnkBstrA)
010 C:\WINDOWS\system32\spoolsv.exe (Print Spooler)
010 C:\WINDOWS\system32\msiexec.exe (Windows Installer)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 C:\WINDOWS\system32\DRIVERS\imapi.sys (CD-Burning Filter Driver)
011 C:\WINDOWS\system32\DRIVERS\fltMgr.sys (FltMgr)
011 C:\WINDOWS\system32\giveio.sys (giveio)
011 * C:\WINDOWS\system32\DRIVERS\hamachi.sys (Hamachi Network Interface)
011 C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys (HP Remote Control HID Device)
011 C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP)
011 C:\WINDOWS\system32\DRIVERS\intelppm.sys (Intel Processor Driver)
011 C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator)
011 C:\WINDOWS\system32\DRIVERS\update.sys (Microcode Update Driver)
011 C:\WINDOWS\system32\drivers\aec.sys (Microsoft Kernel Acoustic Echo Canceller)
011 C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter)
011 C:\WINDOWS\system32\drivers\kmixer.sys (Microsoft Kernel Wave Audio Mixer)
011 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Microsoft UAA Bus Driver for High Definition Audio)
011 C:\WINDOWS\system32\drivers\CHDAud.sys (Microsoft UAA Function Driver for High Definition Audio Service)
011 C:\WINDOWS\system32\DRIVERS\usbehci.sys (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver)
011 C:\WINDOWS\system32\DRIVERS\usbuhci.sys (Microsoft USB Universal Host Controller Miniport Driver)
011 C:\WINDOWS\system32\drivers\wdmaud.sys (Microsoft WINMM WDM Audio Compatibility Driver)
011 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (MRXSMB)
011 C:\WINDOWS\system32\drivers\Mup.sys (Mup)
011 C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS Usermode I/O Protocol)
011 C:\WINDOWS\system32\DRIVERS\ohci1394.sys (OHCI Compliant IEEE 1394 Host Controller)
011 C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
011 C:\WINDOWS\system32\DRIVERS\rdbss.sys (Rdbss)
011 C:\WINDOWS\system32\drivers\RDPWD.sys (RDPWD)
011 C:\WINDOWS\system32\DRIVERS\secdrv.sys (Secdrv)
011 C:\WINDOWS\system32\speedfan.sys (speedfan)
011 C:\WINDOWS\System32\Drivers\sptd.sys (sptd)
011 C:\WINDOWS\system32\DRIVERS\srv.sys (Srv)
011 C:\WINDOWS\System32\drivers\sfdrv01.sys (StarForce Protection Environment Driver (version 1.x))
011 C:\WINDOWS\System32\drivers\sfhlp02.sys (StarForce Protection Helper Driver (version 2.x))
011 C:\WINDOWS\System32\drivers\sfvfs02.sys (StarForce Protection VFS Driver (version 2.x))
011 C:\WINDOWS\system32\SVKP.sys (SVKP)
011 C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver)
011 C:\WINDOWS\System32\Drivers\usbvideo.sys (USB Video Device (WDM))
011 C:\WINDOWS\system32\DRIVERS\usbhub.sys (USB2 Enabled Hub)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}
030 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {8f6b0360-b80d-11d0-a9b3-006097942311}
030 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {8f6b0360-b80d-11d0-a9b3-006097942311}
030 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {8f6b0360-b80d-11d0-a9b3-006097942311}
030 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {733AC4CB-F1A4-11d0-B951-00A0C90312E1}
031 C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {79eac9e4-baf9-11ce-8c82-00aa004ba90b}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
031 C:\WINDOWS\system32\itss.dll (Microsoft Corporation) {9D148291-B9C8-11D0-A4CC-0000F80149F6}
031 C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
031 C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
031 C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) {05300401-BCBC-11d0-85E3-00C04FD85AB4}
031 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
031 C:\WINDOWS\system32\itss.dll (Microsoft Corporation) {9D148291-B9C8-11D0-A4CC-0000F80149F6}
031 C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
031 C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
031 C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) {76E67A63-06E9-11D2-A840-006008059382}
031 C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
034 C:\WINDOWS\Explorer.exe (Microsoft Corporation)
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
040 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
041 C:\Program Files\Orbitdownloader\GrabPro.dll {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
042 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
042 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}
042 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {CCA281CA-C863-46ef-9331-5C8D4460577F}
042 GUID / CLSID not found {B205A35E-1FC4-4CE3-818B-899DBBB3388C}
042 C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}
042 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}
044 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {01E04581-4EEE-11D0-BFE9-00AA005B4383}
045 C:\Program Files\Orbitdownloader\GrabPro.dll {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
045 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {01E04581-4EEE-11D0-BFE9-00AA005B4383}
045 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0E5CBF21-D15F-11D0-8301-00AA005B4383}
050 C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {AEB6717E-7E19-11d0-97EE-00C04FD91972}
051 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {438755C2-A8BA-11D1-B96B-00A0C90312E1}
051 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {8C7461EF-2B13-11d2-BE35-3078302C2030}
052 * C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
052 C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) {000123B4-9B42-4900-B3F7-F4B073EFC214}
060 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {fbeb8a05-beee-4442-804e-409d6c4515e9}
060 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7849596a-48ea-486e-8937-a2a3009f31a9}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {01E04581-4EEE-11d0-BFE9-00AA005B4383}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {7e653215-fa25-46bd-a339-34a2790f3cb7}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {A08C11D2-A228-11d0-825B-00AA005B4383}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {D20EA4E1-3957-11d2-A40B-0C5020524153}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {91EA3F8B-C99B-11d0-9815-00C04FD91972}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {6413BA2C-B461-11d1-A18A-080036B11A03}
061 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {F61FFEC1-754F-11d0-80CA-00AA005B4383}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {67EA19A0-CCEF-11d0-8024-00C04FD75D13}
061 C:\WINDOWS\system32\cdfview.dll (Microsoft Corporation) {f39a0dc0-9cc8-11d0-a599-00c04fd64433}
061 C:\WINDOWS\system32\cdfview.dll (Microsoft Corporation) {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
061 C:\WINDOWS\system32\cdfview.dll (Microsoft Corporation) {f3da0dc0-9cc8-11d0-a599-00c04fd64437}
061 C:\WINDOWS\system32\cdfview.dll (Microsoft Corporation) {f3ea0dc0-9cc8-11d0-a599-00c04fd64438}
061 C:\WINDOWS\system32\cdfview.dll (Microsoft Corporation) {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}
061 C:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {22BF0C20-6DA7-11D0-B373-00A0C9034938}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {EFA24E64-B078-11d0-89E4-00C04FC9E26E}
061 C:\WINDOWS\system32\extmgr.dll (Microsoft Corporation) {692F0339-CBAA-47e6-B5B5-3B84DB604E87}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {EFA24E61-B078-11d0-89E4-00C04FC9E26E}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {D20EA4E1-3957-11d2-A40B-0C5020524152}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {FF393560-C2A7-11CF-BFF4-444553540000}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {EFA24E62-B078-11d0-89E4-00C04FC9E26E}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {3028902F-6374-48b2-8DC6-9725E775B926}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {30D02401-6A81-11d0-8274-00C04FD5AE38}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {169A0691-8DF9-11d1-A1C4-00C04FD75D13}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {871C5380-42A0-1069-A2EA-08002B30309D}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {FBF23B40-E3F0-101B-8488-00AA003E56F8}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {131A6951-7F78-11D0-A979-00C04FD705A2}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {7BA4C742-9E81-11CF-99D3-00AA004AE837}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {00BB2764-6A77-11D0-A535-00C04FD7D062}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {5E6AB780-7743-11CF-A12B-00AA004AE837}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {00BB2765-6A77-11D0-A535-00C04FD7D062}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {03C036F1-A186-11D0-824A-00AA005B4383}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {3C374A40-BAE4-11CF-BF7D-00AA006946EE}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
061 C:\WINDOWS\System32\mmcshext.dll (Microsoft Corporation) {7A80E4A8-8005-11D2-BCF8-00C04F72C717}
061 C:\WINDOWS\system32\btncopy.dll (Broadcom Corporation.) {7842554E-6BED-11D2-8CDB-B05550C10000}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {6756A641-DE71-11d0-831B-00AA005B4383}
061 C:\WINDOWS\system32\ShellExt\TTFExtNT.dll (Microsoft Corporation) {afc638f0-e8a4-11ce-9ade-00aa00a42d2e}
061 C:\WINDOWS\system32\mmsys.cpl (Microsoft Corporation) {00022613-0000-0000-C000-000000000046}
061 C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
061 C:\WINDOWS\system32\NETSHELL.dll (Microsoft Corporation) {7007ACC7-3202-11D1-AAD2-00805FC1270E}
061 C:\WINDOWS\system32\NETSHELL.dll (Microsoft Corporation) {992CFFA0-F557-101A-88EC-00DD010CCC48}
061 C:\WINDOWS\system32\twext.dll (Microsoft Corporation) {9DB7A13C-F208-4981-8353-73CC61AE2783}
061 C:\WINDOWS\system32\twext.dll (Microsoft Corporation) {596AB062-B4D2-4215-9F74-E9109B0A8153}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {AF4F6510-F982-11d0-8595-00AA004CD6D8}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {9461b922-3c5a-11d2-bf8b-00c04fb93661}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {0A89A860-D7B1-11CE-8350-444553540000}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {ECD4FC4E-521C-11D0-B792-00A0C90312E1}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {ECD4FC4C-521C-11D0-B792-00A0C90312E1}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {E7E4BC40-E76A-11CE-A9BB-00AA004AE837}
061 C:\WINDOWS\system32\wshext.dll (Microsoft Corporation) {60254CA5-953B-11CF-8C96-00AA00B8708C}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {00BB2763-6A77-11D0-A535-00C04FD7D062}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {ECD4FC4D-521C-11D0-B792-00A0C90312E1}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {21569614-B795-46b1-85F4-E737A8DC09AD}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {7BD29E00-76C1-11CF-9DD0-00A0C9034933}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {7BD29E01-76C1-11CF-9DD0-00A0C9034933}
061 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {3DC7A020-0ACD-11CF-A9BB-00AA004AE837}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {acf35015-526e-4230-9596-becbe19f0ac9}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {7376D660-C583-11d0-A3A5-00C04FD706EC}
061 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {DD313E04-FEFF-11d1-8ECD-0000F87A470C}
061 C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {07798131-AF23-11d1-9111-00A0C98BA67D}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79307-84BE-11CE-9641-444553540000}
062 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
062 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F01-7B1C-11d1-838f-0000F80461CF}
062 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F02-7B1C-11d1-838f-0000F80461CF}
062 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {66742402-F9B9-11D1-A202-0000F81FEDEE}
064 C:\WINDOWS\system32\gdi32.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\olecli32.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\olecnv32.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\user32.dll (Microsoft Corporation)
064 C:\WINDOWS\system32\wininet.dll (Microsoft Corporation)
069 C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.)
069 C:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)
072 C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
072 C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)
073 Check Updates for Windows Live Toolbar.job : C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE (Microsoft Corporation)
073 GoogleUpdateTaskUser.job : C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
100 Search Page HKCU : http://g.msn.com/0SE...S01?FORM=TOOLBR
100 SearchUrl HKCU : http://g.msn.com/0SE...S01?FORM=TOOLBR
100 Start Page HKCU : http://search.orbitdownloader.com
102 C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {4D5C8C25-D075-11d0-B416-00C04FB90376}
105 &Download by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
105 &Grab video by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
105 &Windows Live Search : res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
105 Do&wnload selected by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
105 Down&load all by Orbit : res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
105 Send to &Bluetooth Device... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
172 C:\WINDOWS\System32\ntlanman.dll (Microsoft Corporation)
173 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 C:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C}
173 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
173 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
173 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin
173 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
221 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 C:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C}
221 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
221 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
221 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin
221 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
223 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7BA4C740-9E81-11CF-99D3-00AA004AE837}
223 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 C:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C}
225 C:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C}
225 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
225 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
227 C:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C}
227 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
227 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
229 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {D969A300-E7FF-11d0-A93B-00A0C90F2719}
231 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Missing files
-------------
002 C:\Documents and Settings\com\Desktop\กันไวรัสจาก flashdrive.exe
003 C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
010 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
010 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\and5bz6h.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 c:\windows\system32\DRIVERS\UIUSYS.SYS
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
011 hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,5
6,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,0
0,73,00,00,00
011 hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,5
6,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,0
0,73,00,00,00
061 deskpan.dll
172 C:\WINDOWS\System32\BCMLogon.dll
  • 0

#8
Egwene
Posted 21 October 2008 - 10:48 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello freakwizard,

Let's see if it's a leftover or not :)

1) Run Jason freakwizard.run file :

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Save it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red and in blue.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC

2) Run a batch file :
  • Please open Notepad (Click Start then Run; type Notepad into the box and press enter)
  • Copy and Paste the content of the box below into the Notepad window:

    @echo off & cls
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
del Query.bat
  • Save the above as Query.bat on your Desktop
  • Make sure All Files is selected as the file type
  • Double click on Query.bat
  • Please post me the contents of the C:\look.txt in your next answer.

And please post me a fresh RSIT log in your next answer.

Regards,
Egwene.

Attached Files


  • 0

#9
freakwizard
Posted 22 October 2008 - 09:49 AM

freakwizard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hiya Egwene, Thanks for everything you've been doing so far =)

Here's the "look" file =)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="STEFAN"
"DefaultUserName"="com"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,userinit.exe"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"SfcDisable"=dword:ffffff9d
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000000
"UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
00,00,00
"LogonType"=dword:00000001
"DebugServerCommand"="no"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000000
"AltDefaultUserName"="com"
"AltDefaultDomainName"="STEFAN"
"Background"="0 0 0"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

Here's the RSIT log =)

Logfile of random's system information tool 1.04 (written by random/random)
Run by com at 2008-10-22 08:48:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 65 GB (78%) free of 82 GB
Total RAM: 2038 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:05 AM, on 10/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\com\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\com.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [L07AXLRD_23637062] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8769 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-09-17 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-22 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-09-17 433272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-09-18 289088]
"L07AXLRD_23637062"=C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000]
"Google Update"=C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-22 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"kamsoft"=C:\WINDOWS\system32\ckvo.exe [2008-10-22 104123]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\CTFMON.EXE [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\PROGRA~1\DAP\DAP.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-08-24 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-02-11 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\Metin2.us\metin2.bin"="D:\Program Files\Metin2.us\metin2.bin:*:Enabled:metin2"
"D:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="D:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Documents and Settings\All Users\Documents\Counter-Strike 1.6\hl.exe"="C:\Documents and Settings\All Users\Documents\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"D:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe"="D:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo"
"D:\Program Files\Age Of Empire-II The Conquerors\age2_x1.exe"="D:\Program Files\Age Of Empire-II The Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Program Files\Valve\hlds.exe"="D:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"D:\Program Files\Xfire\xfire.exe"="D:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18ba34b0-6e23-11dd-94bf-806d6172696f}]
shell\AutoRun\command - C:\2fiji.com
shell\explore\command - C:\2fiji.com
shell\open\command - C:\2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18ba34b1-6e23-11dd-94bf-806d6172696f}]
shell\AutoRun\command - D:\2fiji.com
shell\explore\command - D:\2fiji.com
shell\open\command - D:\2fiji.com


======List of files/folders created in the last 1 months======

2008-10-22 08:48:27 ----RSH---- C:\xlk9.com
2008-10-22 08:47:13 ----A---- C:\look.txt
2008-10-20 08:24:20 ----D---- C:\Documents and Settings\com\Application Data\Xfire
2008-10-20 04:26:21 ----RSH---- C:\WINDOWS\system32\ckvo1.dll
2008-10-20 04:26:05 ----RSH---- C:\2fiji.com
2008-10-20 04:25:39 ----N---- C:\WINDOWS\system32\ckvo0.dll
2008-10-20 04:25:38 ----RSH---- C:\WINDOWS\system32\ckvo.exe
2008-10-19 21:21:56 ----D---- C:\_OTMoveIt
2008-10-19 21:20:03 ----D---- C:\WINDOWS\ERDNT
2008-10-19 21:19:17 ----D---- C:\Program Files\ERUNT
2008-10-19 08:28:09 ----D---- C:\rsit
2008-10-19 08:09:17 ----D---- C:\Program Files\Trend Micro
2008-10-18 10:17:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-18 10:17:32 ----D---- C:\Program Files\Alwil Software
2008-10-18 09:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-16 06:01:31 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-10-08 17:48:20 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-10-07 11:38:24 ----D---- C:\Program Files\Hamachi
2008-10-07 09:16:59 ----D---- C:\Documents and Settings\com\Application Data\Opera
2008-10-07 09:15:39 ----D---- C:\Program Files\Opera
2008-10-07 06:43:13 ----D---- C:\Program Files\KeepV Converter
2008-10-06 05:40:20 ----D---- C:\Program Files\Orbitdownloader
2008-10-03 23:26:57 ----D---- C:\Program Files\MSECache
2008-10-03 22:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-03 22:13:11 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-03 22:13:02 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-03 22:12:01 ----D---- C:\189016a8cff9dbed44
2008-09-30 07:36:30 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 07:35:07 ----A---- C:\WINDOWS\BricoPackUninst.txt
2008-09-30 07:35:07 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 07:34:52 ----D---- C:\WINDOWS\BricoPacks
2008-09-27 13:12:47 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-27 13:12:40 ----D---- C:\Program Files\Common Files\Sandlot Shared
2008-09-24 07:34:01 ----D---- C:\Documents and Settings\com\Application Data\GrabPro
2008-09-24 07:32:47 ----D---- C:\Downloads
2008-09-24 07:32:17 ----D---- C:\Documents and Settings\com\Application Data\Orbit

======List of files/folders modified in the last 1 months======

2008-10-22 08:48:00 ----D---- C:\WINDOWS\system32\drivers
2008-10-22 08:48:00 ----D---- C:\WINDOWS\system32
2008-10-22 08:45:47 ----D---- C:\Program Files\Mozilla Firefox
2008-10-22 08:45:42 ----D---- C:\WINDOWS\Temp
2008-10-22 08:44:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-22 08:44:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 08:44:30 ----D---- C:\Documents and Settings\com\Application Data\DNA
2008-10-22 08:28:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-22 08:15:13 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-22 07:17:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-21 05:33:12 ----SHD---- C:\WINDOWS\Installer
2008-10-20 10:20:04 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-20 08:14:27 ----D---- C:\WINDOWS\Prefetch
2008-10-20 07:38:18 ----A---- C:\WINDOWS\QTW.INI
2008-10-20 06:07:21 ----SD---- C:\Documents and Settings\com\Application Data\Microsoft
2008-10-19 21:20:03 ----D---- C:\WINDOWS
2008-10-19 21:19:17 ----RD---- C:\Program Files
2008-10-19 21:15:59 ----D---- C:\Program Files\Adobe
2008-10-19 21:15:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-19 21:15:57 ----D---- C:\Program Files\Common Files\Adobe
2008-10-18 17:26:20 ----D---- C:\WINDOWS\system32\config
2008-10-18 09:56:10 ----D---- C:\WINDOWS\system
2008-10-16 03:42:49 ----SD---- C:\WINDOWS\Tasks
2008-10-14 02:43:27 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-11 10:30:41 ----D---- C:\WINDOWS\system32\Macromed
2008-10-07 11:45:55 ----D---- C:\Documents and Settings\com\Application Data\Hamachi
2008-10-03 23:43:16 ----RSD---- C:\WINDOWS\Fonts
2008-10-03 23:43:13 ----D---- C:\Program Files\Microsoft Office
2008-10-03 23:43:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-03 23:00:14 ----HD---- C:\WINDOWS\inf
2008-10-03 22:57:39 ----D---- C:\WINDOWS\AppPatch
2008-10-03 22:20:52 ----D---- C:\Program Files\SpeedFan
2008-10-03 22:15:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 22:13:34 ----D---- C:\WINDOWS\system32\dllcache
2008-10-03 22:13:25 ----A---- C:\WINDOWS\imsins.BAK
2008-10-03 22:12:58 ----D---- C:\Program Files\Windows Media Player
2008-10-03 22:12:58 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-03 22:12:55 ----D---- C:\WINDOWS\Help
2008-10-03 21:06:27 ----D---- C:\Documents and Settings\com\Application Data\Macromedia
2008-09-30 22:59:23 ----A---- C:\WINDOWS\win.ini
2008-09-30 07:36:29 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-09-30 07:35:48 ----D---- C:\WINDOWS\Cursors
2008-09-30 07:35:43 ----D---- C:\WINDOWS\Media
2008-09-27 13:12:40 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-05-07 12672]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-25 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-11-15 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-15 862922]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-07 25280]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-12-19 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-25 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-05-07 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-05-07 210816]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-25 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-09-22 10368]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-09-10 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-08-31 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-10 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2005-07-29 121856]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-05-07 731136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-05 248832]
S3 a4s259kf;a4s259kf; C:\WINDOWS\system32\drivers\a4s259kf.sys []
S3 BCM43XX;??????????????????????????? Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-11-15 30459]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-11-15 67672]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NETw3x32;?????????????????? Intel® PRO/Wireless 3945ABG ?????? Windows XP 32 ???; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-11-06 1711104]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-03-14 1428480]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-11-29 144688]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-25 66872]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-30 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
  • 0

#10
Egwene
Posted 22 October 2008 - 11:32 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello freakwizard,

The infection come back again, but i think i have found why.

First, please do this :

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please navigate with your windows explorer untill this folder : C:\WINDOWS\system32 and search in a file called userinit.exe.

How many userinit.exe do you find ? One or Two ?

Don't do anything else, just check how many userinit.exe file you have !

Please give me your answer in your next reply.

Then please do :

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Reboot into normal mode.

Regards,
Egwene.
  • 0

Advertisements

#11
freakwizard
Posted 23 October 2008 - 06:00 AM

freakwizard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hiya! =)

I found only 1 userinit.exe files.

I did what you said and here is your SDFix Report


SDFix: Version 1.237
Run by com on Thu 10/23/2008 at 04:50 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 04:54:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d0,60,6c,4b,53,70,32,3e,5f,c7,11,00,d2,a0,b0,eb,e4,25,bf,4a,24,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,e9,d1,7d,49,7d,11,e0,a0,ea,02,d3,cc,c0,b7,21,2e,..
"khjeh"=hex:b9,2f,a6,23,c7,ca,f8,4e,89,bf,eb,6c,2f,84,9a,17,41,3c,34,92,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a0,d2,21,36,92,5d,a6,01,2f,fa,cf,8a,ec,b3,59,26,7b,12,80,58,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f0,ff,9a,94,79,81,86,12,94,29,9e,71,d5,39,fe,51,b0,33,6a,88,b2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:46,16,0a,4f,41,4b,ef,0b,15,3a,23,25,8c,c5,09,f4,d6,a5,da,32,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:3a,a5,8a,47,d1,12,b6,9b,5b,68,41,5d,f7,09,1f,a3,15,78,ba,24,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d0,60,6c,4b,53,70,32,3e,5f,c7,11,00,d2,a0,b0,eb,e4,25,bf,4a,24,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,e9,d1,7d,49,7d,11,e0,a0,ea,02,d3,cc,c0,b7,21,2e,..
"khjeh"=hex:b9,2f,a6,23,c7,ca,f8,4e,89,bf,eb,6c,2f,84,9a,17,41,3c,34,92,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a0,d2,21,36,92,5d,a6,01,2f,fa,cf,8a,ec,b3,59,26,7b,12,80,58,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f0,ff,9a,94,79,81,86,12,94,29,9e,71,d5,39,fe,51,b0,33,6a,88,b2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:46,16,0a,4f,41,4b,ef,0b,15,3a,23,25,8c,c5,09,f4,d6,a5,da,32,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:3a,a5,8a,47,d1,12,b6,9b,5b,68,41,5d,f7,09,1f,a3,15,78,ba,24,36,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions]
"Q%d%\xa1?\xac?R%"=""
"\32\0161\16\r\16\n\0165\16"=""

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"D:\\Program Files\\Valve\\hl.exe"="D:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\\Program Files\\Metin2.us\\metin2.bin"="D:\\Program Files\\Metin2.us\\metin2.bin:*:Enabled:metin2"
"D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Documents and Settings\\All Users\\Documents\\Counter-Strike 1.6\\hl.exe"="C:\\Documents and Settings\\All Users\\Documents\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"D:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"="D:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe:*:Enabled:Halo"
"D:\\Program Files\\Age Of Empire-II The Conquerors\\age2_x1.exe"="D:\\Program Files\\Age Of Empire-II The Conquerors\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\\Program Files\\Valve\\hlds.exe"="D:\\Program Files\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"
"D:\\Program Files\\Xfire\\xfire.exe"="D:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 21 Oct 2008 105,553 ..SHR --- "C:\2fiji.com"
Wed 22 Oct 2008 104,123 ..SHR --- "C:\xlk9.com"
Thu 23 Oct 2008 104,158 ..SHR --- "C:\WINDOWS\system32\ckvo.exe"
Thu 23 Oct 2008 85,504 ..SHR --- "C:\WINDOWS\system32\ckvo0.dll"
Thu 23 Oct 2008 85,504 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"
Sun 19 Oct 2008 105,115 A.SHR --- "C:\_OTMoveIt\MovedFiles\10192008_212156\2fiji.com"
Fri 17 Oct 2008 103,119 A.SHR --- "C:\_OTMoveIt\MovedFiles\10192008_212156\b.exe"
Fri 3 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 19 Oct 2008 105,115 A.SHR --- "C:\_OTMoveIt\MovedFiles\10192008_212156\WINDOWS\system32\ckvo.exe"
Sun 19 Oct 2008 85,504 A.SHR --- "C:\_OTMoveIt\MovedFiles\10192008_212156\WINDOWS\system32\ckvo0.dll"
Sun 19 Oct 2008 85,504 A.SHR --- "C:\_OTMoveIt\MovedFiles\10192008_212156\WINDOWS\system32\ckvo1.dll"

Finished!

And here is the HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:13 AM, on 10/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [L07AXLRD_23637062] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8761 bytes
  • 0

#12
Egwene
Posted 23 October 2008 - 10:38 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello freakwizard,

Oki :)

We will run Combofix, there is something i would like to check. Don't worry about the issue, we will fix it. :)

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Regards,
Egwene.
  • 0

#13
freakwizard
Posted 25 October 2008 - 03:41 AM

freakwizard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Sorry about the late reply Egwene. I had some school assignments to finish off =)

Here's the log =)

ComboFix 08-10-24.02 - com 2008-10-25 2:36:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1570 [GMT -7:00]
Running from: C:\Documents and Settings\com\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\xih9.cmd
D:\1t6yxlxx.cmd
D:\9.cmd
D:\Autorun.inf
D:\xih9.cmd

.
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.

2008-10-24 21:38 . 2008-10-24 21:38 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-23 04:52 . 2008-10-23 04:52 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-10-23 04:52 . 2008-10-23 04:52 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-10-23 04:50 . 2008-10-23 04:50 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-10-23 04:49 . 2008-10-23 04:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-23 03:56 . 2008-10-23 04:55 <DIR> d-------- C:\SDFix
2008-10-22 08:48 . 2008-10-22 08:47 104,123 -r-hs---- C:\xlk9.com
2008-10-20 08:24 . 2008-10-22 09:56 <DIR> d-------- C:\Documents and Settings\com\Application Data\Xfire
2008-10-20 04:26 . 2008-10-21 05:25 105,553 -r-hs---- C:\2fiji.com
2008-10-19 21:21 . 2008-10-19 21:21 <DIR> d-------- C:\_OTMoveIt
2008-10-19 21:19 . 2008-10-19 21:19 <DIR> d-------- C:\Program Files\ERUNT
2008-10-19 08:28 . 2008-10-19 08:28 <DIR> d-------- C:\rsit
2008-10-19 08:09 . 2008-10-19 08:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 10:17 . 2008-10-18 10:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-18 09:56 . 2008-10-18 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-16 06:01 . 2008-10-16 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-10-08 17:48 . 2008-10-08 17:48 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-07 11:38 . 2008-10-07 11:38 <DIR> d-------- C:\Program Files\Hamachi
2008-10-07 09:15 . 2008-10-07 09:15 <DIR> d-------- C:\Program Files\Opera
2008-10-07 06:43 . 2008-10-07 06:43 <DIR> d-------- C:\Program Files\KeepV Converter
2008-10-06 05:40 . 2008-10-06 05:40 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-10-03 23:26 . 2008-10-03 23:43 <DIR> d-------- C:\Program Files\MSECache
2008-10-03 22:13 . 2006-10-04 07:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-03 22:13 . 2006-10-04 07:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-03 22:13 . 2004-08-03 17:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-03 22:13 . 2006-10-04 07:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-03 22:12 . 2008-10-03 22:12 <DIR> d-------- C:\189016a8cff9dbed44
2008-09-30 07:36 . 2008-09-30 07:36 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-30 07:36 . 2008-09-30 07:36 52,720 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 07:35 . 2008-09-30 07:36 6,110 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 07:34 . 2008-09-30 07:34 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-09-27 13:12 . 2008-09-27 13:12 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-09-27 13:12 . 2008-09-27 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 09:31 --------- d-----w C:\Documents and Settings\com\Application Data\DNA
2008-10-25 08:49 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-25 08:48 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-24 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-20 14:56 --------- d-----w C:\Documents and Settings\com\Application Data\Orbit
2008-10-20 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-19 14:38 30 ----a-w C:\Documents and Settings\com\jagex_runescape_preferences.dat
2008-10-07 18:45 --------- d-----w C:\Documents and Settings\com\Application Data\Hamachi
2008-10-07 18:38 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-10-04 05:20 --------- d-----w C:\Program Files\SpeedFan
2008-10-04 05:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-30 14:36 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-24 14:34 --------- d-----w C:\Documents and Settings\com\Application Data\GrabPro
2008-09-22 11:41 --------- d-----w C:\Program Files\Google
2008-09-20 03:18 --------- d-----w C:\Documents and Settings\com\Application Data\BitTorrent
2008-09-19 22:59 --------- d-----w C:\Program Files\Microsoft Student
2008-09-19 22:57 --------- d-----w C:\Program Files\Learning Essentials
2008-09-18 09:00 --------- d-----w C:\Program Files\DNA
2008-09-18 09:00 --------- d-----w C:\Program Files\BitTorrent
2008-09-13 05:39 --------- d-----w C:\Program Files\VentSrv
2008-09-13 05:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-13 05:33 --------- d-----w C:\Program Files\Ventrilo
2008-09-13 05:33 --------- d-----w C:\Documents and Settings\com\Application Data\Ventrilo
2008-09-07 14:45 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-09-04 13:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-01 07:12 --------- d-----w C:\Program Files\Windows Live
2008-09-01 07:12 --------- d-----w C:\Program Files\MSN Messenger
2008-09-01 07:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 03:36 --------- d-----w C:\Program Files\Web Publish
2008-08-29 12:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-28 20:45 --------- d-----w C:\Documents and Settings\com\Application Data\funkitron
2008-08-28 13:15 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-28 13:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-27 20:32 --------- d-----w C:\Program Files\SLT
2008-08-26 17:54 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-26 17:54 --------- d-----w C:\Documents and Settings\com\Application Data\SystemRequirementsLab
2008-08-26 06:34 --------- d-----w C:\Documents and Settings\com\Application Data\Lavasoft
2008-08-26 04:46 --------- d-----w C:\Program Files\Java
2008-08-26 04:45 --------- d-----w C:\Program Files\Common Files\Java
2008-08-26 02:25 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-26 01:11 --------- d-----w C:\Program Files\DAP
2008-08-25 21:38 --------- d-----w C:\Documents and Settings\com\Application Data\Magic Match
2008-08-25 20:22 --------- d-----w C:\Documents and Settings\com\Application Data\vlc
2008-08-25 20:21 --------- d-----w C:\Program Files\TheFood
2008-08-25 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Firefly Studios
.

------- Sigcheck -------

2006-10-25 23:20 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\system32\user32.dll
2008-10-23 04:50 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\system32\dllcache\user32.dll

2006-10-25 23:21 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\system32\wininet.dll

2006-10-25 23:20 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\system32\drivers\tcpip.sys

2006-10-25 23:29 2016768 f196becedb849a135260b758fa546618 C:\WINDOWS\system32\ntkrnlpa.exe

2006-10-25 23:20 2137088 7000146d1b17fe998ba56f244eacc37d C:\WINDOWS\system32\ntoskrnl.exe

2006-10-25 23:19 1033216 42d32722b805d7df42d30487a0bcbd78 C:\WINDOWS\explorer.exe

2006-10-25 23:20 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe

2006-10-25 23:20 295424 c29a5286e64d97385178452d5f307b98 C:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-18 289088]
"L07AXLRD_23637062"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"Google Update"="C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-22 133104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-14 62054]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 17:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-08-24 11:01 159744 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-08-24 11:01 135168 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-08-24 11:00 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-27 17:05 202032 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 13:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"D:\\Program Files\\Valve\\hlds.exe"=
"D:\\Program Files\\Xfire\\xfire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-09-22 2368]
R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\xih9.cmd
\Shell\explore\Command - C:\xih9.cmd
\Shell\open\Command - C:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\xih9.cmd
\Shell\explore\Command - D:\xih9.cmd
\Shell\open\Command - D:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e60cfb-7b50-11dd-89b2-00215c36d2a5}]
\Shell\AutoRun\command - H:\2fiji.com
\Shell\explore\Command - H:\2fiji.com
\Shell\open\Command - H:\2fiji.com

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2008-10-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-22 04:11]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-DownloadAccelerator - C:\PROGRA~1\DAP\DAP.EXE
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-High Definition Audio Property Page Shortcut - CHDAudPropShortcut.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\com\Application Data\Mozilla\Firefox\Profiles\lq09wa15.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 02:37:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-25 2:38:06
ComboFix-quarantined-files.txt 2008-10-25 09:37:53

Pre-Run: 67,451,838,464 bytes free
Post-Run: 67,448,877,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

244
  • 0

#14
Egwene
Posted 25 October 2008 - 09:26 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Let's go on :)

First, please be sure you plug in your usb drives before doing the following handling !

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\xlk9.com
C:\2fiji.com
C:\xih9.cmd
D:\xih9.cmd
H:\2fiji.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e60cfb-7b50-11dd-89b2-00215c36d2a5}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
Egwene.
  • 0

#15
freakwizard
Posted 25 October 2008 - 12:43 PM

freakwizard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Did what you said! =D

Here's the log

ComboFix 08-10-24.02 - com 2008-10-25 11:40:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1572 [GMT -7:00]
Running from: C:\Documents and Settings\com\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\com\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\2fiji.com
C:\xih9.cmd
C:\xlk9.com
D:\xih9.cmd
H:\2fiji.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2fiji.com
C:\autorun.inf
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\xih9.cmd
C:\xlk9.com
D:\Autorun.inf
D:\xih9.cmd

.
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.

2008-10-24 21:38 . 2008-10-24 21:38 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-23 04:52 . 2008-10-23 04:52 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-10-23 04:52 . 2008-10-23 04:52 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-10-23 04:50 . 2008-10-23 04:50 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-10-23 04:49 . 2008-10-23 04:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-23 03:56 . 2008-10-23 04:55 <DIR> d-------- C:\SDFix
2008-10-20 08:24 . 2008-10-25 03:58 <DIR> d-------- C:\Documents and Settings\com\Application Data\Xfire
2008-10-19 21:21 . 2008-10-19 21:21 <DIR> d-------- C:\_OTMoveIt
2008-10-19 21:19 . 2008-10-19 21:19 <DIR> d-------- C:\Program Files\ERUNT
2008-10-19 08:28 . 2008-10-19 08:28 <DIR> d-------- C:\rsit
2008-10-19 08:09 . 2008-10-19 08:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 10:17 . 2008-10-18 10:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-18 09:56 . 2008-10-18 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-16 06:01 . 2008-10-16 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-10-08 17:48 . 2008-10-08 17:48 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-07 11:38 . 2008-10-07 11:38 <DIR> d-------- C:\Program Files\Hamachi
2008-10-07 09:15 . 2008-10-07 09:15 <DIR> d-------- C:\Program Files\Opera
2008-10-07 06:43 . 2008-10-07 06:43 <DIR> d-------- C:\Program Files\KeepV Converter
2008-10-06 05:40 . 2008-10-06 05:40 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-10-03 23:26 . 2008-10-03 23:43 <DIR> d-------- C:\Program Files\MSECache
2008-10-03 22:13 . 2006-10-04 07:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-03 22:13 . 2006-10-04 07:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-03 22:13 . 2004-08-03 17:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-03 22:13 . 2006-10-04 07:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-03 22:12 . 2008-10-03 22:12 <DIR> d-------- C:\189016a8cff9dbed44
2008-09-30 07:36 . 2008-09-30 07:36 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-30 07:36 . 2008-09-30 07:36 52,720 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 07:35 . 2008-09-30 07:36 6,110 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 07:34 . 2008-09-30 07:34 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-09-27 13:12 . 2008-09-27 13:12 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-09-27 13:12 . 2008-09-27 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 17:16 --------- d-----w C:\Documents and Settings\com\Application Data\DNA
2008-10-25 13:14 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-25 13:14 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-24 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-20 14:56 --------- d-----w C:\Documents and Settings\com\Application Data\Orbit
2008-10-20 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-19 14:38 30 ----a-w C:\Documents and Settings\com\jagex_runescape_preferences.dat
2008-10-07 18:45 --------- d-----w C:\Documents and Settings\com\Application Data\Hamachi
2008-10-07 18:38 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-10-04 05:20 --------- d-----w C:\Program Files\SpeedFan
2008-10-04 05:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-30 14:36 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-24 14:34 --------- d-----w C:\Documents and Settings\com\Application Data\GrabPro
2008-09-22 11:41 --------- d-----w C:\Program Files\Google
2008-09-20 03:18 --------- d-----w C:\Documents and Settings\com\Application Data\BitTorrent
2008-09-19 22:59 --------- d-----w C:\Program Files\Microsoft Student
2008-09-19 22:57 --------- d-----w C:\Program Files\Learning Essentials
2008-09-18 09:00 --------- d-----w C:\Program Files\DNA
2008-09-18 09:00 --------- d-----w C:\Program Files\BitTorrent
2008-09-13 05:39 --------- d-----w C:\Program Files\VentSrv
2008-09-13 05:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-13 05:33 --------- d-----w C:\Program Files\Ventrilo
2008-09-13 05:33 --------- d-----w C:\Documents and Settings\com\Application Data\Ventrilo
2008-09-07 14:45 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-09-04 13:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-01 07:12 --------- d-----w C:\Program Files\Windows Live
2008-09-01 07:12 --------- d-----w C:\Program Files\MSN Messenger
2008-09-01 07:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 03:36 --------- d-----w C:\Program Files\Web Publish
2008-08-29 12:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-28 20:45 --------- d-----w C:\Documents and Settings\com\Application Data\funkitron
2008-08-28 13:15 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-28 13:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-27 20:32 --------- d-----w C:\Program Files\SLT
2008-08-26 17:54 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-26 17:54 --------- d-----w C:\Documents and Settings\com\Application Data\SystemRequirementsLab
2008-08-26 06:34 --------- d-----w C:\Documents and Settings\com\Application Data\Lavasoft
2008-08-26 04:46 --------- d-----w C:\Program Files\Java
2008-08-26 04:45 --------- d-----w C:\Program Files\Common Files\Java
2008-08-26 02:25 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-26 01:11 --------- d-----w C:\Program Files\DAP
2008-08-25 21:38 --------- d-----w C:\Documents and Settings\com\Application Data\Magic Match
2008-08-25 20:22 --------- d-----w C:\Documents and Settings\com\Application Data\vlc
2008-08-25 20:21 --------- d-----w C:\Program Files\TheFood
2008-08-25 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Firefly Studios
.

------- Sigcheck -------

2006-10-25 23:20 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\system32\user32.dll
2008-10-23 04:50 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\system32\dllcache\user32.dll

2006-10-25 23:21 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\system32\wininet.dll

2006-10-25 23:20 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\system32\drivers\tcpip.sys

2006-10-25 23:29 2016768 f196becedb849a135260b758fa546618 C:\WINDOWS\system32\ntkrnlpa.exe

2006-10-25 23:20 2137088 7000146d1b17fe998ba56f244eacc37d C:\WINDOWS\system32\ntoskrnl.exe

2006-10-25 23:19 1033216 42d32722b805d7df42d30487a0bcbd78 C:\WINDOWS\explorer.exe

2006-10-25 23:20 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe

2006-10-25 23:20 295424 c29a5286e64d97385178452d5f307b98 C:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-25_ 2.37.42.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-25 09:36:51 62,688 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-25 12:55:41 62,688 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-25 09:36:51 401,192 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-25 12:55:41 401,192 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-25 18:37:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-18 289088]
"L07AXLRD_23637062"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"Google Update"="C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-22 133104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-14 62054]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 17:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-08-24 11:01 159744 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-08-24 11:01 135168 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-08-24 11:00 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-27 17:05 202032 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 13:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"D:\\Program Files\\Valve\\hlds.exe"=
"D:\\Program Files\\Xfire\\xfire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-09-22 2368]
R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2008-10-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\com\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-22 04:11]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 11:41:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-25 11:41:50
ComboFix-quarantined-files.txt 2008-10-25 18:41:46
ComboFix2.txt 2008-10-25 09:38:07

Pre-Run: 67,508,633,600 bytes free
Post-Run: 67,496,509,440 bytes free

221
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP