Inactive [InActive] two things....[Recurring infections]

brandon2009bmp · 2008/10/18

how can i stop getting trojans and such and two i keep scanning my comp and every time i get infections found i use Malwarebytes' anti-malware and my most recent scan showed this
___________________________________________________________________

Malwarebytes' Anti-Malware 1.29
Database version: 1286
Windows 5.1.2600 Service Pack 2

10/18/2008 12:45:11 PM
mbam-log-2008-10-18 (12-45-11).txt

Scan type: Quick Scan
Objects scanned: 74669
Time elapsed: 21 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{0418f3e3-c763-4e02-9ec5-f0ae13b54b0f} (Adware.SmileyDistrict) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{00dbdac8-4691-4797-8e6a-7c6ab89bc441} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\2.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
__________________________________________________________________
how can i stop getting these things all together......

HELP PLEASE

noahdfear · 2008/10/19

Welcome to WindowsBBS brandon2009bmp

Recurring infections (BTW, I've adjusted the thread title) are generally the result of one or more of several things.

1. Your surfing habits
2. The use of P2P file sharing apps
3. Inadequate protection
4. Incomplete cleanup of malware infection

That in mind, lets get a log and see if it reveals anything.

Download RSIT by random/random and save it to your desktop.

Double click RSIT.exe to start the tool.

At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.

When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.

Please post the contents of log.txt here in your next reply.

brandon2009bmp · 2008/10/24

THIS ONE IS FIRST....MESSED UP IN REPLY:{

Logfile of random's system information tool 1.04 (written by random/random)
Run by Chai at 2008-10-24 20:33:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (54%) free of 76 GB
Total RAM: 511 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:59 PM, on 10/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\AOL\1100791190\ee\AOLSoftware.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1100791190\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1100791190\ee\aolsoftware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chai\Desktop\RSIT.exe
C:\Program Files\trend micro\Chai.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.red.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100791190\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe "
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe "
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125606318921
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.org/tsweb/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: gebyw - gebyw.dll (file missing)
O20 - Winlogon Notify: slwsydse - slwsydse.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 15712 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-03-10 879856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-03 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2007-12-17 56360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Zango - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-02 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll [2006-11-01 333472]
{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL []
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-03-10 879856]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Zango - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-02 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\System32\NvCpl.dll [2003-11-03 4800512]
"Logitech Utility "=C:\WINDOWS\Logi_MwX.Exe [2003-05-16 19968]
"dla "=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"DVDSentry "=C:\WINDOWS\System32\DSentry.exe [2003-08-13 28672]
"RealTray "=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-05-12 26112]
"HPDJ Taskbar Utility "=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-14 176128]
"HPHmon03 "=C:\WINDOWS\System32\hphmon03.exe [2003-01-30 311296]
"AOLDialer "=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"Pure Networks Port Magic "=C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-05-07 99480]
"HostManager "=C:\Program Files\Common Files\AOL\1100791190\ee\AOLSoftware.exe [2006-09-25 50736]
"UpdateManager "=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2005-10-23 98304]
"Broadcom Wireless Manager UI "=C:\WINDOWS\system32\bcmntray []
"Smiley District "=C:\Program Files\SmileyDistrict\plugin.exe [2006-05-17 53248]
"HPHmon04 "=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]
"HPHUPD04 "=C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe []
"BearShare "=C:\Program Files\BearShare\BearShare.exe [2006-07-26 3305472]
"Verizon_McciTrayApp "=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"fssui "=C:\Program Files\Windows Live\Family Safety\fssui.exe [2007-12-17 243240]
"CXMon "=C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-08-09 45056]
"Share-to-Web Namespace Daemon "=C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ZangoOE "=C:\Program Files\Zango\bin\10.3.37.0\OEAddOn.exe []
"ZangoSA "=C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe []
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-29 1234712]
"SearchSettings "=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow! "= []
"Symantec NetDriver Monitor "=C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE []
"DellSupport "=C:\Program Files\Dell Support\DSAgnt.exe /startup []
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Aim6 "= []
"BitTorrent DNA "=C:\Program Files\DNA\btdna.exe [2008-09-24 289088]
"MtdAcqu "=C:\Program Files\Creative\MediaSource5\MtdAcqu.exe /s []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebyw]
gebyw.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\slwsydse]
slwsydse.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\System32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\America Online 9.0d\waol.exe "= "C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:America Online 9.0d "
"C:\Program Files\Yahoo!\Messenger\YPager.exe "= "C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\WildTangent\Polar Bowler\polar.exe "= "C:\Program Files\WildTangent\Polar Bowler\polar.exe:*:Enabledolar "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\Common Files\AOL\1100791190\EE\AOLServiceHost.exe "= "C:\Program Files\Common Files\AOL\1100791190\EE\AOLServiceHost.exe:*:Enabled:AOL Services "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe "= "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\Common Files\AOL\1100791190\EE\aolsoftware.exe "= "C:\Program Files\Common Files\AOL\1100791190\EE\aolsoftware.exe:*:Enabled:AOL Services "
"C:\Program Files\BearShare\BearShare.exe "= "C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\DNA\btdna.exe "= "C:\Program Files\DNA\btdna.exe:*:EnabledNA "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\Common Files\AOL\1100791190\EE\AOLServiceHost.exe "= "C:\Program Files\Common Files\AOL\1100791190\EE\AOLServiceHost.exe:*:Enabled:AOL Services "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

======List of files/folders created in the last 3 months======

2008-10-24 20:33:34 ----D---- C:\Program Files\trend micro
2008-10-24 20:33:31 ----D---- C:\rsit
2008-10-24 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 03:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 03:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 03:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 03:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 03:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-13 21:57:57 ----D---- C:\Documents and Settings\Chai\Application Data\Malwarebytes
2008-10-13 21:57:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 21:57:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 21:26:56 ----D---- C:\Program Files\HDTVNetworks
2008-10-06 21:12:19 ----D---- C:\Program Files\DivX
2008-10-06 18:33:07 ----D---- C:\Program Files\Windows Defender
2008-10-06 00:01:04 ----D---- C:\Documents and Settings\Chai\Application Data\Creative
2008-10-05 23:39:36 ----D---- C:\Program Files\Creative
2008-10-03 22:08:56 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-03 19:53:28 ----D---- C:\Documents and Settings\Chai\Application Data\Move Networks
2008-09-27 23:44:55 ----D---- C:\Program Files\Netflix
2008-09-26 17:33:13 ----A---- C:\WINDOWS\system32\wmv9vcm.dll
2008-09-26 17:13:51 ----D---- C:\Program Files\XP Codec Pack
2008-09-26 17:01:15 ----D---- C:\Documents and Settings\Chai\Application Data\Media Player Classic
2008-09-24 22:05:53 ----D---- C:\Documents and Settings\Chai\Application Data\BitTorrent
2008-09-24 22:01:28 ----D---- C:\Program Files\DNA
2008-09-24 22:01:28 ----D---- C:\Documents and Settings\Chai\Application Data\DNA
2008-09-20 18:53:51 ----D---- C:\ATI
2008-09-20 15:03:19 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-20 15:03:19 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-20 15:03:18 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-20 15:03:17 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-20 15:03:17 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-20 15:03:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-20 15:03:14 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-20 15:03:14 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-20 15:03:12 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-20 15:03:11 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-20 15:03:09 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-20 15:03:09 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-20 15:03:08 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-20 15:03:07 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-20 15:03:06 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-20 15:03:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-20 15:03:04 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-20 15:03:04 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-20 15:03:03 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-20 15:03:01 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-09-20 15:02:58 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-09-20 15:02:57 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-20 15:02:56 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-09-20 15:02:54 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-20 15:02:52 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-09-20 15:02:52 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-20 15:02:49 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-20 15:02:38 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-09-20 15:02:38 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-09-20 15:02:31 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-09-20 15:02:31 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-20 15:02:23 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-09-20 15:02:08 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-09-20 15:01:59 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-09-20 15:01:59 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-20 15:01:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-09-20 15:01:46 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-09-20 15:01:44 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-09-20 15:01:43 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-09-20 15:01:43 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-20 15:01:41 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-09-20 15:01:40 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-20 15:01:39 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-20 15:01:39 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-20 15:01:38 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-20 15:01:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-20 15:01:25 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-20 15:01:24 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-20 15:01:24 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-20 15:01:23 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-20 15:01:22 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-20 15:01:21 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-20 15:01:20 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-20 15:01:18 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-20 15:01:17 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-20 15:01:12 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-20 14:56:35 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-20 14:56:21 ----D---- C:\WINDOWS\Logs
2008-09-20 14:54:05 ----D---- C:\Documents and Settings\All Users\Application Data\realtech VR
2008-09-20 14:39:41 ----D---- C:\Program Files\realtech VR
2008-09-17 21:14:16 ----D---- C:\Program Files\Common Files\Crystal Decisions
2008-09-15 17:12:54 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-15 17:12:54 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-14 21:29:32 ----D---- C:\Python25
2008-09-14 13:35:28 ----A---- C:\WINDOWS\system32\stmpcdtx.dll
2008-09-14 13:35:28 ----A---- C:\WINDOWS\system32\cdTextCtl.dll
2008-09-14 13:35:01 ----D---- C:\Program Files\Click'N Design 3D AfterBurner
2008-09-10 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 21:25:11 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-08 21:25:11 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-08 21:25:11 ----A---- C:\WINDOWS\system32\java.exe
2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-09-04 17:23:05 ----D---- C:\Documents and Settings\Chai\Application Data\Share-to-Web Upload Folder
2008-09-04 14:37:54 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 03:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-24 03:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-24 03:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-24 03:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-24 03:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-24 03:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-24 03:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-24 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-23 23:44:49 ----D---- C:\Documents and Settings\Chai\Application Data\QQ Games Plugin
2008-08-23 23:44:26 ----D---- C:\Documents and Settings\Chai\Application Data\acccore
2008-08-23 23:42:20 ----D---- C:\Program Files\Tencent
2008-08-23 23:41:21 ----D---- C:\Program Files\AIMTunes
2008-08-23 23:40:37 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-23 23:39:25 ----D---- C:\Program Files\AIM6
2008-08-23 21:20:11 ----D---- C:\WINDOWS\pss
2008-08-10 09:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-31 09:22:33 ----D---- C:\Documents and Settings\Chai\Application Data\Samsung
2008-07-30 19:11:30 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-07-30 19:10:49 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-07-30 19:09:49 ----D---- C:\Program Files\Samsung
2008-07-28 09:38:54 ----A---- C:\DVDPATH.TXT

======List of files/folders modified in the last 3 months======

2008-10-24 20:33:59 ----D---- C:\WINDOWS\Temp
2008-10-24 20:33:36 ----D---- C:\WINDOWS\Prefetch
2008-10-24 20:33:34 ----AD---- C:\Program Files
2008-10-24 20:32:34 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 19:55:56 ----D---- C:\WINDOWS
2008-10-24 19:55:31 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2008-10-24 18:52:44 ----HD---- C:\$AVG8.VAULT$
2008-10-24 08:47:45 ----D---- C:\WINDOWS\SYSTEM32
2008-10-24 08:07:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-24 03:15:50 ----SD---- C:\WINDOWS\Tasks
2008-10-24 03:12:58 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-10-24 03:11:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 03:03:08 ----HD---- C:\WINDOWS\INF
2008-10-24 03:02:41 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-24 03:00:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 12:12:06 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-15 09:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 03:29:11 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 03:26:09 ----SHD---- C:\WINDOWS\Installer
2008-10-15 03:25:55 ----HD---- C:\Config.Msi
2008-10-15 03:25:10 ----A---- C:\WINDOWS\WIN.INI
2008-10-15 03:04:27 ----D---- C:\Program Files\Internet Explorer
2008-10-13 18:47:06 ----SD---- C:\Documents and Settings\Chai\Application Data\Microsoft
2008-10-12 15:30:27 ----D---- C:\Program Files\AIM Toolbar
2008-10-11 21:27:55 ----A---- C:\WINDOWS\system32\user32.DLL
2008-10-08 17:41:51 ----D---- C:\WINDOWS\Minidump
2008-10-08 12:22:34 ----D---- C:\My Downloads
2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 21:12:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-06 18:33:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-06 18:32:47 ----D---- C:\Program Files\Microsoft AntiSpyware
2008-10-06 18:02:10 ----D---- C:\Program Files\Common Files
2008-10-05 23:44:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-05 23:39:23 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-05 22:37:52 ----RSD---- C:\WINDOWS\Fonts
2008-09-30 05:37:59 ----SHD---- C:\RECYCLER
2008-09-22 15:28:00 ----D---- C:\Documents and Settings\Chai\Application Data\Viewpoint
2008-09-20 15:03:22 ----D---- C:\WINDOWS\system32\DirectX
2008-09-20 15:01:36 ----RSD---- C:\WINDOWS\assembly
2008-09-20 15:01:00 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-20 14:49:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-20 14:45:55 ----D---- C:\WINDOWS\WinSxS
2008-09-14 19:11:35 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-11 14:37:24 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-08 21:25:08 ----D---- C:\Program Files\Java
2008-09-05 23:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 06:48:38 ----D---- C:\Program Files\Common Files\Adobe
2008-09-05 06:48:34 ----D---- C:\Documents and Settings\Chai\Application Data\AdobeUM
2008-09-04 14:37:53 ----D---- C:\WINDOWS\Debug
2008-09-04 14:33:56 ----D---- C:\WINDOWS\Help
2008-09-03 20:16:50 ----D---- C:\Program Files\BearShare
2008-08-24 03:14:35 ----D---- C:\Program Files\Messenger
2008-08-23 23:41:59 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-23 23:41:00 ----A---- C:\WINDOWS\atid.ini
2008-08-23 23:40:42 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-19 22:38:47 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-19 22:38:45 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-19 22:38:45 ----A---- C:\WINDOWS\system32\browseui.dll
2008-08-19 22:38:44 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-08-19 22:38:44 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-19 22:38:43 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-19 22:38:43 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-19 22:38:42 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-19 22:38:41 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-19 22:38:41 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-19 22:38:41 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-19 22:38:41 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-19 22:38:41 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-19 22:38:40 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-19 22:38:40 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-19 22:38:40 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-19 22:38:40 ----A---- C:\WINDOWS\system32\danim.dll
2008-08-19 22:38:39 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-08-19 02:20:32 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-08-17 20:30:58 ----D---- C:\Documents and Settings\Chai\Application Data\Aim
2008-08-14 02:58:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 02:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-10 09:22:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-07-31 18:58:41 ----D---- C:\Documents and Settings\Chai\Application Data\MSN6

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-03 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-02 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-12-26 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-05-12 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-05-16 25213]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-05-16 72893]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 BCM43XX;Wireless-G PCI Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\System32\DRIVERS\hphid409.sys [2003-01-30 50800]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\System32\DRIVERS\hphipr09.sys [2003-01-30 16112]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2003-01-30 50211]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-05-16 53869]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-05-16 37883]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

brandon2009bmp · 2008/10/24

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-03 231704]
R2 fsssvc;Windows Live OneCare Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-11-03 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-02-17 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2004-05-27 53337]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
S3 Pml Driver;Pml Driver; C:\WINDOWS\System32\HPHipm09.exe [2003-01-30 77824]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2004-05-27 69718]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

noahdfear · 2008/10/26

As previously mentioned, P2P programs are a major contributor to infections. I see you have BearShare and BitTorrent. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Now, lets get you cleaned up. Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

brandon2009bmp · 2008/11/10

ComboFix 08-11-09.01 - Chai 2008-11-09 22:07:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.137 [GMT -8:00]
Running from: c:\documents and settings\Chai\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chai\Local Settings\Temporary Internet Files\Tvm.log
c:\documents and settings\Guest\Application Data\twain_32
c:\documents and settings\Guest\Application Data\twain_32\user.ds
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\SYSTEM32\avajbk.ini
c:\windows\SYSTEM32\avajbk.ini2
c:\windows\SYSTEM32\avajbk.tmp
c:\windows\system32\comrepl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG
-------\Legacy_ZESOFT

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-10-24 19:33 . 2008-10-24 19:34 <DIR> d-------- C:\rsit
2008-10-24 19:33 . 2008-10-24 19:33 <DIR> d-------- c:\program files\trend micro
2008-10-13 20:57 . 2008-11-06 21:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-13 20:57 . 2008-10-13 20:57 <DIR> d-------- c:\documents and settings\Chai\Application Data\Malwarebytes
2008-10-13 20:57 . 2008-10-13 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-13 20:57 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-13 20:57 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-10-11 20:28 . 2008-10-11 20:28 63,488 --a------ c:\windows\SYSTEM32\tfdsx.xl
2008-10-11 20:28 . 2008-10-11 20:28 32,768 --a------ c:\windows\SYSTEM32\fe.sp
2008-10-11 20:28 . 2008-10-11 20:28 32,768 --a------ c:\windows\SYSTEM32\3fcv.ra
2008-10-11 20:28 . 2008-10-11 20:28 28,672 --a------ c:\windows\SYSTEM32\def.help
2008-10-11 20:28 . 2008-10-11 20:28 28,672 --a------ c:\windows\SYSTEM32\ceg.sdr
2008-10-11 20:28 . 2008-10-11 20:28 2 --a------ C:\-1468782672
2008-10-11 20:26 . 2008-10-13 18:28 <DIR> d-------- c:\program files\HDTVNetworks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 02:24 --------- d-----w c:\program files\DivX
2008-11-09 02:23 --------- d-----w c:\program files\DNA
2008-10-13 05:06 --------- d-----w c:\documents and settings\Chai\Application Data\BitTorrent
2008-10-12 22:30 --------- d-----w c:\program files\AIM Toolbar
2008-10-07 01:33 --------- d-----w c:\program files\Windows Defender
2008-10-07 01:32 --------- d-----w c:\program files\Microsoft AntiSpyware
2008-10-07 01:02 --------- d-----w c:\program files\Creative
2008-10-06 07:07 --------- d-----w c:\documents and settings\Chai\Application Data\Creative
2008-10-06 06:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 06:39 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-04 05:10 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-04 03:00 --------- d-----w c:\documents and settings\Chai\Application Data\Move Networks
2008-10-01 16:03 --------- d-----w c:\documents and settings\Guest\Application Data\AVGTOOLBAR
2008-10-01 15:58 --------- d-----w c:\documents and settings\Guest\Application Data\Search Settings
2008-09-28 06:44 --------- d-----w c:\program files\Netflix
2008-09-27 00:13 --------- d-----w c:\program files\XP Codec Pack
2008-09-27 00:01 --------- d-----w c:\documents and settings\Chai\Application Data\Media Player Classic
2008-09-22 22:28 --------- d-----w c:\documents and settings\Chai\Application Data\Viewpoint
2008-09-20 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\realtech VR
2008-09-20 21:39 --------- d-----w c:\program files\realtech VR
2008-09-18 04:14 --------- d-----w c:\program files\Common Files\Crystal Decisions
2008-09-14 20:50 --------- d-----w c:\program files\Click'N Design 3D AfterBurner
2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll
2004-08-20 07:26 1,216 --sh--w c:\windows\Twunk_16.dll
2004-08-20 07:26 1,216 --sh--w c:\windows\Twunk_32.dll
2004-08-04 07:56 413,696 --sh--w c:\windows\SYSTEM32\msvcp60.dll
2004-08-04 07:56 83,456 --sh--w c:\windows\SYSTEM32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
.
c:\windows\system32\user32.dll ... is infected !!
577,024 2005-03-02 18:19:56 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
560,128 2004-06-17 17:58:35 c:\windows\$NtServicePackUninstall$\user32.dll
528,896 2002-11-01 22:26:46 c:\windows\$NtUninstallKB824141$\user32.dll
560,128 2003-09-25 16:49:02 c:\windows\$NtUninstallKB840987$\user32.dll
577,024 2004-08-04 07:56:46 c:\windows\$NtUninstallKB890859$\user32.dll
577,024 2005-03-02 18:09:30 c:\windows\$NtUninstallKB925902$\user32.dll
577,024 2004-08-04 07:56:46 c:\windows\ServicePackFiles\i386\user32.dll
578,560 2008-04-14 00:12:08 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
577,536 2008-10-12 04:27:55 c:\windows\SYSTEM32\user32.DLL
577,536 2008-10-12 04:27:55 c:\windows\SYSTEM32\DLLCACHE\user32.dll

------- Sigcheck -------

2005-03-02 10:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 07:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-06-17 09:58 560128 31fb2d788a9aa618452c02e8375b6dcd c:\windows\$NtServicePackUninstall$\user32.dll
md5deep: c:\windows\$NtUninstallKB824141$\user32.dll: Permission denied
2003-09-25 08:49 560128 32173306185f603e75c477e117f3bb8d c:\windows\$NtUninstallKB840987$\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 10:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 16:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
2008-10-11 20:27 577536 35e36c177497d39baad18c717f19d8f9 c:\windows\SYSTEM32\user32.DLL
2008-10-11 20:27 577536 35e36c177497d39baad18c717f19d8f9 c:\windows\SYSTEM32\DLLCACHE\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI "= "c:\windows\system32\bcmntray" [X]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2003-08-05 114741]
"DVDSentry "= "c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2004-05-12 26112]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HPHmon03 "= "c:\windows\System32\hphmon03.exe" [2003-01-30 311296]
"AOLDialer "= "c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Pure Networks Port Magic "= "c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"HostManager "= "c:\program files\Common Files\AOL\1100791190\ee\AOLSoftware.exe" [2006-09-25 50736]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-10-23 98304]
"Smiley District "= "c:\program files\SmileyDistrict\plugin.exe" [2006-05-16 53248]
"HPHmon04 "= "c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"BearShare "= "c:\program files\BearShare\BearShare.exe" [2006-07-26 3305472]
"Verizon_McciTrayApp "= "c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"fssui "= "c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"CXMon "= "c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
"Share-to-Web Namespace Daemon "= "c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"SearchSettings "= "c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Logitech Utility "= "Logi_MwX.Exe" [2003-05-16 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-05-12 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 757760]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-07-10 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-07-10 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= ffdshow.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\America Online 9.0d\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\1100791190\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\Common Files\\AOL\\1100791190\\EE\\aolsoftware.exe "=
"c:\\Program Files\\BearShare\\BearShare.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-03 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-03 231704]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-11-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-11-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 17:26]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-Symantec NetDriver Monitor - c:\progra~1\Symantec\LIVEUP~1\SNDMon.EXE
HKCU-Run-DellSupport - c:\program files\Dell Support\DSAgnt.exe
HKCU-Run-MtdAcqu - c:\program files\Creative\MediaSource5\MtdAcqu.exe
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
Notify-gebyw - gebyw.dll
Notify-slwsydse - slwsydse.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Chai\Application Data\Mozilla\Firefox\Profiles\xeyztagk.default\
FF -: plugin - c:\documents and settings\Chai\Application Data\Mozilla\Firefox\Profiles\xeyztagk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 22:21:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\windows\SYSTEM32\WLTRYSVC.EXE
c:\windows\SYSTEM32\BCMWLTRY.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\SYSTEM32\bcmntray.EXE
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\AOL\1100791190\EE\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-11-09 22:32:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 06:31:56

Pre-Run: 44,043,010,048 bytes free
Post-Run: 44,250,189,824 bytes free

244 --- E O F --- 2008-11-07 22:30:42

THIS IS WHAT CAME UP AFTER...AM I ALL CLEAR?? AND IF I CONTINUE TO P2P BUT SCAN ALL DOWNLOADED FILES BEFORE OPENING AM I "SAFE "

noahdfear · 2008/11/10

Please run Combofix again as previously instructed, this time allowing it to update if prompted, and to connect and install the Recovery Console. ComboFix should restart your machine and continue to run after logon. Please wait for it to complete and open a log before trying to run any programs. Post the contents of that log here.

Warning - Do not click on the ComboFix window while it is running, as this can cause it to stall.

As I said above, I do not recommend P2P applications. I suggest you read the related links I provided. Ultimately, it is your decision, but know that you may in the future find it more difficult to receive help from those of us who donate our time if you continue to use them. It's pointless for us to allow you to keep re-infecting, knowing we will help you clean it up again at no charge ..... it's a waste of our time, time that could be better spent helping folks that try to prevent an avenue for infection.

Log in or Sign up

Inactive [InActive] two things....[Recurring infections]

brandon2009bmp Inactive Thread Starter

noahdfear Inactive

brandon2009bmp Inactive Thread Starter

brandon2009bmp Inactive Thread Starter

noahdfear Inactive

brandon2009bmp Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Inactive [InActive] two things....[Recurring infections]

brandon2009bmp Inactive Thread Starter

noahdfear Inactive

brandon2009bmp Inactive Thread Starter

brandon2009bmp Inactive Thread Starter

noahdfear Inactive

brandon2009bmp Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches