Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BlazingTools Perfect Keylogger Error Loading hook DLL [Solved]

Started by stevfunn , Dec 09 2008 12:53 AM

  • This topic is locked This topic is locked

#1
stevfunn
Posted 09 December 2008 - 12:53 AM

stevfunn

    Member

  • Member
  • PipPip
  • 17 posts
Just today, I turned on my computer and an error window with "BlazingTools Perfect Keylogger - Error loading hook DLL" comes up. I am certain that I have not installed this program, nor has anyone else, so I am fairly certain it is malware. I have already followed all the steps in the Malware Cleaning Guide and still the window pops up when I turn on my computer.

My HJThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:20 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar_clear.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar_clear.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Documents and Settings\steppie\My Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [svchots] C:\WINDOWS\system32\svchots.exe
O4 - HKLM\..\Run: [FMJA Agent] C:\WINDOWS\system32\YOF\FMJA.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar_clear.exe /autoRun
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1757981266-1979792683-1417001333-500\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'Administrator')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8767 bytes


Also, as the guide says, here is my Malwarebytes Anti-malware scan

Malwarebytes' Anti-Malware 1.31
Database version: 1476
Windows 5.1.2600 Service Pack 3

12/9/2008 5:35:36 PM
mbam-log-2008-12-09 (17-35-36).txt

Scan type: Quick Scan
Objects scanned: 55799
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


thanks for your time and effort
  • 0

Advertisements

#2
fenzodahl512
Posted 09 December 2008 - 05:36 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

  • 0

#3
stevfunn
Posted 09 December 2008 - 10:40 PM

stevfunn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I ran another deep system scan with Bitdefender, and found the following. Hope this helps.

Bitdefender_can__t_remove.JPG

I restarted my computer, and the error window isn't popping up. However, I'm not sure whether the keylogger is still there.

Anyway, here are the logs.

nfo.txt logfile of random's system information tool 1.04 2008-12-10 15:24:09

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->C:\Program Files\Common Files\Adobe\Installers\2a31ae7a5c43ff52d8577782dd34e04\Setup.exe --uninstall=1
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->C:\Program Files\Common Files\Adobe\Installers\1710d324011afc3e7658e969025f4ba\Setup.exe --uninstall=1
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Photoshop Lightroom 2.1-->MsiExec.exe /I{42A96544-2842-444E-8A27-A61848DDEC87}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}
Adobe Setup-->MsiExec.exe /I{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brother HL-2140-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D824677-3701-4F4A-8383-74203EA2C54D}\SETUP.exe" -l0x9 -removeonly /uninst
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-06-28-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CoreAVC Professional Edition-->C:\Program Files\CoreCodec\CoreAVC Professional Edition\Uninstall.exe
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Google Pinyin IME-->"C:\Program Files\Google\Google Pinyin\Uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\steppie\My Documents\Downloads\Programs\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.42-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Micro 8.3.2.1b-->"C:\Program Files\Nero\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Real Alternative 1.8.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
The KMPlayer-->C:\Program Files\The KMPlayer\Uninstall.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

======Hosts File======

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by steppie at 2008-12-10 15:23:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 169 GB (55%) free of 305 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:06 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar_clear.exe
C:\Documents and Settings\steppie\My Documents\volumouse\volumouse.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar_clear.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\steppie\Desktop\RSIT.exe
C:\Documents and Settings\steppie\My Documents\steppie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [svchots] C:\WINDOWS\system32\svchots.exe
O4 - HKLM\..\Run: [FMJA Agent] C:\WINDOWS\system32\YOF\FMJA.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar_clear.exe /autoRun
O4 - HKCU\..\Run: [$Volumouse$] "C:\Documents and Settings\steppie\My Documents\volumouse\volumouse.exe" /nodlg
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1757981266-1979792683-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'other people')
O4 - HKUS\S-1-5-21-1757981266-1979792683-1417001333-500\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'Administrator')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9136 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{23C72D0C-2DCA-410C-BDF9-23B86CBDE51E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-10-28 153008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-01-04 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-01-04 741376]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-01-04 69632]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-20 282624]
"BrStsWnd"=C:\Program Files\Brownie\BrstsWnd.exe [2008-01-08 864256]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-24 44032]
"Google IME Autoupdater"=C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe [2008-10-17 308720]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"svchots"=C:\WINDOWS\system32\svchots.exe []
"FMJA Agent"=C:\WINDOWS\system32\YOF\FMJA.exe []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ViStart"=C:\Program Files\ViStart\ViStart []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-04-16 5724184]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-10-28 2606512]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar_clear.exe [2006-11-17 1249280]
"$Volumouse$"=C:\Documents and Settings\steppie\My Documents\volumouse\volumouse.exe [2007-11-23 30208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-30 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6398a0a1-c51b-11dd-858a-0019d1748882}]
shell\AutoRun\command - H:\wd_windows_tools\setup.exe


======List of files/folders created in the last 3 months======

2009-01-05 17:57:46 ----D---- C:\Documents and Settings\steppie\Application Data\Mp3tag
2009-01-05 17:57:39 ----D---- C:\Program Files\Mp3tag
2009-01-04 23:05:43 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-01-04 23:04:29 ----D---- C:\Program Files\Microsoft Works
2009-01-04 23:04:04 ----D---- C:\Program Files\Microsoft Visual Studio
2009-01-04 23:04:04 ----D---- C:\Program Files\Common Files\DESIGNER
2009-01-04 23:03:26 ----D---- C:\Program Files\Microsoft.NET
2009-01-04 23:01:49 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-01-04 23:01:11 ----D---- C:\WINDOWS\SHELLNEW
2009-01-04 23:00:54 ----D---- C:\Program Files\Microsoft Office
2009-01-04 23:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-04 23:00:39 ----RHD---- C:\MSOCache
2009-01-04 22:59:30 ----D---- C:\Program Files\DAEMON Tools Lite
2009-01-04 22:55:41 ----D---- C:\Documents and Settings\steppie\Application Data\DAEMON Tools
2009-01-04 22:37:23 ----D---- C:\Program Files\7-Zip
2009-01-04 22:34:56 ----D---- C:\Documents and Settings\steppie\Application Data\IDM
2009-01-04 22:34:56 ----D---- C:\Documents and Settings\steppie\Application Data\DMCache
2009-01-04 21:59:03 ----D---- C:\Documents and Settings\steppie\Application Data\Macromedia
2009-01-04 21:59:03 ----D---- C:\Documents and Settings\steppie\Application Data\Adobe
2009-01-04 21:54:11 ----D---- C:\Documents and Settings\steppie\Application Data\Mozilla
2009-01-04 21:47:46 ----D---- C:\Documents and Settings\steppie\Application Data\Apple Computer
2009-01-04 21:47:41 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-01-04 21:47:28 ----D---- C:\Program Files\iPod
2009-01-04 21:47:27 ----D---- C:\Program Files\iTunes
2009-01-04 21:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-04 21:47:21 ----D---- C:\Program Files\Bonjour
2009-01-04 21:46:55 ----D---- C:\Program Files\QuickTime
2009-01-04 21:46:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-04 21:46:45 ----D---- C:\Program Files\Apple Software Update
2009-01-04 21:46:24 ----D---- C:\Program Files\Common Files\Apple
2009-01-04 21:46:24 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-04 21:44:23 ----D---- C:\VAIO
2009-01-04 21:43:18 ----D---- C:\Program Files\ViStart
2009-01-04 21:43:18 ----D---- C:\Documents and Settings\steppie\Application Data\ViStart
2009-01-04 21:36:42 ----D---- C:\Documents and Settings\steppie\Application Data\Google
2009-01-04 21:36:41 ----D---- C:\Documents and Settings\steppie\Application Data\BitDefender
2009-01-04 21:36:31 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-04 21:36:19 ----SD---- C:\Documents and Settings\steppie\Application Data\Microsoft
2009-01-04 21:36:19 ----D---- C:\Documents and Settings\steppie\Application Data\WinRAR
2009-01-04 21:36:19 ----D---- C:\Documents and Settings\steppie\Application Data\URSoft
2009-01-04 21:36:19 ----D---- C:\Documents and Settings\steppie\Application Data\Sun
2009-01-04 21:36:19 ----D---- C:\Documents and Settings\steppie\Application Data\Real
2009-01-04 21:36:19 ----ASH---- C:\Documents and Settings\steppie\Application Data\desktop.ini
2009-01-04 21:34:12 ----D---- C:\Program Files\Google
2009-01-04 21:34:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-04 21:33:12 ----D---- C:\WINDOWS\system32\IME
2009-01-04 21:33:04 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-01-04 21:32:57 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-01-04 21:32:57 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-01-04 21:32:57 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-01-04 21:32:42 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-01-04 21:30:10 ----A---- C:\WINDOWS\system32\uniime.dll
2009-01-04 21:30:06 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-01-04 21:30:05 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-01-04 21:30:05 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-01-04 21:30:05 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-01-04 21:30:05 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-01-04 21:30:05 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-01-04 21:30:05 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-01-04 21:30:05 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-01-04 21:30:04 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-01-04 21:29:14 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-01-04 21:29:13 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-01-04 21:29:13 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-01-04 21:29:13 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-01-04 21:29:13 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-01-04 21:29:13 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-01-04 21:28:16 ----D---- C:\Program Files\Internet Download Manager
2009-01-04 20:37:13 ----A---- C:\WINDOWS\brmx2001.ini
2009-01-04 20:37:12 ----A---- C:\WINDOWS\BRVIDEO.INI
2009-01-04 20:36:47 ----D---- C:\Program Files\Brownie
2009-01-04 20:36:47 ----A---- C:\WINDOWS\system32\brlmw03a.ini
2009-01-04 20:36:47 ----A---- C:\WINDOWS\system32\brlmw03a.dll
2009-01-04 20:34:58 ----A---- C:\WINDOWS\system32\BRRBTOOL.EXE
2009-01-04 20:34:58 ----A---- C:\WINDOWS\system32\BROSNMP.DLL
2009-01-04 20:34:58 ----A---- C:\WINDOWS\system32\BRLM03A.DLL
2009-01-04 20:34:57 ----D---- C:\Program Files\Brother
2009-01-04 20:34:57 ----A---- C:\WINDOWS\system32\Pdrvinst.dll
2009-01-04 20:34:51 ----A---- C:\WINDOWS\Brownie.ini
2009-01-04 20:30:38 ----A---- C:\WINDOWS\system32\stlang.dll
2009-01-04 20:30:38 ----A---- C:\WINDOWS\stsystra.exe
2009-01-04 20:30:36 ----A---- C:\WINDOWS\system32\staco.dll
2009-01-04 20:30:35 ----D---- C:\Program Files\SigmaTel
2009-01-04 20:30:35 ----A---- C:\WINDOWS\system32\stacapi.dll
2009-01-04 20:30:32 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-04 20:30:30 ----D---- C:\dell
2009-01-04 20:28:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-04 20:15:10 ----A---- C:\WINDOWS\system32\DEVTYPE.INI
2009-01-04 20:15:08 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-04 20:15:03 ----D---- C:\Program Files\CONEXANT
2009-01-04 20:14:57 ----A---- C:\WINDOWS\system32\HSFCI007.dll
2009-01-04 20:14:57 ----A---- C:\WINDOWS\system32\DEVTYPE.dll
2009-01-04 20:08:54 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-04 20:08:35 ----D---- C:\Program Files\Intel
2009-01-04 20:03:41 ----D---- C:\Program Files\Mozilla Firefox
2009-01-04 20:03:13 ----SHD---- C:\RECYCLER
2009-01-04 19:53:43 ----A---- C:\WINDOWS\system32\un2065.txt
2009-01-04 19:53:43 ----A---- C:\WINDOWS\system32\2065.txt
2009-01-04 19:49:18 ----D---- C:\WINDOWS\system32\logs
2009-01-04 19:49:15 ----D---- C:\Binaries
2009-01-04 19:49:06 ----D---- C:\Program Files\BitDefender
2009-01-04 19:49:06 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-01-04 19:48:35 ----D---- C:\Program Files\Common Files\BitDefender
2009-01-04 19:39:00 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-04 19:02:36 ----D---- C:\WINDOWS\nview
2009-01-04 19:02:36 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-01-04 19:02:26 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-01-04 19:01:46 ----D---- C:\NVIDIA
2009-01-04 18:34:33 ----D---- C:\Program Files\Lavalys
2009-01-04 18:24:12 ----HD---- C:\Program Files\Uninstall Information
2009-01-04 18:22:45 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-04 18:22:45 ----D---- C:\WINDOWS\Prefetch
2009-01-04 18:22:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 18:21:46 ----A---- C:\WINDOWS\system32\TweakUI.exe
2009-01-04 18:21:46 ----A---- C:\WINDOWS\system32\MpegVideo.dll
2009-01-04 18:21:46 ----A---- C:\WINDOWS\system32\MpegAudio.dll
2009-01-04 18:21:46 ----A---- C:\WINDOWS\system32\HashTab32.dll
2009-01-04 18:21:46 ----A---- C:\WINDOWS\system32\GenDMOProp.dll
2009-01-04 18:21:46 ----A---- C:\WINDOWS\system32\FilterManager.exe
2009-01-04 18:21:38 ----D---- C:\Program Files\Windows Live Safety Center
2009-01-04 18:21:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-04 18:21:28 ----D---- C:\Program Files\Windows Live
2009-01-04 18:21:19 ----D---- C:\Program Files\The KMPlayer
2009-01-04 18:21:18 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-04 18:21:18 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-04 18:21:18 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-04 18:21:18 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-04 18:21:17 ----D---- C:\Program Files\Real Alternative
2009-01-04 18:21:17 ----D---- C:\Program Files\CoreCodec
2009-01-04 18:21:17 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-01-04 18:21:14 ----D---- C:\Program Files\Combined Community Codec Pack
2009-01-04 18:21:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-04 18:21:03 ----D---- C:\Program Files\Common Files\Adobe
2009-01-04 18:21:03 ----D---- C:\Program Files\Adobe
2009-01-04 18:20:35 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2009-01-04 18:20:35 ----A---- C:\WINDOWS\system32\imagXRA7.dll
2009-01-04 18:20:35 ----A---- C:\WINDOWS\system32\imagXR7.dll
2009-01-04 18:20:35 ----A---- C:\WINDOWS\system32\imagXpr7.dll
2009-01-04 18:20:35 ----A---- C:\WINDOWS\system32\imagX7.dll
2009-01-04 18:20:34 ----D---- C:\Program Files\Nero
2009-01-04 18:20:34 ----D---- C:\Program Files\Common Files\Nero
2009-01-04 18:20:34 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-01-04 18:20:24 ----D---- C:\Program Files\CCleaner
2009-01-04 18:20:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-04 18:20:22 ----D---- C:\Program Files\Your Uninstaller 2008
2009-01-04 18:20:20 ----D---- C:\Program Files\WinRAR
2009-01-04 18:20:20 ----D---- C:\Program Files\Unlocker
2009-01-04 18:20:18 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-04 18:20:18 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-04 18:20:18 ----A---- C:\WINDOWS\system32\java.exe
2009-01-04 18:20:06 ----D---- C:\Program Files\Java
2009-01-04 18:20:05 ----D---- C:\Program Files\Common Files\Java
2009-01-04 18:19:54 ----D---- C:\Program Files\Raxco
2009-01-04 18:19:54 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2009-01-04 18:17:06 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-04 18:17:06 ----D---- C:\Program Files\MSBuild
2009-01-04 18:17:04 ----D---- C:\Program Files\Reference Assemblies
2009-01-04 18:17:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-04 18:17:00 ----A---- C:\WINDOWS\system32\spmsg2.dll
2009-01-04 18:15:37 ----RSD---- C:\WINDOWS\assembly
2009-01-04 18:15:37 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-04 18:15:36 ----D---- C:\WINDOWS\system32\URTTemp
2009-01-04 18:15:31 ----A---- C:\WINDOWS\system32\XpsSvcs.dll
2009-01-04 18:15:30 ----A---- C:\WINDOWS\system32\XPSSHHDR.dll
2009-01-04 18:15:24 ----A---- C:\WINDOWS\system32\prntvpt.dll
2009-01-04 18:15:09 ----A---- C:\WINDOWS\control.ini
2009-01-04 18:15:09 ----A---- C:\AUTOEXEC.BAT
2009-01-04 18:15:02 ----D---- C:\WINDOWS\system32\dllcache
2009-01-04 18:14:44 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-04 18:14:39 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-04 18:14:37 ----HD---- C:\Program Files\WindowsUpdate
2009-01-04 18:14:30 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-04 18:14:30 ----A---- C:\WINDOWS\desktop.ini
2009-01-04 18:14:27 ----SD---- C:\WINDOWS\Tasks
2009-01-04 18:14:27 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-04 18:14:26 ----D---- C:\WINDOWS\system32\Macromed
2009-01-04 18:14:25 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-04 18:14:25 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-04 18:14:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-04 18:14:24 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-04 18:14:23 ----D---- C:\WINDOWS\system32\Restore
2009-01-04 18:14:23 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-04 18:14:23 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-01-04 18:14:23 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-04 18:14:22 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-01-04 18:14:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-04 18:14:22 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-04 18:14:22 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-04 18:14:22 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-04 18:14:22 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-04 18:14:19 ----D---- C:\Program Files\Common Files\System
2009-01-04 18:14:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-04 18:14:16 ----D---- C:\Program Files\ComPlus Applications
2009-01-04 18:14:16 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-04 18:14:16 ----A---- C:\WINDOWS\vb.ini
2009-01-04 18:14:15 ----D---- C:\WINDOWS\Registration
2009-01-04 18:13:56 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-04 18:13:55 ----D---- C:\Program Files\Windows Media Player
2009-01-04 18:13:54 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-04 18:13:54 ----D---- C:\Program Files\Internet Explorer
2009-01-04 18:13:54 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-04 18:13:53 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-04 18:13:52 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-04 18:13:52 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-04 18:13:52 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-04 18:13:52 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-04 18:13:52 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-04 18:13:52 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-04 18:13:52 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-04 18:13:49 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-04 18:13:48 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-01-04 18:13:48 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-04 18:13:48 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-04 18:13:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-04 18:13:48 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-04 18:13:47 ----N---- C:\WINDOWS\system32\sessmgr.exe
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-04 18:13:47 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-01-04 18:13:46 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-04 18:13:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-04 18:13:45 ----D---- C:\WINDOWS\system32\Com
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-04 18:13:45 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-04 18:13:44 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-04 18:13:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-04 18:13:44 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-04 18:13:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-04 18:13:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-04 18:13:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-04 18:13:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-04 18:13:40 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-04 18:13:40 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-04 18:13:40 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-04 18:13:39 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-10 15:23:51 ----D---- C:\rsit
2008-12-09 18:20:56 ----D---- C:\Program Files\VideoLAN
2008-12-09 17:16:14 ----D---- C:\Documents and Settings\steppie\Application Data\Malwarebytes
2008-12-09 17:16:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 17:16:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-09 16:52:36 ----D---- C:\Program Files\Windows Sidebar
2008-12-09 16:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 16:22:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 16:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 16:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 16:22:13 ----D---- C:\WINDOWS\ie7updates
2008-12-09 16:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 16:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 16:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 16:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 16:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 16:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 16:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 16:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
  • 0

#4
fenzodahl512
Posted 09 December 2008 - 11:17 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
stevfunn
Posted 10 December 2008 - 04:43 AM

stevfunn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Combofix Log

ComboFix 08-12-09.02 - steppie 2008-12-10 19:55:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.286 [GMT 11:00]
Running from: c:\documents and settings\steppie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\inst.dat
c:\windows\system32\pk.bin

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2009-01-05 17:57 . 2009-01-05 18:05 <DIR> d-------- c:\documents and settings\steppie\Application Data\Mp3tag
2009-01-04 22:55 . 2009-01-04 22:55 <DIR> d-------- c:\documents and settings\steppie\Application Data\DAEMON Tools
2009-01-04 22:34 . 2008-12-05 21:40 <DIR> d-------- c:\documents and settings\steppie\Application Data\IDM
2009-01-04 22:34 . 2008-12-10 19:59 <DIR> d-------- c:\documents and settings\steppie\Application Data\DMCache
2009-01-04 22:29 . 2009-01-04 23:00 <DIR> d-------- c:\documents and settings\steppie\Contacts
2009-01-04 21:47 . 2009-01-04 21:47 <DIR> d-------- c:\documents and settings\steppie\Application Data\Apple Computer
2009-01-04 21:43 . 2009-01-04 21:43 <DIR> d-------- c:\documents and settings\steppie\Application Data\ViStart
2009-01-04 21:36 . 2009-01-04 18:20 <DIR> d-------- c:\documents and settings\steppie\is-L2RP8.tmp
2009-01-04 21:36 . 2009-01-04 18:20 <DIR> d-------- c:\documents and settings\steppie\Application Data\URSoft
2009-01-04 21:36 . 2009-01-04 21:36 <DIR> d-------- c:\documents and settings\steppie\Application Data\BitDefender
2008-12-10 15:58 . 2008-12-10 15:58 <DIR> dr------- c:\documents and settings\steppie\Application Data\Brother
2008-12-10 12:22 . 2008-12-10 12:22 <DIR> d-------- c:\documents and settings\other people\Application Data\vlc
2008-12-09 17:16 . 2008-12-09 17:16 <DIR> d-------- c:\documents and settings\steppie\Application Data\Malwarebytes
2008-12-07 22:56 . 2008-12-07 22:56 <DIR> d-------- c:\documents and settings\steppie\Application Data\Nero
2008-12-05 22:50 . 2008-12-05 22:50 <DIR> d-------- c:\documents and settings\other people\Application Data\BitDefender
2008-12-05 22:49 . 2009-01-04 18:20 <DIR> d-------- c:\documents and settings\other people\is-L2RP8.tmp
2008-12-05 22:49 . 2009-01-04 18:20 <DIR> d-------- c:\documents and settings\other people\Application Data\URSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 06:57 --------- d-----w c:\program files\Mp3tag
2009-01-04 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-04 12:04 --------- d-----w c:\program files\MSBuild
2009-01-04 12:04 --------- d-----w c:\program files\Microsoft Works
2009-01-04 12:03 --------- d-----w c:\program files\Microsoft.NET
2009-01-04 12:01 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-04 11:59 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-04 11:55 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-04 11:37 --------- d-----w c:\program files\7-Zip
2009-01-04 11:34 --------- d-----w c:\program files\Internet Download Manager
2009-01-04 10:47 --------- d-----w c:\program files\QuickTime
2009-01-04 10:47 --------- d-----w c:\program files\iTunes
2009-01-04 10:47 --------- d-----w c:\program files\iPod
2009-01-04 10:47 --------- d-----w c:\program files\Common Files\Apple
2009-01-04 10:47 --------- d-----w c:\program files\Bonjour
2009-01-04 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-04 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-04 10:46 --------- d-----w c:\program files\Apple Software Update
2009-01-04 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-04 10:34 --------- d-----w c:\program files\Google
2009-01-04 10:28 --------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-01-04 10:28 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-01-04 10:16 --------- d-----w c:\program files\The KMPlayer
2009-01-04 09:36 82,440 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-01-04 09:36 230,920 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-01-04 09:36 192,512 ----a-w c:\windows\system32\txmlutil.dll
2009-01-04 09:36 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-01-04 09:36 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-01-04 09:36 --------- d-----w c:\program files\Brother
2009-01-04 09:30 --------- d-----w c:\program files\SigmaTel
2009-01-04 09:30 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-04 09:15 --------- d-----w c:\program files\CONEXANT
2009-01-04 09:08 --------- d-----w c:\program files\Intel
2009-01-04 08:51 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-01-04 08:49 --------- d-----w c:\program files\Common Files\BitDefender
2009-01-04 08:49 --------- d-----w c:\documents and settings\Administrator\Application Data\BitDefender
2009-01-04 08:39 --------- d-----w c:\program files\Unlocker
2009-01-04 07:34 --------- d-----w c:\program files\Lavalys
2009-01-04 07:24 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-04 07:21 --------- d-----w c:\program files\Windows Live
2009-01-04 07:21 --------- d-----w c:\program files\Real Alternative
2009-01-04 07:21 --------- d-----w c:\program files\CoreCodec
2009-01-04 07:21 --------- d-----w c:\program files\Combined Community Codec Pack
2009-01-04 07:20 --------- d-----w c:\program files\Nero
2009-01-04 07:20 --------- d-----w c:\program files\Java
2009-01-04 07:20 --------- d-----w c:\program files\Common Files\Nero
2009-01-04 07:20 --------- d-----w c:\program files\Common Files\Java
2009-01-04 07:20 --------- d-----w c:\program files\CCleaner
2009-01-04 07:20 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-04 07:20 --------- d-----w c:\documents and settings\Administrator\Application Data\URSoft
2009-01-04 07:19 --------- d-----w c:\program files\Raxco
2009-01-04 07:19 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-01-04 07:17 --------- d-----w c:\program files\Reference Assemblies
2009-01-04 07:13 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-10 04:21 --------- d-----w c:\program files\ViStart
2008-12-09 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone
2008-12-09 07:20 --------- d-----w c:\program files\VideoLAN
2008-12-09 06:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-09 06:16 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 05:58 --------- d-----w c:\program files\Windows Sidebar
2008-12-09 05:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 05:17 --------- d-----w c:\program files\MSXML 4.0
2008-12-08 11:37 --------- d--h--w c:\documents and settings\All Users\Application Data\{76AA72E1-C501-4099-90B7-B7C19F09F53F}
2008-12-08 11:09 --------- d-----w c:\program files\BitDefender
2008-12-08 10:56 --------- d-----w c:\program files\Brownie
2008-12-08 10:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 10:55 --------- d-----w c:\program files\Your Uninstaller 2008
2008-12-07 01:17 --------- d-----w c:\program files\Common Files\Adobe
2008-12-07 01:17 --------- d-----w c:\program files\Adobe Media Player
2008-12-07 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2008-12-07 01:16 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-06 02:53 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-05 11:45 --------- d-----w c:\program files\WinAVI MP4 Converter
2008-12-05 11:11 --------- d-----w c:\program files\Rosetta Stone
2008-12-05 10:05 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-03 08:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 08:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:26 6,068,224 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 23:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 05:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 16:05 129,520 ----a-w c:\windows\system32\pxafs.dll
2008-09-15 16:05 120,568 ----a-w c:\windows\system32\pxcpyi64.exe
2008-09-15 16:05 118,256 ----a-w c:\windows\system32\pxinsi64.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="c:\program files\ViStart\ViStart" [X]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-04-16 5724184]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar_clear.exe" [2006-11-17 1249280]
"$Volumouse$"="c:\documents and settings\steppie\My Documents\volumouse\volumouse.exe" [2007-11-23 30208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-04 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-01-04 69632]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-24 44032]
"Google IME Autoupdater"="c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-10-17 308720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008-06-30 308248]
R2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82440]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-09 170640]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-04-16 689416]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 104328]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-09 15504]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-01-04 23152]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-04-16 894216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6398a0a1-c51b-11dd-858a-0019d1748882}]
\Shell\AutoRun\command - h:\wd_windows_tools\setup.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{55E24AD2-DA5C-C1E2-12D1-A32D214AA1BC}]
c:\windows\userinit.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{23C72D0C-2DCA-410C-BDF9-23B86CBDE51E}.job
- c:\windows\system32\msfeedssync.exe [2008-06-30 08:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-svchots - c:\windows\system32\svchots.exe
HKLM-Run-FMJA Agent - c:\windows\system32\YOF\FMJA.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\steppie\Application Data\Mozilla\Firefox\Profiles\0gns5wkj.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 19:59:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(908)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2008-12-10 20:00:08
ComboFix-quarantined-files.txt 2008-12-10 09:00:05

Pre-Run: 178,657,456,128 bytes free
Post-Run: 178,773,331,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

263 --- E O F --- 2008-12-09 05:22:53




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:10 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar_clear.exe
C:\Documents and Settings\steppie\My Documents\volumouse\volumouse.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar_clear.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar_clear.exe /autoRun
O4 - HKCU\..\Run: [$Volumouse$] "C:\Documents and Settings\steppie\My Documents\volumouse\volumouse.exe" /nodlg
O4 - HKUS\S-1-5-21-1757981266-1979792683-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'other people')
O4 - HKUS\S-1-5-21-1757981266-1979792683-1417001333-500\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'Administrator')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9078 bytes
  • 0

#6
fenzodahl512
Posted 10 December 2008 - 06:44 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. look nice.. Lets do some scans...


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download Dr.Web CureIt to the Desktop:
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double-click the launch.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Open DrWeb.csv as Notepad and post the log here..


Post me these logs in your next reply..

1. Malwarebytes'
2. Dr.Web
3. Tell me, how is the computer now? :)
  • 0

#7
stevfunn
Posted 14 December 2008 - 05:35 AM

stevfunn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Malwarebytes' Anti-Malware 1.31
Database version: 1495
Windows 5.1.2600 Service Pack 3

13/12/2008 6:52:40 PM
mbam-log-2008-12-13 (18-52-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 190412
Time elapsed: 58 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


fed982fc0d163da5223bcae08cc31b1f2208456e;C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\fe\d;Modification of V2Px.1190;Moved.;
ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\steppie\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\steppie\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\steppie\Desktop;Archive contains infected objects;Moved.;
A0000058.bat;C:\System Volume Information\_restore{8B5D0E51-824A-4227-B3C6-C44895C93A82}\RP2;Probably BATCH.Virus;Incurable.Moved.;
A0000181.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{8B5D0E51-824A-4227-B3C6-C44895C93A82}\RP4\A0000181.exe;Probably BATCH.Virus;;
A0000181.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{8B5D0E51-824A-4227-B3C6-C44895C93A82}\RP4\A0000181.exe;Program.PsExec.171;;
A0000181.exe;C:\System Volume Information\_restore{8B5D0E51-824A-4227-B3C6-C44895C93A82}\RP4;Archive contains infected objects;Moved.;




ermm... for some strange reason, all my shortcut icons have started to act strangely. Both on the desktop and in windows explorer. Here's an attachment:icon_problem.JPG
  • 0

#8
fenzodahl512
Posted 14 December 2008 - 11:43 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
That is very weird.. Please use System Restore to restore your computer at the latest previous Restore Point.. Please visit here if you do not know how..

Then, tell me about those icon thingy...
  • 0

#9
stevfunn
Posted 16 December 2008 - 01:10 AM

stevfunn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Tried a System Restore, however, this prevented Mozilla Firefox from working so I reverted. The icons are still being covered up.
  • 0

#10
fenzodahl512
Posted 16 December 2008 - 05:55 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Download TweakUI, and save it to your Desktop.

Install and run it..

Click on Repair >> Rebuild Icons >> click Repair >> Apply >> Ok.


Then, tell me more about it..
  • 0

Advertisements

#11
stevfunn
Posted 16 December 2008 - 06:33 PM

stevfunn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I already have TweakUI, and have tried rebuilding the icons.
Doesn't work, I'm afraid.

sorry to hear about your friend.

Edited by stevfunn, 16 December 2008 - 06:57 PM.

  • 0

#12
fenzodahl512
Posted 17 December 2008 - 11:28 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
It looks like some technical issue.. I've asked the experts (those who know more than me) and now waiting for their reply.. Thank you for your patience :)
  • 0

#13
fenzodahl512
Posted 18 December 2008 - 11:46 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. looking back at your logs, it seems that you have some irregularities on the computer..

The date is.. err.. "fast forward" to the future.. Check the date at your Taskbar.. Is it set at the correct date?


Lets do this..


Please go to Start >> Run >> Copy/Paste command below >> Press Enter

REGEDIT /E "%USERPROFILE%\Desktop\result.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"


Then repeat it with this command

REGEDIT /E "%USERPROFILE%\Desktop\result2.txt" "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{55E24AD2-DA5C-C1E2-12D1-A32D214AA1BC}"

Two new textfiles result.txt and result2.txt will be created on your Desktop. Please attach both files in your next reply..

Edited by fenzodahl512, 18 December 2008 - 11:50 AM.

  • 0

#14
stevfunn
Posted 18 December 2008 - 05:09 PM

stevfunn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Well, believe it or not, I think I fixed the issue!! (temporarily)

I was playing Counter-Strike on my computer, and the resolution setting was different from that of my computer. I changed it, and then after playing, miraculously all the shortcut icons were restored. However, if I play CS and change the resolution again, the weird shortcut icons come back.

And my date in the taskbar is accurate. :)

Thanks
Attached File  result.txt   29.23KB   983 downloads

Attached File  result2.txt   394bytes   188 downloads
  • 0

#15
fenzodahl512
Posted 18 December 2008 - 09:08 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\userinit.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.



NEXT


Please copy and paste the following into a Notepad

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{55E24AD2-DA5C-C1E2-12D1-A32D214AA1BC}]

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt.



Reboot your computer, and observe the icons.. Then tell me more about it :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP