virus probably unknown newheur_PE

does anybody knows about this virus my nod32 is telling me that my comp is infected with this virus but that it cannot be deleted c:/windows/runtfs32 is infected

 

Hello and welcome to WindowsBBS Removing Spyware & Viruses forum.

Please do as instructed below in the order presented.

Here is how we like to begin our analysis of your pc:

For starters, if you do not have them yet, please DL and run AdAware & Spybot Search & Destroy. AdAware and Spybot Search & Destroy are 2 of the most trusted apps in the security area. They are both free, compliment each other nicely, and do not use a lot of resources. They can be found here:

Spybot Search & Destroy v.1.4
AdAware SE Free v1.06r

With AdAware and Spybot: DL, follow the install instructions, check for updates, then scan, repair/remove/quarantine anything found. Reboot before next scan with whichever app is next. The reason for running these apps, is to clean up some of the other 'crapware' on your pc, which, in turn, will make deciphering your HJT log, easier.

Then we use HiJackThis v1.99.1
Please download HijackThis! SetUp from here. Save the file to your desktop.

Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Tick the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

Then press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Right-click in the saved log, and select 'copy'. Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed. Do not make any modifications to the log or perform any 'fixes' until told to do so.

 

hjt log

Logfile of HijackThis v1.99.1
Scan saved at 1:08:09 AM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\ProgDVB\ProgDVB.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{470FB9F8-96BB-4183-B0FF-7E9B2B43DCE1}: NameServer = 217.23.192.9,217.23.192.14
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe






my PF usage is 984mb it slows computer...with my proceses and satelitte watching at the same time earlier was aprox. 380mb... nod32 says that almost all of the sys files are locked...is that has any influence for my situation, maybe a hidden virus...i have a 512mb of ram maybe this information will say more about situation

 

Ok, not really seeing much there so lets get a file info tool and online scans.

Panda ActiveScan

• Click the [Scan your PC] button. ( You may have to disable any pop up blockers)
• Then press the green [Check Now] button.
• Enter your country and state along with a valid email address.
• Allow the ActiveX install, it may be a few minutes for all components. (For XP SP 2 watch for the yellow bar at the top of IE)
• Once installation is complete you will need to select a device to scan. Please select 'My Computer' and the scan will begin.
• Once the scan is done, click the 'See report' button, then the 'save report' button. Be sure to save the log file created in a place easy for you to find.

==============================================================================
KAV SCAN
Kaspersky Online Scanner

Click on Kaspersky Online Scanner icon.
Accept the Kaspersky agreement and the program will load.
You will then be prompted to install an ActiveX component from Kaspersky, click Yes

The program will then begin downloading the latest definition files. This will take a good while, even with hi-speed Internet access.
Once the files have been downloaded click on Next

Now click on [Scan Settings] button.
In the scan settings make sure that the following are selected:

• Scan using the following Anti-Virus database:
• Extended (if available otherwise Standard)

• Scan Options:
  Scan Archives
  Scan Mail Bases

Click OK

Now under the Please select a target to scan:
Select My Computer

The program will begin the scanning process.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Then click on the [Save as Text] button
Save the file to your desktop.

Copy and paste that information in your next post for me to review.

Please download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run.
Silent Runners will ask if you want to skip the supplementary search.
Please select 'No' to include them.
Then select 'Yes' to confirm the search.
When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.

 

logs

on kaspersky scan it just hang when i try to instal active x
here are the logs
Incident Status Location

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.xiti.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\hal9000x\Application Data\Mozilla\Firefox\Profiles\8b8ghfy0.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\hal9000x\Cookies\hal9000x@questionmarket[2].txt

 

and silent

"Silent Runners.vbs ", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = " "C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"googletalk" = " "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart" [ "Google"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [ "Analog Devices, Inc."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" [ "Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" [ "Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" [ "Intel Corporation"]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [ "Google Inc."]
"RemoteControl" = " "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" " [ "Cyberlink Corp."]
"nod32kui" = " "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" [ "Eset "]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" [ "GRISOFT, s.r.o."]
"!AVG Anti-Spyware" = " "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" [ "Anti-Malware Development a.s."]
"QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe" -atboottime" [ "Apple Inc."]
"Acrobat Assistant 7.0" = " "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" " [ "Adobe Systems Inc."]
"(Default)" = "(empty string)" [file not found]
"TkBellExe" = " "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [ "RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" [ "Safer Networking Limited"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [ "Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension "
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [ "Eset "]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension "
-> {HKLM...CLSID} = "AVG7 Find Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player "
-> {HKLM...CLSID} = "RealOne Player Context Menu Class "
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" [ "RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5 "
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [ "Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
-> {HKLM...CLSID} = "WPDShServiceObj Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" [ "Intel Corporation"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920} "
-> {HKLM...CLSID} = "CContextScan Object "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" [ "Anti-Malware Development a.s."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D} "
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [ "Eset "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920} "
-> {HKLM...CLSID} = "CContextScan Object "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" [ "Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D} "
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [ "Eset "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "hal9000x" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\hal9000x\Start Menu\Programs\Startup
"palmOne Registration" -> shortcut to: "C:\Program Files\palmOne\register.exe /remind /language=EN /INTL= "true" /_NBL= "true" /PRNM= "palmOne" " [ "palmOne/Leader Technologies"]
"Sonic CinePlayer Quick Launch" -> shortcut to: "C:\Program Files\Common Files\Sonic Shared\cinetray.exe" [ "Sonic Solutions"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe" [null data]
"BlueSoleil" -> shortcut to: "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" [ "IVT Corporation"]
"HOTSYNCSHORTCUTNAME" -> shortcut to: "C:\Program Files\palmOne\Hotsync.exe -logon" [ "PalmSource, Inc"]
"Launch Softros Messenger" -> shortcut to: "C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe /hide /wait:5" [null data]
"Server4PC" -> shortcut to: "C:\Program Files\TechniSat DVB\bin\Server4PC.exe" [ "TechniSat"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
imon.dll [ "Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93} "
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" [ "Anti-Malware Development a.s."]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [ "GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" [ "GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" [ "GRISOFT, s.r.o."]
BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
NOD32 Kernel Service, NOD32krn, " "C:\Program Files\Eset\nod32krn.exe" " [ "Eset "]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" [ "Analog Devices, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" [ "Adobe Systems Incorporated."]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 48 seconds.

 

Well, neither of those two logs showed me anything obvious.

I suppposed we can go with what NOD32 found, tho I'm confused that the other tools didn't see it. They typiclly see much more than most conventional scanners. And that file is pretty well known too.

Download the Killbox from here and save it to the desktop.

• Double-click the KillBox icon on your desktop to open it
• Select "Delete on Reboot "
• Then select "All files ".

Copy the file names below to the clipboard by highlighting them and pressing Control-C: (you'll need to pick either the .exe or .dll, don't do both)
runtfs32.exe
runtfs32.dll

Return to Killbox

• Go to the File menu, and choose "Paste from Clipboard ".
• Click the red-and-white [Delete File] button.
• Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

Then download ComboScan to your desktop.

Close all applications and windows.

• Double-click on comboscan.exe to run it, and follow the prompts.
• When the scan is complete, a text file will open - ComboScan.txt
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread back into this thread for me to view.

A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

At this point reboot the system, and post back another HJT log file along with the other two logs requested.

 

scan

Deckard's System Scanner v20070426.43
Run by hal9000x on 2007-05-30 at 01:58:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-05-29 23:58:48 UTC - RP40 - Deckard's System Scanner Restore Point
15: 2007-05-29 20:28:46 UTC - RP39 - Installed Far Cry
14: 2007-05-29 17:02:15 UTC - RP38 - Unsigned driver install
13: 2007-05-29 15:54:00 UTC - RP37 - Installed DirectX 9.0
12: 2007-05-29 15:07:31 UTC - RP36 - Installed Call of Duty(R) 2


-- First Restore Point --
1: 2007-05-20 16:37:17 UTC - RP25 - Installed Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as hal9000x.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:59:26 AM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe

 

C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\hal9000x\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\hal9000x.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{470FB9F8-96BB-4183-B0FF-7E9B2B43DCE1}: NameServer = 217.23.192.9,217.23.192.14
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- File Associations -----------------------------------------------------------

 

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 SKYNET (TechniSat DVB-PC TV Star PCI) - c:\windows\system32\drivers\skynet.sys <Not Verified; B2C2, Inc.; B2C2 Broadband Receiver PCI Adapter>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe <Not Verified; Analog Devices, Inc.; SoundMAX service agent>


-- Files created between 2007-04-30 and 2007-05-30 -----------------------------

2007-05-30 01:51:21 0 d-------- C:\!KillBox
2007-05-30 00:30:38 4096 --a------ C:\WINDOWS\system32\crash
2007-05-29 17:54:19 0 d-------- C:\Program Files\EA GAMES
2007-05-29 17:50:23 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-05-29 17:50:22 0 d-------- C:\Program Files\DAEMON Tools
2007-05-29 17:45:08 96256 --a------ C:\WINDOWS\system32\drivers\sptd3549.sys
2007-05-29 17:45:08 664064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-29 17:09:34 0 d-------- C:\Program Files\Activision
2007-05-29 17:06:44 0 d--hs---- C:\WINDOWS\ftpcache
2007-05-29 01:07:45 0 d-------- C:\Program Files\Rockstar Games
2007-05-29 00:44:50 0 d-------- C:\Documents and Settings\hal9000x\Application Data\ATI
2007-05-29 00:42:02 11008 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
2007-05-29 00:42:02 241664 --a------ C:\WINDOWS\ATKKBService.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
2007-05-29 00:42:01 992896 --a------ C:\WINDOWS\system32\drivers\Bravo_n.sys <Not Verified; ASMT; Microsoft(R) Windows NT(R) Operating System>
2007-05-29 00:42:01 992896 --a------ C:\WINDOWS\system32\drivers\Bravo_a.sys <Not Verified; ASMT; Microsoft(R) Windows NT(R) Operating System>
2007-05-29 00:42:01 10496 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL
2007-05-29 00:42:01 1667072 --a------ C:\WINDOWS\system32\ATKDispCPL.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS Display Property Page>
2007-05-29 00:42:01 250368 --a------ C:\WINDOWS\system32\ATKDISP.dll <Not Verified; ASUSTeK Computer Inc.; ASUS Windows 2000/XP Display Driver>
2007-05-29 00:42:00 2032640 --a------ C:\WINDOWS\system32\ATKOSDX32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS On-Screen Display For 3D Game>
2007-05-29 00:42:00 37888 --a------ C:\WINDOWS\system32\ATKOGL32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUSTeK Computer Inc. AsusOGL>
2007-05-29 00:42:00 46080 --a------ C:\WINDOWS\system32\asrussian.dll
2007-05-29 00:42:00 45568 --a------ C:\WINDOWS\system32\askorean.dll
2007-05-29 00:42:00 45568 --a------ C:\WINDOWS\system32\asjapan.dll
2007-05-29 00:42:00 46080 --a------ C:\WINDOWS\system32\asgerman.dll
2007-05-29 00:42:00 46592 --a------ C:\WINDOWS\system32\asfrench.dll
2007-05-29 00:42:00 46080 --a------ C:\WINDOWS\system32\aseng.dll
2007-05-29 00:42:00 45568 --a------ C:\WINDOWS\system32\ASCHT.dll
2007-05-29 00:42:00 45568 --a------ C:\WINDOWS\system32\aschs.dll
2007-05-29 00:41:59 0 d-------- C:\Program Files\My Company Name
2007-05-29 00:41:38 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-05-29 00:13:13 0 d-------- C:\Program Files\ATI Technologies
2007-05-29 00:09:11 11264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2007-05-27 21:17:34 491520 --a------ C:\WINDOWS\Grand Theft Auto Liberty City Stories.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-05-27 21:17:19 12288 --a------ C:\WINDOWS\impborl.dll
2007-05-27 21:17:19 0 d-------- C:\WINDOWS\Grand Theft Auto Liberty City Stories dir
2007-05-27 21:17:19 535040 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
2007-05-24 16:19:37 0 dr-h----- C:\$VAULT$.AVG
2007-05-23 19:35:02 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Leadertech
2007-05-23 19:34:04 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-05-23 19:33:24 0 d-------- C:\Program Files\palmOne
2007-05-23 19:33:02 0 d-------- C:\Documents and Settings\hal9000x\Application Data\HotSync
2007-05-23 19:20:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-05-23 19:03:42 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2007-05-23 19:03:42 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2007-05-23 19:03:41 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2007-05-23 19:03:40 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2007-05-23 19:03:39 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2007-05-23 19:03:35 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x>
2007-05-23 19:02:47 11736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2007-05-23 19:02:47 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2007-05-23 19:02:47 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2007-05-23 19:02:47 13304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys
2007-05-23 19:02:46 11860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2007-05-23 19:02:46 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; >
2007-05-23 19:02:46 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2007-05-23 19:02:46 28271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
2007-05-23 19:02:46 23000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2007-05-23 19:02:46 20480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
2007-05-23 19:02:46 49152 --a------ C:\WINDOWS\system32\btfunc.dll <Not Verified; IVT Corporation; BlueSoleil>
2007-05-23 19:02:45 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2007-05-23 19:02:44 0 d-------- C:\Program Files\IVT Corporation
2007-05-23 18:17:41 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-20 23:22:06 0 d-------- C:\Program Files\Common Files\xing shared
2007-05-20 23:21:34 0 d-------- C:\Program Files\Common Files\Real
2007-05-20 23:21:31 0 d-------- C:\Program Files\Real
2007-05-20 23:20:55 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Real
2007-05-20 18:40:17 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Adobe
2007-05-20 18:40:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-05-20 18:40:13 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-20 18:39:05 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-20 18:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-05-18 23:54:53 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Thunderbird
2007-05-18 23:54:08 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-17 20:06:45 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Apple Computer
2007-05-17 20:00:07 1751 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-05-17 19:58:36 0 d-------- C:\Program Files\QuickTime
2007-05-17 19:58:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-05-17 17:10:04 0 d-------- C:\svirkulje
2007-05-17 02:13:11 0 d-------- C:\Documents and Settings\hal9000x\Application Data\uTorrent
2007-05-17 02:13:04 0 d-------- C:\Program Files\uTorrent
2007-05-16 21:44:20 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Softros Messenger
2007-05-16 21:43:27 0 d-------- C:\Program Files\Softros Systems
2007-05-16 19:47:01 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-05-16 19:46:05 0 d-------- C:\Documents and Settings\hal9000x\Application Data\GRETECH
2007-05-16 19:35:29 0 d-------- C:\Program Files\GRETECH
2007-05-16 19:10:23 0 d-------- C:\Documents and Settings\hal9000x\Application Data\AVG7
2007-05-16 19:10:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-05-16 19:10:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-05-16 19:10:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-05-16 05:06:34 0 d-------- C:\Documents and Settings\hal9000x\Application Data\CyberLink
2007-05-16 04:59:36 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Lavasoft
2007-05-16 04:59:27 0 d-------- C:\Program Files\Lavasoft
2007-05-16 04:58:32 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-05-16 04:58:32 502208 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2007-05-16 04:33:17 0 d-------- C:\WINDOWS\Provisioning
2007-05-16 04:33:17 0 d-------- C:\WINDOWS\PeerNet
2007-05-16 04:33:17 0 d-------- C:\WINDOWS\ehome
2007-05-16 04:21:51 0 d-------- C:\Program Files\Windows Media Connect 2
2007-05-16 04:19:53 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-16 04:19:53 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-16 04:18:01 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-05-16 04:17:22 0 d-------- C:\Program Files\CyberLink
2007-05-16 04:16:33 0 d-------- C:\Program Files\3ivx
2007-05-16 04:09:34 0 d-------- C:\Program Files\Elecard
2007-05-16 04:09:34 0 d-------- C:\Program Files\Common Files\Elecard
2007-05-16 04:06:20 0 d-------- C:\ProgDVB
2007-05-16 03:51:32 0 d-------- C:\Program Files\Common Files\ODBC
2007-05-16 03:51:30 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-16 03:51:29 0 dr------- C:\Program Files
2007-05-16 03:51:12 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-05-16 03:51:12 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-05-16 03:51:12 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-05-16 03:51:12 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-05-16 03:51:12 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-05-16 03:51:12 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-05-16 03:51:12 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-05-16 03:51:12 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-05-16 03:51:12 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-05-16 03:51:12 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-05-16 03:51:12 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-05-16 03:51:12 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-05-16 03:51:12 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-05-16 03:51:12 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-05-16 03:51:12 0 dr------- C:\Documents and Settings\All Users\Documents
2007-05-16 03:51:12 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-05-16 03:51:02 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-05-16 03:51:02 0 d-------- C:\WINDOWS\system32\CatRoot
2007-05-16 03:50:57 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-05-16 03:50:57 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-05-16 03:50:56 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-05-16 03:50:56 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-05-16 03:50:45 0 d-------- C:\Documents and Settings
2007-05-16 03:46:51 0 d-------- C:\WINDOWS
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\WinSxS
2007-05-16 03:46:51 0 dr------- C:\WINDOWS\Web
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\twain_32
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\wins

 

2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\wbem
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\usmt
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\spool
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\ShellExt
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\Setup
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\ras
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\oobe
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\npp
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\mui
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\inetsrv
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\IME
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\icsxml
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\ias
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\export
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\drivers
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-16 03:46:51 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\dhcp
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\config
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\3076
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\2052
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1054
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1042
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1041
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1037
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1033
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1031
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1028
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system32\1025
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\system
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\security
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Resources
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\repair
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\mui
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\msapps
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\msagent
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Media
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\java
2007-05-16 03:46:51 0 d--h----- C:\WINDOWS\inf
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\ime
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Help
2007-05-16 03:46:51 0 dr--s---- C:\WINDOWS\Fonts
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Driver Cache
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Debug
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Cursors
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Connection Wizard
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\Config
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\AppPatch
2007-05-16 03:46:51 0 d-------- C:\WINDOWS\addins
2007-05-16 03:46:00 0 d-------- C:\Program Files\DVBViewerTE
2007-05-16 03:45:42 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-05-16 03:45:34 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:34 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:34 262144 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:34 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:34 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:34 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:34 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:33 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-05-16 03:45:33 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:33 415504 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-05-16 03:45:33 24848 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:33 123664 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:33 1050896 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:33 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-05-16 03:45:33 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2007-05-16 03:45:31 0 d-------- C:\Program Files\TechniSat DVB
2007-05-16 03:44:38 349184 --a------ C:\WINDOWS\system32\drivers\SkyNET.sys <Not Verified; B2C2, Inc.; B2C2 Broadband Receiver PCI Adapter>
2007-05-16 03:27:28 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Talkback
2007-05-16 03:27:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-16 03:27:18 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Mozilla
2007-05-16 03:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-05-16 02:55:53 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Macromedia
2007-05-16 02:52:32 0 d-------- C:\Program Files\Google
2007-05-16 02:52:05 0 d--h----- C:\WINDOWS\$hf_mig$
2007-05-16 02:50:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
2007-05-16 02:50:08 0 d-------- C:\Program Files\Kaspersky Lab
2007-05-16 02:49:37 0 d-------- C:\kav
2007-05-16 02:46:51 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-05-16 02:46:40 0 d-------- C:\WINDOWS\Prefetch
2007-05-16 02:38:35 0 d-------- C:\WINDOWS\system32\x64
2007-05-16 02:25:04 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-05-16 02:25:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-05-16 02:25:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-05-16 02:08:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-16 02:08:03 0 d-------- C:\WUTemp
2007-05-16 02:07:18 0 d-------- C:\WINDOWS\system32\Lang
2007-05-16 02:07:18 364544 --a------ C:\WINDOWS\system32\igxpun.exe <Not Verified; Intel(R) Corporation; Intel(R) Graphics Media Accelerator Driver>
2007-05-16 02:06:13 0 d-------- C:\WINDOWS\Downloaded Installations
2007-05-16 02:05:55 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-05-16 02:05:54 0 d-------- C:\Program Files\Broadcom
2007-05-16 02:05:02 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-05-16 02:05:02 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll <Not Verified; Analog Devices, Inc.; Analog Devices, Inc. SynthCore11Resources>
2007-05-16 02:05:02 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2007-05-16 02:05:02 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-05-16 02:05:02 49152 --a------ C:\WINDOWS\system32\S11thk32.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2007-05-16 02:05:02 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-05-16 02:05:02 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-05-16 02:05:02 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-05-16 02:05:02 978944 --a------ C:\WINDOWS\SynthCoreA.Dll <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable>
2007-05-16 02:05:02 380928 --a------ C:\WINDOWS\SynCor.exe <Not Verified; Analog Devices, Inc.; SynthCore>
2007-05-16 02:05:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-16 02:05:02 0 d-------- C:\Program Files\Analog Devices
2007-05-16 02:04:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-05-16 02:04:53 0 d-------- C:\swsetup
2007-05-16 02:03:34 0 d--hs---- C:\WINDOWS\Installer
2007-05-16 02:03:31 0 d-------- C:\Documents and Settings\hal9000x\Application Data\Identities
2007-05-16 02:03:22 0 d--h----- C:\Documents and Settings\hal9000x\Templates
2007-05-16 02:03:22 0 dr------- C:\Documents and Settings\hal9000x\Start Menu
2007-05-16 02:03:22 0 dr-h----- C:\Documents and Settings\hal9000x\SendTo
2007-05-16 02:03:22 0 dr-h----- C:\Documents and Settings\hal9000x\Recent
2007-05-16 02:03:22 0 d--h----- C:\Documents and Settings\hal9000x\PrintHood
2007-05-16 02:03:22 4194304 --ah----- C:\Documents and Settings\hal9000x\NTUSER.DAT
2007-05-16 02:03:22 0 d--h----- C:\Documents and Settings\hal9000x\NetHood
2007-05-16 02:03:22 0 dr------- C:\Documents and Settings\hal9000x\My Documents
2007-05-16 02:03:22 0 d--h----- C:\Documents and Settings\hal9000x\Local Settings
2007-05-16 02:03:22 0 dr------- C:\Documents and Settings\hal9000x\Favorites
2007-05-16 02:03:22 0 d-------- C:\Documents and Settings\hal9000x\Desktop
2007-05-16 02:03:22 0 d--hs---- C:\Documents and Settings\hal9000x\Cookies
2007-05-16 02:03:22 0 dr-h----- C:\Documents and Settings\hal9000x\Application Data
2007-05-16 02:01:58 0 d--hs---- C:\System Volume Information
2007-05-16 02:01:57 786432 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-05-16 02:01:57 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-05-16 02:01:57 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-05-16 02:01:57 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-05-16 02:01:57 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-05-16 02:01:56 786432 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-05-16 02:01:56 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-05-16 02:01:56 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-05-16 02:01:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-05-16 02:01:56 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-05-16 01:59:02 0 d-------- C:\WINDOWS\system32\xircom
2007-05-16 01:59:02 0 d-------- C:\Program Files\microsoft frontpage
2007-05-16 01:58:52 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-05-16 01:58:47 0 -rahs---- C:\MSDOS.SYS
2007-05-16 01:58:47 0 -rahs---- C:\IO.SYS
2007-05-16 01:58:47 0 --a------ C:\CONFIG.SYS
2007-05-16 01:58:47 0 --a------ C:\AUTOEXEC.BAT
2007-05-16 01:58:05 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-05-16 01:57:58 0 dr------- C:\WINDOWS\Offline Web Pages
2007-05-16 01:57:58 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-16 01:57:40 0 d-------- C:\WINDOWS\srchasst
2007-05-16 01:57:33 0 d-------- C:\WINDOWS\system32\Macromed
2007-05-16 01:57:33 0 d-------- C:\WINDOWS\system32\DirectX
2007-05-16 01:57:19 0 d-------- C:\Program Files\Movie Maker
2007-05-16 01:56:57 0 d-------- C:\WINDOWS\system32\Restore
2007-05-16 01:56:52 0 d-------- C:\WINDOWS\PCHEALTH
2007-05-16 01:56:48 0 d---s---- C:\WINDOWS\Tasks
2007-05-16 01:56:45 0 d-------- C:\Program Files\Common Files\MSSoap
2007-05-16 01:56:24 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 01:56:12 0 d-------- C:\WINDOWS\Registration
2007-05-16 01:56:07 0 d--h----- C:\Program Files\WindowsUpdate
2007-05-16 01:56:07 0 d-------- C:\Program Files\Online Services
2007-05-16 01:56:03 0 d-------- C:\Program Files\Messenger
2007-05-16 01:55:55 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 01:55:47 0 d-------- C:\Program Files\Windows NT
2007-05-16 01:55:36 0 d-------- C:\WINDOWS\system32\MsDtc
2007-05-16 01:55:34 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-05-16 03:51:12 62 --ahs---- C:\Documents and Settings\hal9000x\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp "= "C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe "
"IgfxTray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"HotKeysCmds "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"Persistence "= "C:\\WINDOWS\\system32\\igfxpers.exe "
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe "
"RemoteControl "= "\ "C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" "
"nod32kui "= "\ "C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"Acrobat Assistant 7.0 "= "\ "C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\" "
@=" "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"ATICCC "= "\ "C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay "
"DAEMON Tools "= "\ "C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"googletalk "= "\ "C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart "
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f604465-0833-11dc-aa75-001321016822}]
Shell\Auto\command F:\AdobeR.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2935e0af-034f-11dc-8596-806d6172696f}]
Shell\AutoRun\command E:\FarCryAutoCD.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b861024-09ec-11dc-aa77-101111111111}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5000169a-0dfc-11dc-aa8c-101111111111}]
Shell\AutoRun\command F:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63254e3e-0c5b-11dc-aa82-101111111111}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85385d78-06dd-11dc-aa6f-00d0d70d5773}]
Shell\Auto\command F:\AdobeR.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85385d82-06dd-11dc-aa6f-00d0d70d5773}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca505b78-0461-11dc-aa66-00d0d70d5773}]
Shell\Auto\command F:\AdobeR.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


-- End of Deckard's System Scanner: finished at 2007-05-30 at 02:02:31 ---------

 

the highlighted adober when scaned with nod32 is infected

 

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 511.44 MiB / 238.8 MiB
Pagefile Memory (total/avail): 1237.66 MiB / 787.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.29 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 2.74 GiB free.
D: is Fixed (NTFS) - 54.99 GiB total, 1.38 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.467 v7.5.467 (GRISOFT)
AV: Eset NOD32 antivirus system 2.50 v2.50 (Eset)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\hal9000x\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HAL9000
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\hal9000x
LOGONSERVER=\\HAL9000
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\hal9000x\LOCALS~1\Temp
TMP=C:\DOCUME~1\hal9000x\LOCALS~1\Temp
USERDOMAIN=HAL9000
USERNAME=hal9000x
USERPROFILE=C:\Documents and Settings\hal9000x
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

hal9000x (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe "

 

Ok, thanks. It looks like the log may have been cut off. Can you check to see, as there ought to be more than just a few items listed under the 'Add\Remove' programs section.

Nothing in those logs indicates a problem. I'm assuming we got it either with KillBox, is the machine behaving ok now?

Also, when was this system installed? It looks like earlier in the month as non files were found older than the 16th of May.

We have a few minor items to fix with HJT.

Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

:arrow: Reboot, run HJT, if the above are gone, no need to repost with new log.