1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Dir00,dir001,dir003

Discussion in 'Malware and Virus Removal Archive' started by bayang, 2008/09/07.

  1. 2008/09/07
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    [Active] Dir00,dir001,dir003

    hye...actually i try to follow ur instruction from here http://www.windowsbbs.com/malware-virus-removal/69887-dir00-dir001-dir03.html#post378035 ....but it's not working for my pc...this is my hijack log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:42:28 PM, on 9/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\FarStone\VirtualDrive\VDTask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe "
    O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Upload Manager] C:\Program Files\Free Download Manager\fum\fum.exe -autorun
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1CAA.tmp" /EF "HKCU "
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76C937BC-70FE-401D-91BF-48DD00A4981E}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9472 bytes


    ComboFix 08-09-03.03 - Bayang 2008-09-04 20:10:34.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1198 [GMT 8:00]
    Running from: C:\Documents and Settings\Bayang\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Bayang\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\system\

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
    .

    2008-09-03 21:14 . 2008-09-03 21:14 <DIR> d-------- C:\Program Files\Avira
    2008-09-03 21:14 . 2008-09-04 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-03 20:53 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-03 00:33 . 2008-09-03 00:33 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-02 23:39 . 2008-09-02 23:39 <DIR> d-------- C:\Program Files\Recuva
    2008-09-02 09:38 . 2008-09-02 09:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-02 09:38 . 2008-09-02 09:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-26 02:35 . 2008-08-26 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Program Files\AskSBar
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-12 20:13 . 2008-08-12 20:13 <DIR> d-------- C:\Program Files\Sibelius Software

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-04 12:11 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Azureus
    2008-09-04 12:09 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Free Download Manager
    2008-09-04 09:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-02 21:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-02 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-02 16:21 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-28 05:03 --------- d-----w C:\Program Files\Opera
    2008-08-16 11:09 --------- d-----w C:\Program Files\Azureus
    2008-08-12 10:53 --------- d-----w C:\Program Files\Winamp
    2008-07-28 15:47 --------- d-----w C:\Program Files\TVUPlayer
    2008-07-22 10:07 --------- d-----w C:\Program Files\Java
    2008-07-19 14:02 --------- d-----w C:\Program Files\LimeWire
    2008-07-19 08:22 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Skype
    2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-13 12:48 --------- d-----w C:\Program Files\AC3Filter
    2008-07-13 12:44 --------- d-----w C:\Program Files\AC3File
    2008-07-10 16:31 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
    2008-07-10 16:28 --------- d-----w C:\Program Files\Yahoo!
    2008-07-10 16:28 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-04 01:02 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-04 01:02 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-14 12:21 16,608 ----a-w C:\WINDOWS\gdrv.sys
    2008-06-14 12:08 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-04-15 12:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2004-10-01 07:00 40,960 ---ha-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "Free Download Manager "= "C:\Program Files\Free Download Manager\fdm.exe" [2007-08-31 2437167]
    "Free Upload Manager "= "C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 253952]
    "Free Uploader Oe Integration "= "C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "MSMSGS "= "C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-14 1694208]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE" [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 7618560]
    "LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
    "RAMDrive "= "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
    "VirtualDrive "= "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-03-08 98304]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-03 1235736]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
    "avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
    "nwiz "= "nwiz.exe" [2006-07-25 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "NvMCTray.dll" [2006-07-25 C:\WINDOWS\system32\nvmctray.dll]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12 "= yv12vfw.dll
    "msacm.ac3filter "= ac3filter.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Azureus\\Azureus.exe "=
    "C:\\hIRC2.2\\mirc.exe "=
    "C:\\Valve\\Condition Zero\\czero.exe "=
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13461:TCP "= 13461:TCP:NortonAV
    "12656:TCP "= 12656:TCP:NortonAV
    "17862:TCP "= 17862:TCP:NortonAV
    "17484:TCP "= 17484:TCP:NortonAV
    "14688:TCP "= 14688:TCP:NortonAV
    "4266:UDP "= 4266:UDP:Windows Media Format SDK (Opera.exe)
    "4267:UDP "= 4267:UDP:Windows Media Format SDK (Opera.exe)
    "4270:UDP "= 4270:UDP:Windows Media Format SDK (Opera.exe)

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-03 97928]
    R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-03 875288]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-03 231704]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]
    R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    \Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aa3b5a8-171e-11dc-8208-806d6172696f}]
    \Shell\AutoRun\command - E:\Autoplay.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e89bf8-0ae8-11dd-b893-000fea56435f}]
    \Shell\AutoRun\command - fufb6tq3.cmd
    \Shell\explore\Command - fufb6tq3.cmd
    \Shell\open\Command - fufb6tq3.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ccd48e5-7958-11db-8b61-4c0010522dba}]
    \Shell\Auto\command - I:\MicrosoftPowerPoint.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab379db3-3b61-11dc-9429-000fea56435f}]
    \Shell\AutoRun\command - lhwdcgcb.bat
    \Shell\explore\Command - lhwdcgcb.bat
    \Shell\open\Command - lhwdcgcb.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b0c374-6c15-11dd-b8b5-001d7d7daed6}]
    \Shell\Auto\command - I:\MicrosoftPowerPoint.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-04 20:11:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-09-04 20:12:37
    ComboFix-quarantined-files.txt 2008-09-04 12:12:29
    ComboFix2.txt 2008-09-04 12:06:53

    Pre-Run: 2,662,920,192 bytes free
    Post-Run: 2,642,272,256 bytes free

    187 --- E O F --- 2008-08-27 16:14:16
     
  2. 2008/09/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS bayang :)

    For the record, it's not generally recommended to follow instructions intended for someone else. Please post the contents of the log C:\Qoobox\ComboFix2.txt
     

  3. to hide this advert.

  4. 2008/09/08
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    ComboFix 08-09-05.02 - Bayang 2008-09-07 15:51:30.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1254 [GMT 8:00]
    Running from: C:\Documents and Settings\Bayang\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\system\

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
    .

    2008-09-03 21:14 . 2008-09-03 21:14 <DIR> d-------- C:\Program Files\Avira
    2008-09-03 21:14 . 2008-09-04 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-03 20:53 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-03 00:33 . 2008-09-03 00:33 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-02 23:39 . 2008-09-02 23:39 <DIR> d-------- C:\Program Files\Recuva
    2008-09-02 09:38 . 2008-09-02 09:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-02 09:38 . 2008-09-02 09:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-26 02:35 . 2008-08-26 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Program Files\AskSBar
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-12 20:13 . 2008-08-12 20:13 <DIR> d-------- C:\Program Files\Sibelius Software

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-07 07:53 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Azureus
    2008-09-05 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-04 12:33 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Free Download Manager
    2008-09-04 09:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-02 21:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-28 05:03 --------- d-----w C:\Program Files\Opera
    2008-08-16 11:09 --------- d-----w C:\Program Files\Azureus
    2008-08-12 10:53 --------- d-----w C:\Program Files\Winamp
    2008-07-28 15:47 --------- d-----w C:\Program Files\TVUPlayer
    2008-07-22 10:07 --------- d-----w C:\Program Files\Java
    2008-07-19 14:02 --------- d-----w C:\Program Files\LimeWire
    2008-07-19 08:22 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Skype
    2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-13 12:48 --------- d-----w C:\Program Files\AC3Filter
    2008-07-13 12:44 --------- d-----w C:\Program Files\AC3File
    2008-07-10 16:31 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
    2008-07-10 16:28 --------- d-----w C:\Program Files\Yahoo!
    2008-07-10 16:28 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-14 12:21 16,608 ----a-w C:\WINDOWS\gdrv.sys
    2008-06-14 12:08 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-04-15 12:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2004-10-01 07:00 40,960 ---ha-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "Free Download Manager "= "C:\Program Files\Free Download Manager\fdm.exe" [2007-08-31 2437167]
    "Free Upload Manager "= "C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 253952]
    "Free Uploader Oe Integration "= "C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "MSMSGS "= "C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-14 1694208]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE" [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 7618560]
    "LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
    "RAMDrive "= "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
    "VirtualDrive "= "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-03-08 98304]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
    "avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
    "nwiz "= "nwiz.exe" [2006-07-25 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "NvMCTray.dll" [2006-07-25 C:\WINDOWS\system32\nvmctray.dll]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12 "= yv12vfw.dll
    "msacm.ac3filter "= ac3filter.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Azureus\\Azureus.exe "=
    "C:\\hIRC2.2\\mirc.exe "=
    "C:\\Valve\\Condition Zero\\czero.exe "=
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13461:TCP "= 13461:TCP:NortonAV
    "12656:TCP "= 12656:TCP:NortonAV
    "17862:TCP "= 17862:TCP:NortonAV
    "17484:TCP "= 17484:TCP:NortonAV
    "14688:TCP "= 14688:TCP:NortonAV
    "4266:UDP "= 4266:UDP:Windows Media Format SDK (Opera.exe)
    "4267:UDP "= 4267:UDP:Windows Media Format SDK (Opera.exe)
    "4270:UDP "= 4270:UDP:Windows Media Format SDK (Opera.exe)

    R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    S2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05be8a0c-7a86-11dd-b8be-001d7d7daed6}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    \Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aa3b5a8-171e-11dc-8208-806d6172696f}]
    \Shell\AutoRun\command - E:\Autoplay.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e89bf8-0ae8-11dd-b893-000fea56435f}]
    \Shell\AutoRun\command - fufb6tq3.cmd
    \Shell\explore\Command - fufb6tq3.cmd
    \Shell\open\Command - fufb6tq3.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ccd48e5-7958-11db-8b61-4c0010522dba}]
    \Shell\Auto\command - I:\MicrosoftPowerPoint.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab379db3-3b61-11dc-9429-000fea56435f}]
    \Shell\AutoRun\command - lhwdcgcb.bat
    \Shell\explore\Command - lhwdcgcb.bat
    \Shell\open\Command - lhwdcgcb.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b0c374-6c15-11dd-b8b5-001d7d7daed6}]
    \Shell\Auto\command - I:\MicrosoftPowerPoint.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Bayang\Application Data\Mozilla\Firefox\Profiles\b6mztx8s.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-07 15:53:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-09-07 15:54:58
    ComboFix-quarantined-files.txt 2008-09-07 07:54:41
    ComboFix2.txt 2008-09-04 12:12:39

    Pre-Run: 3,857,293,312 bytes free
    Post-Run: 3,847,139,328 bytes free

    179 --- E O F --- 2008-08-27 16:14:16
     
  5. 2008/09/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I asked you to post the contents of a log, ComboFix2.txt
    Why did you instead run ComboFix again and post the new log?
    Please read my instructions carefully.


    You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.


    Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  6. 2008/09/09
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.27
    Database version: 1131
    Windows 5.1.2600 Service Pack 2

    9/9/2008 9:14:38 PM
    mbam-log-2008-09-09 (21-14-38).txt

    Scan type: Quick Scan
    Objects scanned: 46645
    Time elapsed: 3 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    no files infected??? funny....i hope u can help me..pls noahdfear ..
     
  7. 2008/09/09
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Code:
    REGEDIT4
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05be8a0c-7a86-11dd-b8be-001d7d7daed6}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aa3b5a8-171e-11dc-8208-806d6172696f}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e89bf8-0ae8-11dd-b893-000fea56435f}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ccd48e5-7958-11db-8b61-4c0010522dba}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab379db3-3b61-11dc-9429-000fea56435f}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b0c374-6c15-11dd-b8b5-001d7d7daed6}]
    
    Double click fix.reg and allow it to merge with the registry, then delete fix.reg.


    Now, do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Post the Kaspersky log here.


    Finally,
    • Download RSIT by random/random and save it to your desktop.
    • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
    • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
    • Please post the contents of log.txt in your next reply.
     
  8. 2008/09/10
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, September 10, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Wednesday, September 10, 2008 11:27:42
    Records in database: 1206972
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan statistics:
    Files scanned: 95231
    Threat name: 2
    Infected objects: 2
    Suspicious objects: 0
    Duration of the scan: 01:18:01


    File name / Threat name / Threats count
    C:\hIRC2.2\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
    C:\Movie\VIRUS GILA BABI TAHAP GABAN NAK MAMPUS!!!! JGN BUKAK!!!\Recover_My_Files_3.9.8.5966.rar Infected: Trojan.Win32.Buzus.ryd 1

    The selected area was scanned.



    Logfile of random's system information tool (written by random/random)
    Run by Bayang at 2008-09-10 23:32:47
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (3%) free of 100 GB
    Total RAM: 2046 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:33:01 PM, on 9/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
    C:\Program Files\FarStone\VirtualDrive\VDTask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Documents and Settings\Bayang\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Bayang.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe "
    O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Upload Manager] C:\Program Files\Free Download Manager\fum\fum.exe -autorun
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1CAA.tmp" /EF "HKCU "
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76C937BC-70FE-401D-91BF-48DD00A4981E}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9412 bytes

    Scheduled tasks folder

    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
    C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
    C:\WINDOWS\tasks\Uniblue SpyEraser.job

    Registry dump

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
    Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-05 1947080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-07-25 7618560]
    "nwiz "=C:\WINDOWS\system32\nwiz.exe [2006-07-25 1519616]
    "LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
    "LogitechVideoRepair "=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
    "LogitechVideoTray "=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
    "ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
    "NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
    "HPDJ Taskbar Utility "=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-23 176128]
    "RAMDrive "=C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe [2004-09-22 36864]
    "VirtualDrive "=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2004-09-30 139264]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-03-08 98304]
    "HP Component Manager "=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
    "NvMediaCenter "=C:\WINDOWS\system32\NvMCTray.dll [2006-07-25 86016]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
    "WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
    "avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
    "LogitechSoftwareUpdate "=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
    "Free Download Manager "=C:\Program Files\Free Download Manager\fdm.exe [2007-08-31 2437167]
    "Free Upload Manager "=C:\Program Files\Free Download Manager\fum\fum.exe [2007-07-29 253952]
    "Free Uploader Oe Integration "=C:\Program Files\Free Download Manager\FUM\fumoei.exe [2007-06-10 40960]
    "SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
    "MSMSGS "=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2004-10-14 1694208]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
    "C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
    "C:\hIRC2.2\mirc.exe "= "C:\hIRC2.2\mirc.exe:*:Enabled:mIRC "
    "C:\Valve\Condition Zero\czero.exe "= "C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher "
    "C:\Program Files\TVUPlayer\TVUPlayer.exe "= "C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec50bf6-83f8-11dc-a964-000fea56435f}]
    shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4685dd-726e-11db-8b58-4c0010522dba}]
    shell\AutoRun\command - G:\autorun.exe
    shell\readit\command - notepad readme.doc


    List of files/folders created in the last three months

    2008-09-10 23:32:47 ----D---- C:\rsit
    2008-09-10 16:35:14 ----D---- C:\dir02
    2008-09-10 05:55:25 ----A---- C:\WINDOWS\MegaManager.INI
    2008-09-10 01:42:23 ----D---- C:\Program Files\Gravity
    2008-09-09 21:59:11 ----D---- C:\dir00
    2008-09-09 21:45:14 ----D---- C:\dir03
    2008-09-09 21:45:08 ----D---- C:\dir01
    2008-09-09 20:45:58 ----RASHD---- C:\autorun.inf
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convit.ini
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convfac.ini
    2008-09-08 20:21:49 ----D---- C:\Documents and Settings\Bayang\Application Data\Megaupload
    2008-09-08 20:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-09-08 20:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-09-08 20:21:27 ----D---- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
    2008-09-08 20:21:26 ----D---- C:\Program Files\MegauploadToolbar
    2008-09-08 20:21:26 ----D---- C:\Documents and Settings\Bayang\Application Data\MegauploadToolbar
    2008-09-08 20:21:08 ----D---- C:\Program Files\Megaupload
    2008-09-07 21:16:28 ----A---- C:\WINDOWS\system32\avsda.dll
    2008-09-07 16:41:55 ----SHD---- C:\RECYCLER
    2008-09-07 16:07:52 ----D---- C:\WINDOWS\temp
    2008-09-07 16:07:51 ----A---- C:\ComboFix.txt
    2008-09-07 15:50:57 ----D---- C:\QooBox
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\zip.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\VFind.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swxcacls.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swsc.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swreg.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\sed.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\Nircmd.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\grep.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\fdsv.exe
    2008-09-04 20:03:01 ----D---- C:\WINDOWS\erdnt
    2008-09-03 21:14:05 ----D---- C:\Program Files\Avira
    2008-09-03 21:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53:24 ----D---- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 00:33:44 ----D---- C:\Program Files\Trend Micro
    2008-09-02 23:39:50 ----D---- C:\Program Files\Recuva
    2008-08-26 02:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-16 19:09:08 ----D---- C:\Program Files\AskSBar
    2008-08-15 22:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 22:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 22:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 22:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 22:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 22:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-12 20:13:16 ----D---- C:\Program Files\Sibelius Software
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\java.exe
    2008-07-20 19:50:44 ----D---- C:\Westwood
    2008-07-13 20:48:25 ----D---- C:\Program Files\AC3Filter
    2008-07-13 20:44:46 ----D---- C:\Program Files\AC3File
    2008-07-11 00:28:11 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
    2008-07-10 01:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-06-20 14:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-06-16 18:16:11 ----D---- C:\Movie
    2008-06-16 01:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-06-16 01:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-06-16 01:42:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2008-06-16 01:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-06-16 01:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
    2008-06-14 20:22:44 ----D---- C:\Program Files\GIGABYTE
    2008-06-14 20:09:09 ----R---- C:\WINDOWS\system32\ChCfg.exe
    2008-06-14 20:08:07 ----R---- C:\WINDOWS\RtlExUpd.dll
    2008-06-14 20:08:07 ----A---- C:\WINDOWS\HideWin.exe

    List of drivers

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-07 36096]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System [2007-12-06 72]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys []
    R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2003-08-07 10899]
    R3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
    R3 FVDSCSI;FVDSCSI; C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-25 3925920]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-07 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 a66kb0u8;a66kb0u8; C:\WINDOWS\system32\drivers\a66kb0u8.sys []
    S3 amqysa9d;amqysa9d; C:\WINDOWS\system32\drivers\amqysa9d.sys []
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    List of services

    R2 AntiVirScheduler;Avira AntiVir Premium Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2008-06-12 68865]
    R2 AntiVirService;Avira AntiVir Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2008-08-07 149761]
    R2 AVEService;Avira AntiVir Premium MailGuard helper service; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-25 155715]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 mlaayxnkebfx;mlaayxnkebfx; C:\WINDOWS\system32\drivers\mlaayxnkebfx.sys [2007-06-08 8576]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-07 14336]

    -----------------EOF-----------------
     
  9. 2008/09/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Did you create this folder?
    C:\Movie\VIRUS GILA BABI TAHAP GABAN NAK MAMPUS!!!! JGN BUKAK!!!


    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    
    http://www.windowsbbs.com/malware-virus-removal/76711-dir00-dir001-dir003.html#post416145
    
    Suspect::[22]
    C:\WINDOWS\system32\drivers\mlaayxnkebfx.sys
    File::
    C:\Movie\VIRUS GILA BABI TAHAP GABAN NAK MAMPUS!!!! JGN BUKAK!!!\Recover_My_Files_3.9.8.5966.rar
    Folder::
    C:\dir00
    C:\dir01
    C:\dir02
    C:\dir03
    Rootkit::
    C:\WINDOWS\system32\drivers\a66kb0u8.sys
    C:\WINDOWS\system32\drivers\amqysa9d.sys
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec50bf6-83f8-11dc-a964-000fea56435f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4685dd-726e-11db-8b58-4c0010522dba}]
    Driver::
    a66kb0u8
    amqysa9d
    
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh RSIT log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Please note that I have instructed CFScript to collect a file for analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned file. Please copy the path shown in the prompt and paste it into the box, then click Send.

    Thanks!
     
  10. 2008/09/11
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    Logfile of random's system information tool (written by random/random)
    Run by Bayang at 2008-09-11 21:11:53
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (3%) free of 100 GB
    Total RAM: 2046 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:12:03 PM, on 9/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
    C:\Program Files\FarStone\VirtualDrive\VDTask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Free Download Manager\fum\fum.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MESSEN~1\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Opera\opera.exe
    C:\Documents and Settings\Bayang\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Bayang.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe "
    O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Upload Manager] C:\Program Files\Free Download Manager\fum\fum.exe -autorun
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1CAA.tmp" /EF "HKCU "
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76C937BC-70FE-401D-91BF-48DD00A4981E}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9703 bytes

    Scheduled tasks folder

    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
    C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
    C:\WINDOWS\tasks\Uniblue SpyEraser.job

    Registry dump

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
    Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-05 1947080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-07-25 7618560]
    "nwiz "=C:\WINDOWS\system32\nwiz.exe [2006-07-25 1519616]
    "LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
    "LogitechVideoRepair "=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
    "LogitechVideoTray "=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
    "ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
    "NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
    "HPDJ Taskbar Utility "=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-23 176128]
    "RAMDrive "=C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe [2004-09-22 36864]
    "VirtualDrive "=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2004-09-30 139264]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-03-08 98304]
    "HP Component Manager "=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
    "NvMediaCenter "=C:\WINDOWS\system32\NvMCTray.dll [2006-07-25 86016]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
    "WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
    "avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
    "LogitechSoftwareUpdate "=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
    "Free Download Manager "=C:\Program Files\Free Download Manager\fdm.exe [2007-08-31 2437167]
    "Free Upload Manager "=C:\Program Files\Free Download Manager\fum\fum.exe [2007-07-29 253952]
    "Free Uploader Oe Integration "=C:\Program Files\Free Download Manager\FUM\fumoei.exe [2007-06-10 40960]
    "SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
    "MSMSGS "=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2004-10-14 1694208]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
    "C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
    "C:\hIRC2.2\mirc.exe "= "C:\hIRC2.2\mirc.exe:*:Enabled:mIRC "
    "C:\Valve\Condition Zero\czero.exe "= "C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher "
    "C:\Program Files\TVUPlayer\TVUPlayer.exe "= "C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


    List of files/folders created in the last three months

    2008-09-11 21:11:29 ----D---- C:\dir02
    2008-09-11 21:06:57 ----D---- C:\WINDOWS\temp
    2008-09-11 21:06:55 ----A---- C:\ComboFix.txt
    2008-09-11 21:00:43 ----D---- C:\dir01
    2008-09-11 20:58:31 ----D---- C:\dir03
    2008-09-11 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-11 03:00:26 ----A---- C:\WINDOWS\imsins.BAK
    2008-09-11 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-09-10 23:32:47 ----D---- C:\rsit
    2008-09-10 05:55:25 ----A---- C:\WINDOWS\MegaManager.INI
    2008-09-10 01:42:23 ----D---- C:\Program Files\Gravity
    2008-09-09 20:45:58 ----RASHD---- C:\autorun.inf
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convit.ini
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convfac.ini
    2008-09-08 20:21:49 ----D---- C:\Documents and Settings\Bayang\Application Data\Megaupload
    2008-09-08 20:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-09-08 20:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-09-08 20:21:27 ----D---- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
    2008-09-08 20:21:26 ----D---- C:\Program Files\MegauploadToolbar
    2008-09-08 20:21:26 ----D---- C:\Documents and Settings\Bayang\Application Data\MegauploadToolbar
    2008-09-07 21:16:28 ----A---- C:\WINDOWS\system32\avsda.dll
    2008-09-07 15:50:57 ----D---- C:\QooBox
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\zip.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\VFind.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swxcacls.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swsc.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swreg.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\sed.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\Nircmd.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\grep.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\fdsv.exe
    2008-09-04 20:03:01 ----D---- C:\WINDOWS\erdnt
    2008-09-03 21:14:05 ----D---- C:\Program Files\Avira
    2008-09-03 21:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53:24 ----D---- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 00:33:44 ----D---- C:\Program Files\Trend Micro
    2008-09-02 23:39:50 ----D---- C:\Program Files\Recuva
    2008-08-26 02:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-16 19:09:08 ----D---- C:\Program Files\AskSBar
    2008-08-15 22:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 22:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 22:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 22:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 22:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 22:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-12 20:13:16 ----D---- C:\Program Files\Sibelius Software
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\java.exe
    2008-07-20 19:50:44 ----D---- C:\Westwood
    2008-07-13 20:48:25 ----D---- C:\Program Files\AC3Filter
    2008-07-13 20:44:46 ----D---- C:\Program Files\AC3File
    2008-07-11 00:28:11 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
    2008-07-10 01:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-06-20 14:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-06-16 18:16:11 ----D---- C:\Movie
    2008-06-16 01:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-06-16 01:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-06-16 01:42:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2008-06-16 01:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-06-16 01:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
    2008-06-14 20:22:44 ----D---- C:\Program Files\GIGABYTE
    2008-06-14 20:09:09 ----R---- C:\WINDOWS\system32\ChCfg.exe
    2008-06-14 20:08:07 ----R---- C:\WINDOWS\RtlExUpd.dll
    2008-06-14 20:08:07 ----A---- C:\WINDOWS\HideWin.exe

    List of drivers

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-07 36096]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System [2007-12-06 72]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys []
    R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2003-08-07 10899]
    R3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
    R3 FVDSCSI;FVDSCSI; C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-25 3925920]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-07 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 ahixs5vx;ahixs5vx; C:\WINDOWS\system32\drivers\ahixs5vx.sys []
    S3 azigqt8l;azigqt8l; C:\WINDOWS\system32\drivers\azigqt8l.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    List of services

    R2 AntiVirScheduler;Avira AntiVir Premium Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2008-06-12 68865]
    R2 AntiVirService;Avira AntiVir Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2008-08-07 149761]
    R2 AVEService;Avira AntiVir Premium MailGuard helper service; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-25 155715]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 mlaayxnkebfx;mlaayxnkebfx; C:\WINDOWS\system32\drivers\mlaayxnkebfx.sys [2007-06-08 8576]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-07 14336]

    -----------------EOF-----------------
     
  11. 2008/09/11
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    ComboFix 08-09-10.04 - Bayang 2008-09-11 20:57:27.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1566 [GMT 8:00]
    Running from: C:\Documents and Settings\Bayang\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Bayang\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\dir00
    C:\dir00\dir13\dir23\dir31\file32
    C:\dir01
    C:\dir01\dir10\dir20\dir30\file11
    C:\dir01\dir10\dir22\dir31\file42
    C:\dir01\dir10\dir23\dir31\file41
    C:\dir01\dir13\dir20\dir33\file37
    C:\dir01\dir13\dir20\dir33\file39
    C:\dir01\dir13\dir22\dir31\file50
    C:\dir01\dir13\dir22\dir31\file52
    C:\dir01\dir13\dir23\dir32\file32
    C:\dir02
    C:\dir02\dir11\dir21\dir31\file51
    C:\dir03
    C:\dir03\dir10\dir21\dir30\file35
    C:\dir03\dir11\dir20\dir32\file35
    C:\dir03\dir11\dir21\dir30\file32
    C:\dir03\dir11\dir21\dir30\file34
    C:\dir03\dir11\dir22\dir31\file42
    C:\dir03\dir11\dir22\dir32\file43
    C:\dir03\dir11\dir22\dir32\file44
    C:\dir03\dir11\dir22\dir32\file45
    C:\dir03\dir12\dir20\dir30\file31
    C:\dir03\dir12\dir21\dir30\file23
    C:\dir03\dir12\dir21\dir30\file24
    C:\dir03\dir12\dir21\dir30\file25
    C:\dir03\dir12\dir21\dir30\file26
    C:\dir03\dir12\dir21\dir30\file27
    C:\dir03\dir12\dir21\dir30\file28
    C:\dir03\dir13\dir21\dir30\file32
    C:\dir03\dir13\dir23\dir30\file33
    C:\WINDOWS\system32\system\

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
    .

    2008-09-11 21:00 . 2008-09-11 21:00 <DIR> d-------- C:\dir01
    2008-09-11 20:58 . 2008-09-11 20:58 <DIR> d-------- C:\dir03
    2008-09-11 03:00 . 2008-09-11 03:00 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-09-10 23:32 . 2008-09-10 23:33 <DIR> d-------- C:\rsit
    2008-09-10 05:55 . 2008-09-10 05:55 50 --a------ C:\WINDOWS\MegaManager.INI
    2008-09-10 01:42 . 2008-09-10 01:42 <DIR> d-------- C:\Program Files\Gravity
    2008-09-08 21:34 . 2008-09-08 21:34 42,379 --a------ C:\WINDOWS\convfac.ini
    2008-09-08 21:34 . 2008-09-08 21:34 14,775 --a------ C:\WINDOWS\convit.ini
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Program Files\MegauploadToolbar
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\MegauploadToolbar
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\Megaupload
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-09-03 21:14 . 2008-09-03 21:14 <DIR> d-------- C:\Program Files\Avira
    2008-09-03 21:14 . 2008-09-04 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53 . 2008-09-09 21:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-03 20:53 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-03 00:33 . 2008-09-03 00:33 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-02 23:39 . 2008-09-02 23:39 <DIR> d-------- C:\Program Files\Recuva
    2008-09-02 09:38 . 2008-09-10 05:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-02 09:38 . 2008-09-02 09:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-26 02:35 . 2008-08-26 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Program Files\AskSBar
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-12 20:13 . 2008-08-12 20:13 <DIR> d-------- C:\Program Files\Sibelius Software

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-11 13:02 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Free Download Manager
    2008-09-11 12:27 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Azureus
    2008-09-10 09:53 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
    2008-09-09 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-05 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-04 09:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-02 21:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-28 05:03 --------- d-----w C:\Program Files\Opera
    2008-08-16 11:09 --------- d-----w C:\Program Files\Azureus
    2008-08-12 10:53 --------- d-----w C:\Program Files\Winamp
    2008-07-28 15:47 --------- d-----w C:\Program Files\TVUPlayer
    2008-07-22 10:07 --------- d-----w C:\Program Files\Java
    2008-07-19 08:22 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Skype
    2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-13 12:48 --------- d-----w C:\Program Files\AC3Filter
    2008-07-13 12:44 --------- d-----w C:\Program Files\AC3File
    2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 10:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-14 12:21 16,608 ----a-w C:\WINDOWS\gdrv.sys
    2008-06-14 12:08 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-04-15 12:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2004-10-01 07:00 40,960 ---ha-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
    2008-08-05 04:44 1947080 --a------ C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-C39E-35F1D2A32EC8} "= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-05 1947080]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
    [HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "Free Download Manager "= "C:\Program Files\Free Download Manager\fdm.exe" [2007-08-31 2437167]
    "Free Upload Manager "= "C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 253952]
    "Free Uploader Oe Integration "= "C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "MSMSGS "= "C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-14 1694208]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE" [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 7618560]
    "LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
    "RAMDrive "= "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
    "VirtualDrive "= "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-03-08 98304]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
    "avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
    "nwiz "= "nwiz.exe" [2006-07-25 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "NvMCTray.dll" [2006-07-25 C:\WINDOWS\system32\nvmctray.dll]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12 "= yv12vfw.dll
    "msacm.ac3filter "= ac3filter.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Azureus\\Azureus.exe "=
    "C:\\hIRC2.2\\mirc.exe "=
    "C:\\Valve\\Condition Zero\\czero.exe "=
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13461:TCP "= 13461:TCP:NortonAV
    "12656:TCP "= 12656:TCP:NortonAV
    "17862:TCP "= 17862:TCP:NortonAV
    "17484:TCP "= 17484:TCP:NortonAV
    "14688:TCP "= 14688:TCP:NortonAV
    "4266:UDP "= 4266:UDP:Windows Media Format SDK (Opera.exe)
    "4267:UDP "= 4267:UDP:Windows Media Format SDK (Opera.exe)
    "4270:UDP "= 4270:UDP:Windows Media Format SDK (Opera.exe)

    R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec50bf6-83f8-11dc-a964-000fea56435f}]
    \Shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    \Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4685dd-726e-11db-8b58-4c0010522dba}]
    \Shell\AutoRun\command - G:\autorun.exe
    \Shell\readit\command - notepad readme.doc
    .
    Contents of the 'Scheduled Tasks' folder
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-11 21:01:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-11 21:06:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-11 13:06:49
    ComboFix2.txt 2008-09-11 12:42:44
    ComboFix3.txt 2008-09-07 08:07:51

    Pre-Run: 3,352,428,544 bytes free
    Post-Run: 3,330,662,400 bytes free

    225 --- E O F --- 2008-09-10 19:02:31
     
  12. 2008/09/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download GMER

    Right click and extract it to it's own folder on the desktop.

    Open the program and click on the Rootkit tab.
    Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show All’.
    Click on Scan.
    When the scan has completed, click Copy and paste the results (if any) into this topic.
     
  13. 2008/09/13
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-09-13 17:28:50
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.14 ----

    SSDT spxe.sys ZwCreateKey [0xBA6AB0E0]
    SSDT BAF27EF4 ZwCreateThread
    SSDT spxe.sys ZwEnumerateKey [0xBA6C8CA2]
    SSDT spxe.sys ZwEnumerateValueKey [0xBA6C9030]
    SSDT spxe.sys ZwOpenKey [0xBA6AB0C0]
    SSDT BAF27EE0 ZwOpenProcess
    SSDT BAF27EE5 ZwOpenThread
    SSDT spxe.sys ZwQueryKey [0xBA6C9108]
    SSDT spxe.sys ZwQueryValueKey [0xBA6C8F88]
    SSDT spxe.sys ZwSetValueKey [0xBA6C919A]
    SSDT BAF27EEF ZwTerminateProcess
    SSDT BAF27EEA ZwWriteVirtualMemory

    INT 0x62 ? 8AAD4BF8
    INT 0x63 ? 8A8AABF8
    INT 0x82 ? 8AAD4BF8
    INT 0x83 ? 8A8AABF8
    INT 0xA4 ? 8A8AABF8
    INT 0xB1 ? 8AA65BF8
    INT 0xB1 ? 8AA65BF8
    INT 0xB4 ? 8A8AABF8

    ---- Kernel code sections - GMER 1.0.14 ----

    ? spxe.sys The system cannot find the file specified. !
    ? Combo-Fix.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B98E362C 5 Bytes JMP 8A8AA1D8
    ? System32\Drivers\ahixs5vx.SYS The system cannot find the file specified. !
    ? System32\Drivers\azigqt8l.SYS The system cannot find the file specified. !
    ? C:\ComboFix\catchme.sys The system cannot find the path specified. !
    ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spxe.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spxe.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spxe.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spxe.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spxe.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6BBD92] spxe.sys

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 8AAD31F8
    Device \FileSystem\Fastfat \FatCdrom 8A5FF1F8
    Device \FileSystem\Udfs \UdfsCdRom 8A7E41F8
    Device \FileSystem\Udfs \UdfsDisk 8A7E41F8
    Device \Driver\sptd \Device\1374882544 spxe.sys
    Device \Driver\usbuhci \Device\USBPDO-0 8A7F11F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA631F8
    Device \Driver\dmio \Device\DmControl\DmConfig 8AA631F8
    Device \Driver\dmio \Device\DmControl\DmPnP 8AA631F8
    Device \Driver\dmio \Device\DmControl\DmInfo 8AA631F8
    Device \Driver\usbuhci \Device\USBPDO-1 8A7F11F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A7F11F8
    Device \Driver\usbuhci \Device\USBPDO-3 8A7F11F8
    Device \Driver\usbehci \Device\USBPDO-4 8A7D61F8
    Device \Driver\PCI_PNP6294 \Device\00000048 spxe.sys
    Device \Driver\PCI_PNP6294 \Device\00000049 spxe.sys
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E85855DD-FF2F-4C24-9C89-F80055F410AC} 8A4F2500
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8AAD51F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8AAD51F8
    Device \Driver\Cdrom \Device\CdRom0 8A7B61F8
    Device \Driver\atapi \Device\Ide\IdePort0 8AAD41F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8AAD41F8
    Device \Driver\atapi \Device\Ide\IdePort1 8AAD41F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 8AAD41F8
    Device \Driver\Cdrom \Device\CdRom1 8A7B61F8
    Device \Driver\Cdrom \Device\CdRom2 8A7B61F8
    Device \Driver\Cdrom \Device\CdRom3 8A7B61F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4F2500
    Device \Driver\NetBT \Device\NetbiosSmb 8A4F2500
    Device \Driver\usbuhci \Device\USBFDO-0 8A7F11F8
    Device \Driver\sptd \Device\1374726294 spxe.sys
    Device \Driver\usbuhci \Device\USBFDO-1 8A7F11F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4E1500
    Device \Driver\usbuhci \Device\USBFDO-2 8A7F11F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4E1500
    Device \Driver\usbuhci \Device\USBFDO-3 8A7F11F8
    Device \Driver\usbehci \Device\USBFDO-4 8A7D61F8
    Device \Driver\Ftdisk \Device\FtControl 8AAD51F8
    Device \Driver\FVDSCSI \Device\Scsi\FVDSCSI1 8A4A41F8
    Device \Driver\azigqt8l \Device\Scsi\azigqt8l1Port2Path0Target0Lun0 8A6A91F8
    Device \Driver\azigqt8l \Device\Scsi\azigqt8l1 8A6A91F8
    Device \Driver\FVDSCSI \Device\Scsi\FVDSCSI1Port3Path0Target0Lun0 8A4A41F8
    Device \Driver\FVDSCSI \Device\Scsi\FVDSCSI1Port3Path0Target1Lun0 8A4A41F8
    Device \Driver\ahixs5vx \Device\Scsi\ahixs5vx1 8A7AD1F8
    Device \FileSystem\Fastfat \Fat 8A5FF1F8

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 8A5DE1F8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -853060578
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -282858091
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0x1C 0x5C 0xC9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0x1C 0x5C 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xC3 0x90 0x2B 0xA2 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{b330dd70-8060-43cc-bde6-150faa22c655}@Model 6
    Reg HKLM\SOFTWARE\Classes\CLSID\{b330dd70-8060-43cc-bde6-150faa22c655}@Therad 30
    Reg HKLM\SOFTWARE\Classes\CLSID\{b330dd70-8060-43cc-bde6-150faa22c655}@MData 0x2B 0x8F 0x78 0x29 ...

    ---- EOF - GMER 1.0.14 ----
     
  14. 2008/09/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    The spxe.sys file is suspicious, though I think it might be related to Alcohol/Daemon tools. To find out, we'll need another scan. If you have not restarted the machine since the first gmer scan, please do so now, then run another gmer scan and post the resulting log.

    Then, run RSIT again and post the new log.txt

    I asked, but you did not respond, so I'll ask again. Did you create this folder?
    C:\Movie\VIRUS GILA BABI TAHAP GABAN NAK MAMPUS!!!! JGN BUKAK!!!
     
  15. 2008/09/14
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    oh yes...it's my folder...i create that...


    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-09-14 15:15:19
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.14 ----

    SSDT spxe.sys ZwCreateKey [0xBA6AB0E0]
    SSDT BAF27EF4 ZwCreateThread
    SSDT spxe.sys ZwEnumerateKey [0xBA6C8CA2]
    SSDT spxe.sys ZwEnumerateValueKey [0xBA6C9030]
    SSDT spxe.sys ZwOpenKey [0xBA6AB0C0]
    SSDT BAF27EE0 ZwOpenProcess
    SSDT BAF27EE5 ZwOpenThread
    SSDT spxe.sys ZwQueryKey [0xBA6C9108]
    SSDT spxe.sys ZwQueryValueKey [0xBA6C8F88]
    SSDT spxe.sys ZwSetValueKey [0xBA6C919A]
    SSDT BAF27EEF ZwTerminateProcess
    SSDT BAF27EEA ZwWriteVirtualMemory

    INT 0x62 ? 8AAD4BF8
    INT 0x63 ? 8A8AABF8
    INT 0x82 ? 8AAD4BF8
    INT 0x83 ? 8A8AABF8
    INT 0xA4 ? 8A8AABF8
    INT 0xB1 ? 8AA65BF8
    INT 0xB1 ? 8AA65BF8
    INT 0xB4 ? 8A8AABF8

    ---- Kernel code sections - GMER 1.0.14 ----

    ? spxe.sys The system cannot find the file specified. !
    ? Combo-Fix.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B98E362C 5 Bytes JMP 8A8AA1D8
    ? System32\Drivers\ahixs5vx.SYS The system cannot find the file specified. !
    ? System32\Drivers\azigqt8l.SYS The system cannot find the file specified. !
    ? C:\ComboFix\catchme.sys The system cannot find the path specified. !
    ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spxe.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spxe.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spxe.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spxe.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spxe.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6BBD92] spxe.sys

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 8AAD31F8
    Device \FileSystem\Fastfat \FatCdrom 8A5FF1F8
    Device \FileSystem\Udfs \UdfsCdRom 8A7E41F8
    Device \FileSystem\Udfs \UdfsDisk 8A7E41F8
    Device \Driver\sptd \Device\1374882544 spxe.sys
    Device \Driver\usbuhci \Device\USBPDO-0 8A7F11F8
    Device \Driver\usbuhci \Device\USBPDO-1 8A7F11F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA631F8
    Device \Driver\dmio \Device\DmControl\DmConfig 8AA631F8
    Device \Driver\dmio \Device\DmControl\DmPnP 8AA631F8
    Device \Driver\dmio \Device\DmControl\DmInfo 8AA631F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A7F11F8
    Device \Driver\usbuhci \Device\USBPDO-3 8A7F11F8
    Device \Driver\PCI_PNP6294 \Device\00000048 spxe.sys
    Device \Driver\usbehci \Device\USBPDO-4 8A7D61F8
    Device \Driver\PCI_PNP6294 \Device\00000049 spxe.sys
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E85855DD-FF2F-4C24-9C89-F80055F410AC} 8A4F2500
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8AAD51F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8AAD51F8
    Device \Driver\Cdrom \Device\CdRom0 8A7B61F8
    Device \Driver\Cdrom \Device\CdRom1 8A7B61F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8AAD41F8
    Device \Driver\atapi \Device\Ide\IdePort0 8AAD41F8
    Device \Driver\atapi \Device\Ide\IdePort1 8AAD41F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 8AAD41F8
    Device \Driver\Cdrom \Device\CdRom2 8A7B61F8
    Device \Driver\Cdrom \Device\CdRom3 8A7B61F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4F2500
    Device \Driver\NetBT \Device\NetbiosSmb 8A4F2500
    Device \Driver\usbuhci \Device\USBFDO-0 8A7F11F8
    Device \Driver\sptd \Device\1374726294 spxe.sys
    Device \Driver\usbuhci \Device\USBFDO-1 8A7F11F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4E1500
    Device \Driver\usbuhci \Device\USBFDO-2 8A7F11F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4E1500
    Device \Driver\usbuhci \Device\USBFDO-3 8A7F11F8
    Device \Driver\Ftdisk \Device\FtControl 8AAD51F8
    Device \Driver\usbehci \Device\USBFDO-4 8A7D61F8
    Device \Driver\azigqt8l \Device\Scsi\azigqt8l1Port2Path0Target0Lun0 8A6A91F8
    Device \Driver\FVDSCSI \Device\Scsi\FVDSCSI1 8A4A41F8
    Device \Driver\azigqt8l \Device\Scsi\azigqt8l1 8A6A91F8
    Device \Driver\FVDSCSI \Device\Scsi\FVDSCSI1Port3Path0Target0Lun0 8A4A41F8
    Device \Driver\FVDSCSI \Device\Scsi\FVDSCSI1Port3Path0Target1Lun0 8A4A41F8
    Device \Driver\ahixs5vx \Device\Scsi\ahixs5vx1 8A7AD1F8
    Device \FileSystem\Fastfat \Fat 8A5FF1F8

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 8A5DE1F8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -853060578
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -282858091
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0x1C 0x5C 0xC9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0x1C 0x5C 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x85 0x8F 0x31 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC0 0xCD 0x06 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF7 0xD3 0x68 0x2A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xC3 0x90 0x2B 0xA2 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{b330dd70-8060-43cc-bde6-150faa22c655}@Model 6
    Reg HKLM\SOFTWARE\Classes\CLSID\{b330dd70-8060-43cc-bde6-150faa22c655}@Therad 30
    Reg HKLM\SOFTWARE\Classes\CLSID\{b330dd70-8060-43cc-bde6-150faa22c655}@MData 0x2B 0x8F 0x78 0x29 ...

    ---- EOF - GMER 1.0.14 ----
     
  16. 2008/09/14
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    Logfile of random's system information tool (written by random/random)
    Run by Bayang at 2008-09-14 15:23:23
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 4 GB (4%) free of 100 GB
    Total RAM: 2046 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:23:31 PM, on 9/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
    C:\Program Files\FarStone\VirtualDrive\VDTask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\Program Files\Free Download Manager\fum\fum.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Documents and Settings\Bayang\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Bayang.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe "
    O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Upload Manager] C:\Program Files\Free Download Manager\fum\fum.exe -autorun
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1CAA.tmp" /EF "HKCU "
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76C937BC-70FE-401D-91BF-48DD00A4981E}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9511 bytes

    Scheduled tasks folder

    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
    C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
    C:\WINDOWS\tasks\Uniblue SpyEraser.job

    Registry dump

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
    Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-05 1947080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-07-25 7618560]
    "nwiz "=C:\WINDOWS\system32\nwiz.exe [2006-07-25 1519616]
    "LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
    "LogitechVideoRepair "=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
    "LogitechVideoTray "=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
    "ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
    "NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
    "HPDJ Taskbar Utility "=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-23 176128]
    "RAMDrive "=C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe [2004-09-22 36864]
    "VirtualDrive "=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2004-09-30 139264]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-03-08 98304]
    "HP Component Manager "=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
    "NvMediaCenter "=C:\WINDOWS\system32\NvMCTray.dll [2006-07-25 86016]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
    "WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
    "avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
    "LogitechSoftwareUpdate "=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
    "Free Download Manager "=C:\Program Files\Free Download Manager\fdm.exe [2007-08-31 2437167]
    "Free Upload Manager "=C:\Program Files\Free Download Manager\fum\fum.exe [2007-07-29 253952]
    "Free Uploader Oe Integration "=C:\Program Files\Free Download Manager\FUM\fumoei.exe [2007-06-10 40960]
    "SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
    "MSMSGS "=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2004-10-14 1694208]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
    "C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
    "C:\hIRC2.2\mirc.exe "= "C:\hIRC2.2\mirc.exe:*:Enabled:mIRC "
    "C:\Valve\Condition Zero\czero.exe "= "C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher "
    "C:\Program Files\TVUPlayer\TVUPlayer.exe "= "C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


    List of files/folders created in the last three months

    2008-09-13 17:18:16 ----A---- C:\WINDOWS\gmer.ini
    2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.exe
    2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.dll
    2008-09-12 20:01:16 ----SHD---- C:\RECYCLER
    2008-09-11 21:15:14 ----D---- C:\dir00
    2008-09-11 21:11:29 ----D---- C:\dir02
    2008-09-11 21:06:57 ----D---- C:\WINDOWS\temp
    2008-09-11 21:06:55 ----A---- C:\ComboFix.txt
    2008-09-11 21:00:43 ----D---- C:\dir01
    2008-09-11 20:58:31 ----D---- C:\dir03
    2008-09-11 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-11 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-09-10 23:32:47 ----D---- C:\rsit
    2008-09-10 05:55:25 ----A---- C:\WINDOWS\MegaManager.INI
    2008-09-10 01:42:23 ----D---- C:\Program Files\Gravity
    2008-09-09 20:45:58 ----RASHD---- C:\autorun.inf
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convit.ini
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convfac.ini
    2008-09-08 20:21:49 ----D---- C:\Documents and Settings\Bayang\Application Data\Megaupload
    2008-09-08 20:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-09-08 20:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-09-08 20:21:27 ----D---- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
    2008-09-08 20:21:26 ----D---- C:\Program Files\MegauploadToolbar
    2008-09-08 20:21:26 ----D---- C:\Documents and Settings\Bayang\Application Data\MegauploadToolbar
    2008-09-07 21:16:28 ----A---- C:\WINDOWS\system32\avsda.dll
    2008-09-07 15:50:57 ----D---- C:\QooBox
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\zip.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\VFind.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swxcacls.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swsc.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\swreg.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\sed.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\Nircmd.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\grep.exe
    2008-09-07 15:50:55 ----A---- C:\WINDOWS\fdsv.exe
    2008-09-04 20:03:01 ----D---- C:\WINDOWS\erdnt
    2008-09-03 21:14:05 ----D---- C:\Program Files\Avira
    2008-09-03 21:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53:24 ----D---- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 00:33:44 ----D---- C:\Program Files\Trend Micro
    2008-09-02 23:39:50 ----D---- C:\Program Files\Recuva
    2008-08-26 02:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-16 19:09:08 ----D---- C:\Program Files\AskSBar
    2008-08-15 22:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 22:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 22:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 22:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 22:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 22:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-12 20:13:16 ----D---- C:\Program Files\Sibelius Software
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\java.exe
    2008-07-20 19:50:44 ----D---- C:\Westwood
    2008-07-13 20:48:25 ----D---- C:\Program Files\AC3Filter
    2008-07-13 20:44:46 ----D---- C:\Program Files\AC3File
    2008-07-11 00:28:11 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
    2008-07-10 01:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-06-20 14:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-06-16 18:16:11 ----D---- C:\Movie
    2008-06-16 01:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-06-16 01:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-06-16 01:42:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2008-06-16 01:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-06-16 01:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

    List of drivers

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-07 36096]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System [2007-12-06 72]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys []
    R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2003-08-07 10899]
    R3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
    R3 FVDSCSI;FVDSCSI; C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-25 3925920]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-07 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 ahixs5vx;ahixs5vx; C:\WINDOWS\system32\drivers\ahixs5vx.sys []
    S3 azigqt8l;azigqt8l; C:\WINDOWS\system32\drivers\azigqt8l.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-13 85969]
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    List of services

    R2 AntiVirScheduler;Avira AntiVir Premium Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2008-06-12 68865]
    R2 AntiVirService;Avira AntiVir Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2008-08-07 149761]
    R2 AVEService;Avira AntiVir Premium MailGuard helper service; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-25 155715]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 mlaayxnkebfx;mlaayxnkebfx; C:\WINDOWS\system32\drivers\mlaayxnkebfx.sys [2007-06-08 8576]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-07 14336]

    -----------------EOF-----------------
     
  17. 2008/09/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download ATF Cleaner by Atribune and save it to your Desktop.

    Open MBAM and check for updates, then close it for now.

    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    KillAll::
    File::
    C:\WINDOWS\system32\drivers\mlaayxnkebfx.sys
    Folder::
    C:\dir00
    C:\dir01
    C:\dir02
    C:\dir01
    C:\dir03
    C:\dir04
    C:\dir05
    Driver::
    mlaayxnkebfx
    
    Close all other windows and programs.

    Physically disconnect your computer from the internet. Do not reconnect until you've completed all scans and are ready to post the logs.

    Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Close it for now.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    As soon as ComboFix finishes, run ATF Cleaner as follows.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot


    Now, open MBAM and do a complete system scan, removing anything it finds. Reboot when done.

    This completes the scans, so reconnect and post the ComboFix log located at C:\combofix.txt
    Open MBAM and click the Logs tab, select the last scan and post it's contents here.

    Once you've done all of that, please run RSIT again and post the new log.txt as well.
     
  18. 2008/09/15
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    ComboFix 08-09-14.06 - Bayang 2008-09-15 20:19:15.8 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1619 [GMT 8:00]
    Running from: C:\Documents and Settings\Bayang\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Bayang\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\dir00
    C:\dir00\dir10\dir20\dir31\file23
    C:\dir00\dir10\dir20\dir31\file41
    C:\dir00\dir10\dir20\dir33\file35
    C:\dir00\dir10\dir21\dir30\file30
    C:\dir00\dir10\dir21\dir31\file38
    C:\dir00\dir10\dir21\dir32\file28
    C:\dir00\dir10\dir22\dir30\file21
    C:\dir00\dir10\dir22\dir31\file44
    C:\dir00\dir10\dir23\dir31\file24
    C:\dir00\dir10\dir23\dir31\file25
    C:\dir00\dir10\dir23\dir31\file26
    C:\dir00\dir10\dir23\dir31\file27
    C:\dir00\dir10\dir23\dir31\file38
    C:\dir00\dir11\dir21\dir30\file32
    C:\dir00\dir11\dir21\dir31\file50
    C:\dir00\dir11\dir21\dir31\file53
    C:\dir00\dir11\dir21\dir31\file55
    C:\dir00\dir11\dir21\dir31\file58
    C:\dir00\dir11\dir21\dir32\file33
    C:\dir00\dir11\dir21\dir32\file45
    C:\dir00\dir11\dir21\dir32\file55
    C:\dir00\dir11\dir21\dir33\file39
    C:\dir00\dir11\dir21\dir33\file48
    C:\dir00\dir11\dir22\dir30\file39
    C:\dir00\dir11\dir22\dir32\file43
    C:\dir00\dir12\dir20\dir31\file37
    C:\dir00\dir12\dir20\dir31\file40
    C:\dir00\dir12\dir20\dir33\file28
    C:\dir00\dir12\dir21\dir30\file34
    C:\dir00\dir12\dir21\dir31\file40
    C:\dir00\dir12\dir21\dir32\file29
    C:\dir00\dir12\dir21\dir32\file31
    C:\dir00\dir12\dir21\dir32\file32
    C:\dir00\dir12\dir21\dir32\file36
    C:\dir00\dir12\dir21\dir32\file37
    C:\dir00\dir12\dir21\dir32\file38
    C:\dir00\dir12\dir21\dir32\file43
    C:\dir00\dir12\dir21\dir32\file44
    C:\dir00\dir12\dir21\dir33\file31
    C:\dir00\dir12\dir22\dir33\file36
    C:\dir00\dir12\dir23\dir30\file38
    C:\dir00\dir13\dir20\dir31\file33
    C:\dir00\dir13\dir20\dir31\file37
    C:\dir00\dir13\dir20\dir31\file38
    C:\dir00\dir13\dir20\dir32\file34
    C:\dir00\dir13\dir20\dir32\file38
    C:\dir00\dir13\dir20\dir32\file40
    C:\dir00\dir13\dir21\dir30\file28
    C:\dir00\dir13\dir21\dir32\file36
    C:\dir00\dir13\dir21\dir33\file45
    C:\dir00\dir13\dir22\dir31\file31
    C:\dir00\dir13\dir22\dir31\file41
    C:\dir00\dir13\dir22\dir33\file50
    C:\dir00\dir13\dir23\dir30\file36
    C:\dir00\dir13\dir23\dir31\file32
    C:\dir00\dir13\dir23\dir31\file45
    C:\dir00\dir13\dir23\dir33\file47
    C:\dir01
    C:\dir01\dir10\dir20\dir30\file11
    C:\dir01\dir10\dir20\dir30\file23
    C:\dir01\dir10\dir20\dir30\file26
    C:\dir01\dir10\dir20\dir30\file27
    C:\dir01\dir10\dir20\dir30\file28
    C:\dir01\dir10\dir20\dir30\file29
    C:\dir01\dir10\dir20\dir30\file30
    C:\dir01\dir10\dir20\dir30\file31
    C:\dir01\dir10\dir20\dir30\file32
    C:\dir01\dir10\dir20\dir30\file33
    C:\dir01\dir10\dir20\dir30\file34
    C:\dir01\dir10\dir20\dir30\file35
    C:\dir01\dir10\dir20\dir30\file36
    C:\dir01\dir10\dir20\dir30\file37
    C:\dir01\dir10\dir20\dir30\file41
    C:\dir01\dir10\dir20\dir31\file24
    C:\dir01\dir10\dir20\dir31\file30
    C:\dir01\dir10\dir20\dir31\file33
    C:\dir01\dir10\dir20\dir31\file34
    C:\dir01\dir10\dir20\dir31\file36
    C:\dir01\dir10\dir20\dir31\file40
    C:\dir01\dir10\dir20\dir31\file47
    C:\dir01\dir10\dir20\dir32\file32
    C:\dir01\dir10\dir20\dir32\file35
    C:\dir01\dir10\dir20\dir32\file36
    C:\dir01\dir10\dir20\dir32\file39
    C:\dir01\dir10\dir20\dir32\file51
    C:\dir01\dir10\dir20\dir33\file29
    C:\dir01\dir10\dir20\dir33\file33
    C:\dir01\dir10\dir20\dir33\file35
    C:\dir01\dir10\dir20\dir33\file37
    C:\dir01\dir10\dir20\dir33\file38
    C:\dir01\dir10\dir20\dir33\file41
    C:\dir01\dir10\dir20\dir33\file48
    C:\dir01\dir10\dir21\dir30\file24
    C:\dir01\dir10\dir21\dir30\file25
    C:\dir01\dir10\dir21\dir30\file28
    C:\dir01\dir10\dir21\dir30\file30
    C:\dir01\dir10\dir21\dir30\file32
    C:\dir01\dir10\dir21\dir30\file33
    C:\dir01\dir10\dir21\dir31\file22
    C:\dir01\dir10\dir21\dir31\file31
    C:\dir01\dir10\dir21\dir31\file32
    C:\dir01\dir10\dir21\dir31\file34
    C:\dir01\dir10\dir21\dir31\file35
    C:\dir01\dir10\dir21\dir31\file37
    C:\dir01\dir10\dir21\dir31\file39
    C:\dir01\dir10\dir21\dir32\file28
    C:\dir01\dir10\dir21\dir32\file32
    C:\dir01\dir10\dir21\dir32\file34
    C:\dir01\dir10\dir21\dir32\file35
    C:\dir01\dir10\dir21\dir32\file37
    C:\dir01\dir10\dir21\dir32\file40
    C:\dir01\dir10\dir21\dir32\file45
    C:\dir01\dir10\dir21\dir33\file25
    C:\dir01\dir10\dir21\dir33\file31
    C:\dir01\dir10\dir21\dir33\file33
    C:\dir01\dir10\dir21\dir33\file41
    C:\dir01\dir10\dir21\dir33\file44
    C:\dir01\dir10\dir21\dir33\file47
    C:\dir01\dir10\dir21\dir33\file50
    C:\dir01\dir10\dir21\dir33\file51
    C:\dir01\dir10\dir22\dir30\file27
    C:\dir01\dir10\dir22\dir30\file31
    C:\dir01\dir10\dir22\dir30\file37
    C:\dir01\dir10\dir22\dir30\file38
    C:\dir01\dir10\dir22\dir30\file39
    C:\dir01\dir10\dir22\dir30\file41
    C:\dir01\dir10\dir22\dir30\file44
    C:\dir01\dir10\dir22\dir30\file45
    C:\dir01\dir10\dir22\dir31\file29
    C:\dir01\dir10\dir22\dir31\file39
    C:\dir01\dir10\dir22\dir31\file42
    C:\dir01\dir10\dir22\dir31\file44
    C:\dir01\dir10\dir22\dir31\file45
    C:\dir01\dir10\dir22\dir32\file32
    C:\dir01\dir10\dir22\dir32\file37
    C:\dir01\dir10\dir22\dir32\file38
    C:\dir01\dir10\dir22\dir32\file39
    C:\dir01\dir10\dir22\dir32\file41
    C:\dir01\dir10\dir22\dir32\file43
    C:\dir01\dir10\dir22\dir32\file45
    C:\dir01\dir10\dir22\dir32\file47
    C:\dir01\dir10\dir22\dir32\file52
    C:\dir01\dir10\dir22\dir33\file33
    C:\dir01\dir10\dir22\dir33\file39
    C:\dir01\dir10\dir22\dir33\file42
    C:\dir01\dir10\dir22\dir33\file45
    C:\dir01\dir10\dir23\dir30\file21
    C:\dir01\dir10\dir23\dir30\file26
    C:\dir01\dir10\dir23\dir30\file27
    C:\dir01\dir10\dir23\dir30\file30
    C:\dir01\dir10\dir23\dir30\file32
    C:\dir01\dir10\dir23\dir30\file34
    C:\dir01\dir10\dir23\dir30\file36
    C:\dir01\dir10\dir23\dir30\file39
    C:\dir01\dir10\dir23\dir31\file25
    C:\dir01\dir10\dir23\dir31\file27
    C:\dir01\dir10\dir23\dir31\file29
    C:\dir01\dir10\dir23\dir31\file32
    C:\dir01\dir10\dir23\dir31\file33
    C:\dir01\dir10\dir23\dir31\file34
    C:\dir01\dir10\dir23\dir31\file37
    C:\dir01\dir10\dir23\dir31\file40
    C:\dir01\dir10\dir23\dir31\file41
    C:\dir01\dir10\dir23\dir31\file42
    C:\dir01\dir10\dir23\dir31\file44
    C:\dir01\dir10\dir23\dir31\file45
    C:\dir01\dir10\dir23\dir32\file32
    C:\dir01\dir10\dir23\dir32\file36
    C:\dir01\dir10\dir23\dir32\file38
    C:\dir01\dir10\dir23\dir32\file40
    C:\dir01\dir10\dir23\dir32\file41
    C:\dir01\dir10\dir23\dir33\file27
    C:\dir01\dir10\dir23\dir33\file34
    C:\dir01\dir10\dir23\dir33\file38
    C:\dir01\dir10\dir23\dir33\file39
    C:\dir01\dir11\dir20\dir30\file26
    C:\dir01\dir11\dir20\dir30\file28
    C:\dir01\dir11\dir20\dir30\file29
    C:\dir01\dir11\dir20\dir30\file30
    C:\dir01\dir11\dir20\dir30\file34
    C:\dir01\dir11\dir20\dir30\file36
    C:\dir01\dir11\dir20\dir30\file41
    C:\dir01\dir11\dir20\dir31\file29
    C:\dir01\dir11\dir20\dir31\file31
    C:\dir01\dir11\dir20\dir31\file32
    C:\dir01\dir11\dir20\dir31\file34
    C:\dir01\dir11\dir20\dir31\file35
    C:\dir01\dir11\dir20\dir31\file36
    C:\dir01\dir11\dir20\dir31\file37
    C:\dir01\dir11\dir20\dir31\file38
    C:\dir01\dir11\dir20\dir31\file39
    C:\dir01\dir11\dir20\dir31\file40
    C:\dir01\dir11\dir20\dir32\file33
    C:\dir01\dir11\dir20\dir32\file42
    C:\dir01\dir11\dir20\dir32\file45
    C:\dir01\dir11\dir20\dir33\file37
    C:\dir01\dir11\dir20\dir33\file38
    C:\dir01\dir11\dir20\dir33\file40
    C:\dir01\dir11\dir20\dir33\file45
    C:\dir01\dir11\dir20\dir33\file46
    C:\dir01\dir11\dir21\dir30\file39
    C:\dir01\dir11\dir21\dir30\file42
    C:\dir01\dir11\dir21\dir31\file35
    C:\dir01\dir11\dir21\dir31\file48
    C:\dir01\dir11\dir21\dir32\file41
    C:\dir01\dir11\dir21\dir32\file48
    C:\dir01\dir11\dir21\dir33\file27
    C:\dir01\dir11\dir21\dir33\file31
    C:\dir01\dir11\dir21\dir33\file39
    C:\dir01\dir11\dir21\dir33\file54
    C:\dir01\dir11\dir22\dir30\file40
    C:\dir01\dir11\dir22\dir30\file45
    C:\dir01\dir11\dir22\dir31\file35
    C:\dir01\dir11\dir22\dir31\file38
    C:\dir01\dir11\dir22\dir31\file41
    C:\dir01\dir11\dir22\dir31\file42
    C:\dir01\dir11\dir22\dir31\file44
    C:\dir01\dir11\dir22\dir31\file46
    C:\dir01\dir11\dir22\dir33\file48
    C:\dir01\dir11\dir23\dir30\file18
    C:\dir01\dir11\dir23\dir30\file25
    C:\dir01\dir11\dir23\dir30\file26
    C:\dir01\dir11\dir23\dir30\file34
    C:\dir01\dir11\dir23\dir30\file38
    C:\dir01\dir11\dir23\dir30\file39
    C:\dir01\dir11\dir23\dir31\file21
    C:\dir01\dir11\dir23\dir31\file41
    C:\dir01\dir11\dir23\dir31\file43
    C:\dir01\dir11\dir23\dir31\file44
    C:\dir01\dir11\dir23\dir31\file56
    C:\dir01\dir11\dir23\dir33\file36
    C:\dir01\dir11\dir23\dir33\file38
    C:\dir01\dir11\dir23\dir33\file39
    C:\dir01\dir11\dir23\dir33\file40
    C:\dir01\dir13\dir23\dir33\file45
    C:\dir02
    C:\dir02\dir11\dir20\dir30\file22
    C:\dir02\dir11\dir21\dir30\file47
    C:\dir02\dir11\dir21\dir31\file28
    C:\dir02\dir11\dir21\dir31\file32
    C:\dir02\dir11\dir21\dir31\file35
    C:\dir02\dir11\dir21\dir31\file51
    C:\dir02\dir11\dir23\dir31\file31
    C:\dir02\dir11\dir23\dir31\file34
    C:\dir02\dir11\dir23\dir32\file33
    C:\dir02\dir11\dir23\dir32\file35
    C:\dir02\dir11\dir23\dir32\file39
    C:\dir02\dir11\dir23\dir32\file41
    C:\dir02\dir11\dir23\dir32\file42
    C:\dir02\dir11\dir23\dir33\file31
    C:\dir02\dir11\dir23\dir33\file34
    C:\dir02\dir11\dir23\dir33\file38
    C:\dir02\dir12\dir22\dir30\file43
    C:\dir02\dir12\dir23\dir30\file35
    C:\dir02\dir12\dir23\dir30\file39
    C:\dir02\dir13\dir20\dir33\file40
    C:\dir02\dir13\dir21\dir30\file35
    C:\dir03
    C:\dir03\dir10\dir20\dir30\file26
    C:\dir03\dir10\dir20\dir30\file28
    C:\dir03\dir10\dir20\dir30\file30
    C:\dir03\dir10\dir20\dir30\file32
    C:\dir03\dir10\dir20\dir30\file33
    C:\dir03\dir10\dir20\dir30\file34
    C:\dir03\dir10\dir20\dir31\file30
    C:\dir03\dir10\dir20\dir31\file31
    C:\dir03\dir10\dir20\dir31\file35
    C:\dir03\dir10\dir20\dir31\file36
    C:\dir03\dir10\dir20\dir31\file39
    C:\dir03\dir10\dir20\dir31\file41
    C:\dir03\dir10\dir20\dir31\file43
    C:\dir03\dir10\dir20\dir31\file44
    C:\dir03\dir10\dir20\dir31\file49
    C:\dir03\dir10\dir20\dir32\file29
    C:\dir03\dir10\dir20\dir32\file34
    C:\dir03\dir10\dir20\dir32\file35
    C:\dir03\dir10\dir20\dir32\file45
    C:\dir03\dir10\dir20\dir33\file36
    C:\dir03\dir10\dir20\dir33\file38
    C:\dir03\dir10\dir20\dir33\file39
    C:\dir03\dir10\dir20\dir33\file40
    C:\dir03\dir10\dir20\dir33\file42
    C:\dir03\dir10\dir20\dir33\file43
    C:\dir03\dir10\dir20\dir33\file44
    C:\dir03\dir10\dir20\dir33\file48
    C:\dir03\dir10\dir20\dir33\file49
    C:\dir03\dir10\dir20\dir33\file50
    C:\dir03\dir10\dir20\dir33\file51
    C:\dir03\dir10\dir20\dir33\file52
    C:\dir03\dir10\dir20\dir33\file53
    C:\dir03\dir10\dir21\dir30\file21
    C:\dir03\dir10\dir21\dir30\file22
    C:\dir03\dir10\dir21\dir30\file23
    C:\dir03\dir10\dir21\dir30\file24
    C:\dir03\dir10\dir21\dir30\file35
    C:\dir03\dir10\dir21\dir30\file37
    C:\dir03\dir10\dir21\dir30\file38
    C:\dir03\dir10\dir21\dir30\file39
    C:\dir03\dir10\dir21\dir30\file40
    C:\dir03\dir10\dir21\dir30\file41
    C:\dir03\dir10\dir21\dir31\file28
    C:\dir03\dir10\dir21\dir31\file29
    C:\dir03\dir10\dir21\dir31\file31
    C:\dir03\dir10\dir21\dir31\file32
    C:\dir03\dir10\dir21\dir31\file43
    C:\dir03\dir10\dir21\dir31\file48
    C:\dir03\dir10\dir21\dir33\file49
    C:\dir03\dir10\dir22\dir30\file28
    C:\dir03\dir10\dir22\dir30\file32
    C:\dir03\dir10\dir22\dir30\file34
    C:\dir03\dir10\dir22\dir30\file40
    C:\dir03\dir10\dir22\dir30\file47
    C:\dir03\dir10\dir22\dir31\file32
    C:\dir03\dir10\dir22\dir31\file33
    C:\dir03\dir10\dir22\dir31\file34
    C:\dir03\dir10\dir22\dir31\file40
    C:\dir03\dir10\dir22\dir31\file42
    C:\dir03\dir10\dir22\dir31\file43
    C:\dir03\dir10\dir22\dir32\file31
    C:\dir03\dir10\dir22\dir32\file35
    C:\dir03\dir10\dir22\dir32\file42
    C:\dir03\dir10\dir22\dir33\file38
    C:\dir03\dir10\dir22\dir33\file42
    C:\dir03\dir10\dir22\dir33\file44
    C:\dir03\dir10\dir23\dir31\file30
    C:\dir03\dir10\dir23\dir32\file37
    C:\dir03\dir10\dir23\dir33\file42
    C:\dir03\dir11\dir20\dir30\file28
    C:\dir03\dir11\dir20\dir30\file30
    C:\dir03\dir11\dir20\dir30\file31
    C:\dir03\dir11\dir20\dir30\file33
    C:\dir03\dir11\dir20\dir30\file34
    C:\dir03\dir11\dir20\dir30\file35
    C:\dir03\dir11\dir20\dir31\file30
    C:\dir03\dir11\dir20\dir31\file32
    C:\dir03\dir11\dir20\dir31\file36
    C:\dir03\dir11\dir20\dir31\file40
    C:\dir03\dir11\dir20\dir31\file48
    C:\dir03\dir11\dir20\dir31\file50
    C:\dir03\dir11\dir20\dir32\file20
    C:\dir03\dir11\dir20\dir32\file32
    C:\dir03\dir11\dir20\dir32\file33
    C:\dir03\dir11\dir20\dir32\file34
    C:\dir03\dir11\dir20\dir32\file35
    C:\dir03\dir11\dir20\dir33\file32
    C:\dir03\dir11\dir20\dir33\file36
    C:\dir03\dir11\dir20\dir33\file37
    C:\dir03\dir11\dir20\dir33\file40
    C:\dir03\dir11\dir21\dir30\file25
    C:\dir03\dir11\dir21\dir30\file26
    C:\dir03\dir11\dir21\dir30\file27
    C:\dir03\dir11\dir21\dir30\file29
    C:\dir03\dir11\dir21\dir30\file30
    C:\dir03\dir11\dir21\dir30\file31
    C:\dir03\dir11\dir21\dir30\file32
    C:\dir03\dir11\dir21\dir30\file33
    C:\dir03\dir11\dir21\dir30\file34
    C:\dir03\dir11\dir21\dir30\file36
    C:\dir03\dir11\dir21\dir30\file37
    C:\dir03\dir11\dir21\dir30\file38
    C:\dir03\dir11\dir21\dir30\file39
    C:\dir03\dir11\dir21\dir30\file40
    C:\dir03\dir11\dir21\dir30\file41
    C:\dir03\dir11\dir21\dir30\file43
    C:\dir03\dir11\dir21\dir31\file28
    C:\dir03\dir11\dir21\dir31\file29
    C:\dir03\dir11\dir21\dir31\file30
    C:\dir03\dir11\dir21\dir31\file31
    C:\dir03\dir11\dir21\dir31\file32
    C:\dir03\dir11\dir21\dir31\file34
    C:\dir03\dir11\dir21\dir31\file35
    C:\dir03\dir11\dir21\dir31\file36
    C:\dir03\dir11\dir21\dir31\file37
    C:\dir03\dir11\dir21\dir31\file38
    C:\dir03\dir11\dir21\dir31\file39
    C:\dir03\dir11\dir21\dir31\file40
    C:\dir03\dir11\dir21\dir31\file41
    C:\dir03\dir11\dir21\dir31\file42
    C:\dir03\dir11\dir21\dir32\file29
    C:\dir03\dir11\dir21\dir32\file30
    C:\dir03\dir11\dir21\dir32\file34
    C:\dir03\dir11\dir21\dir32\file35
    C:\dir03\dir11\dir21\dir32\file36
    C:\dir03\dir11\dir21\dir32\file37
    C:\dir03\dir11\dir21\dir32\file41
    C:\dir03\dir11\dir21\dir32\file42
    C:\dir03\dir11\dir21\dir32\file43
    C:\dir03\dir11\dir21\dir33\file26
    C:\dir03\dir11\dir21\dir33\file31
    C:\dir03\dir11\dir21\dir33\file32
    C:\dir03\dir11\dir22\dir30\file40
    C:\dir03\dir11\dir22\dir30\file41
    C:\dir03\dir11\dir22\dir30\file42
    C:\dir03\dir11\dir22\dir30\file43
    C:\dir03\dir11\dir22\dir30\file44
    C:\dir03\dir11\dir22\dir30\file45
    C:\dir03\dir11\dir22\dir30\file50
    C:\dir03\dir11\dir22\dir31\file29
    C:\dir03\dir11\dir22\dir31\file33
    C:\dir03\dir11\dir22\dir31\file37
    C:\dir03\dir11\dir22\dir31\file39
    C:\dir03\dir11\dir22\dir31\file42
    C:\dir03\dir11\dir22\dir31\file43
    C:\dir03\dir11\dir22\dir31\file45
    C:\dir03\dir11\dir22\dir31\file47
    C:\dir03\dir11\dir22\dir31\file50
    C:\dir03\dir11\dir22\dir31\file51
    C:\dir03\dir11\dir22\dir31\file53
    C:\dir03\dir11\dir22\dir31\file55
    C:\dir03\dir11\dir22\dir32\file32
    C:\dir03\dir11\dir22\dir32\file35
    C:\dir03\dir11\dir22\dir32\file36
    C:\dir03\dir11\dir22\dir32\file39
    C:\dir03\dir11\dir22\dir32\file43
    C:\dir03\dir11\dir22\dir32\file44
    C:\dir03\dir11\dir22\dir32\file45
    C:\dir03\dir11\dir22\dir32\file47
    C:\dir03\dir11\dir22\dir32\file48
    C:\dir03\dir11\dir22\dir32\file49
    C:\dir03\dir11\dir22\dir32\file50
    C:\dir03\dir11\dir22\dir33\file30
    C:\dir03\dir11\dir22\dir33\file35
    C:\dir03\dir11\dir22\dir33\file38
    C:\dir03\dir11\dir22\dir33\file42
    C:\dir03\dir11\dir22\dir33\file43
    C:\dir03\dir11\dir23\dir30\file30
    C:\dir03\dir11\dir23\dir30\file33
    C:\dir03\dir11\dir23\dir30\file35
    C:\dir03\dir11\dir23\dir30\file40
    C:\dir03\dir11\dir23\dir30\file41
    C:\dir03\dir11\dir23\dir31\file27
    C:\dir03\dir11\dir23\dir31\file30
    C:\dir03\dir11\dir23\dir31\file31
    C:\dir03\dir11\dir23\dir31\file36
    C:\dir03\dir11\dir23\dir31\file38
    C:\dir03\dir11\dir23\dir31\file39
    C:\dir03\dir11\dir23\dir31\file40
    C:\dir03\dir11\dir23\dir31\file41
    C:\dir03\dir11\dir23\dir31\file43
    C:\dir03\dir11\dir23\dir32\file31
    C:\dir03\dir11\dir23\dir32\file35
    C:\dir03\dir11\dir23\dir32\file36
    C:\dir03\dir11\dir23\dir32\file39
    C:\dir03\dir11\dir23\dir32\file41
    C:\dir03\dir11\dir23\dir32\file42
    C:\dir03\dir11\dir23\dir32\file44
    C:\dir03\dir11\dir23\dir32\file46
    C:\dir03\dir11\dir23\dir33\file41
    C:\dir03\dir11\dir23\dir33\file43
    C:\dir03\dir11\dir23\dir33\file45
    C:\dir03\dir12\dir20\dir30\file16
    C:\dir03\dir12\dir20\dir30\file18
    C:\dir03\dir12\dir20\dir30\file27
    C:\dir03\dir12\dir20\dir30\file30
    C:\dir03\dir12\dir20\dir30\file31
    C:\dir03\dir12\dir20\dir30\file39
    C:\dir03\dir12\dir20\dir31\file42
    C:\dir03\dir12\dir20\dir32\file41
    C:\dir03\dir12\dir21\dir30\file23
    C:\dir03\dir12\dir21\dir30\file24
    C:\dir03\dir12\dir21\dir30\file25
    C:\dir03\dir12\dir21\dir30\file26
    C:\dir03\dir12\dir21\dir30\file27
    C:\dir03\dir12\dir21\dir30\file28
    C:\dir03\dir12\dir21\dir30\file37
    C:\dir03\dir12\dir21\dir30\file38
    C:\dir03\dir12\dir21\dir30\file39
    C:\dir03\dir12\dir21\dir30\file40
    C:\dir03\dir12\dir21\dir30\file41
    C:\dir03\dir12\dir21\dir30\file42
    C:\dir03\dir12\dir21\dir30\file47
    C:\dir03\dir12\dir21\dir31\file25
    C:\dir03\dir12\dir21\dir31\file26
    C:\dir03\dir12\dir21\dir31\file27
    C:\dir03\dir12\dir21\dir31\file32
    C:\dir03\dir12\dir21\dir31\file38
    C:\dir03\dir12\dir21\dir31\file39
    C:\dir03\dir12\dir21\dir32\file49
    C:\dir03\dir12\dir21\dir33\file38
    C:\dir03\dir12\dir21\dir33\file40
    C:\dir03\dir12\dir21\dir33\file47
    C:\dir03\dir12\dir22\dir30\file30
    C:\dir03\dir12\dir22\dir30\file33
    C:\dir03\dir12\dir22\dir30\file34
    C:\dir03\dir12\dir22\dir30\file37
    C:\dir03\dir12\dir22\dir30\file39
    C:\dir03\dir12\dir22\dir30\file45
    C:\dir03\dir12\dir22\dir31\file33
    C:\dir03\dir12\dir22\dir31\file38
    C:\dir03\dir12\dir22\dir31\file40
    C:\dir03\dir12\dir22\dir31\file43
    C:\dir03\dir12\dir22\dir32\file34
    C:\dir03\dir12\dir22\dir32\file36
    C:\dir03\dir12\dir22\dir32\file37
    C:\dir03\dir12\dir22\dir32\file45
    C:\dir03\dir12\dir22\dir32\file50
    C:\dir03\dir12\dir22\dir33\file34
    C:\dir03\dir12\dir23\dir30\file20
    C:\dir03\dir12\dir23\dir30\file24
    C:\dir03\dir12\dir23\dir30\file30
    C:\dir03\dir12\dir23\dir30\file36
    C:\dir03\dir12\dir23\dir30\file37
    C:\dir03\dir12\dir23\dir30\file38
    C:\dir03\dir12\dir23\dir30\file39
    C:\dir03\dir12\dir23\dir30\file42
    C:\dir03\dir12\dir23\dir31\file31
    C:\dir03\dir12\dir23\dir31\file32
    C:\dir03\dir12\dir23\dir31\file45
    C:\dir03\dir12\dir23\dir31\file49
    C:\dir03\dir12\dir23\dir31\file51
    C:\dir03\dir12\dir23\dir32\file37
    C:\dir03\dir12\dir23\dir33\file35
    C:\dir03\dir12\dir23\dir33\file36
    C:\dir03\dir13\dir20\dir30\file27
    C:\dir03\dir13\dir20\dir30\file33
    C:\dir03\dir13\dir21\dir30\file29
    C:\dir03\dir13\dir21\dir30\file32
    C:\dir03\dir13\dir21\dir30\file33
    C:\dir03\dir13\dir21\dir32\file42
    C:\dir03\dir13\dir22\dir30\file28
    C:\dir03\dir13\dir22\dir30\file32
    C:\dir03\dir13\dir22\dir30\file35
    C:\dir03\dir13\dir22\dir30\file37
    C:\dir03\dir13\dir22\dir30\file43
    C:\dir03\dir13\dir22\dir30\file45
    C:\dir03\dir13\dir22\dir31\file36
    C:\dir03\dir13\dir22\dir32\file29
    C:\dir03\dir13\dir22\dir32\file34
    C:\dir03\dir13\dir22\dir32\file39
    C:\dir03\dir13\dir22\dir32\file42
    C:\dir03\dir13\dir22\dir33\file32
    C:\dir03\dir13\dir22\dir33\file33
    C:\dir03\dir13\dir22\dir33\file34
    C:\dir03\dir13\dir22\dir33\file37
    C:\dir03\dir13\dir22\dir33\file39
    C:\dir03\dir13\dir22\dir33\file40
    C:\dir03\dir13\dir22\dir33\file41
    C:\dir03\dir13\dir23\dir30\file33
    C:\dir03\dir13\dir23\dir30\file34
    C:\dir03\dir13\dir23\dir30\file35
    C:\dir03\dir13\dir23\dir30\file36
    C:\dir03\dir13\dir23\dir30\file38
    C:\dir03\dir13\dir23\dir30\file39
    C:\dir03\dir13\dir23\dir30\file40
    C:\dir03\dir13\dir23\dir30\file50
    C:\dir03\dir13\dir23\dir31\file40
    C:\dir03\dir13\dir23\dir31\file41
    C:\dir03\dir13\dir23\dir31\file42
    C:\dir03\dir13\dir23\dir32\file31
    C:\dir03\dir13\dir23\dir32\file40
    C:\dir03\dir13\dir23\dir33\file29
    C:\WINDOWS\system32\drivers\mlaayxnkebfx.sys
    C:\WINDOWS\system32\system\

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MLAAYXNKEBFX
    -------\Service_mlaayxnkebfx


    ((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
    .

    2008-09-15 20:22 . 2008-09-15 20:22 <DIR> d-------- C:\dir01
    2008-09-13 17:18 . 2008-09-14 15:04 250 --a------ C:\WINDOWS\gmer.ini
    2008-09-10 23:32 . 2008-09-10 23:33 <DIR> d-------- C:\rsit
    2008-09-10 05:55 . 2008-09-10 05:55 50 --a------ C:\WINDOWS\MegaManager.INI
    2008-09-10 01:42 . 2008-09-10 01:42 <DIR> d-------- C:\Program Files\Gravity
    2008-09-08 21:34 . 2008-09-08 21:34 42,379 --a------ C:\WINDOWS\convfac.ini
    2008-09-08 21:34 . 2008-09-08 21:34 14,775 --a------ C:\WINDOWS\convit.ini
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Program Files\MegauploadToolbar
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\MegauploadToolbar
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\Megaupload
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-09-08 20:21 . 2008-09-08 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-09-03 21:14 . 2008-09-03 21:14 <DIR> d-------- C:\Program Files\Avira
    2008-09-03 21:14 . 2008-09-04 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53 . 2008-09-15 20:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-03 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 20:53 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-03 20:53 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-03 00:33 . 2008-09-03 00:33 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-02 23:39 . 2008-09-02 23:39 <DIR> d-------- C:\Program Files\Recuva
    2008-09-02 09:38 . 2008-09-10 05:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-02 09:38 . 2008-09-02 09:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-26 02:35 . 2008-08-26 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Program Files\AskSBar
    2008-08-16 19:09 . 2008-08-16 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-15 12:26 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Free Download Manager
    2008-09-15 09:18 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Azureus
    2008-09-10 09:53 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
    2008-09-09 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-05 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-04 09:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-02 21:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-28 05:03 --------- d-----w C:\Program Files\Opera
    2008-08-16 11:09 --------- d-----w C:\Program Files\Azureus
    2008-08-12 10:53 --------- d-----w C:\Program Files\Winamp
    2008-07-28 15:47 --------- d-----w C:\Program Files\TVUPlayer
    2008-07-22 10:07 --------- d-----w C:\Program Files\Java
    2008-07-19 08:22 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Skype
    2008-04-15 12:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2004-10-01 07:00 40,960 ---ha-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-11_20.42.23.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 12:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-09-13 09:18:13 884,736 ----a-w C:\WINDOWS\gmer.dll
    + 2008-04-17 13:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
    + 2008-09-13 09:18:13 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
    2008-08-05 04:44 1947080 --a------ C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-C39E-35F1D2A32EC8} "= "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-05 1947080]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
    [HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "Free Download Manager "= "C:\Program Files\Free Download Manager\fdm.exe" [2007-08-31 2437167]
    "Free Upload Manager "= "C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 253952]
    "Free Uploader Oe Integration "= "C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "MSMSGS "= "C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-14 1694208]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE" [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 7618560]
    "LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
    "RAMDrive "= "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
    "VirtualDrive "= "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-03-08 98304]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
    "avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
    "nwiz "= "nwiz.exe" [2006-07-25 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "NvMCTray.dll" [2006-07-25 C:\WINDOWS\system32\nvmctray.dll]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12 "= yv12vfw.dll
    "msacm.ac3filter "= ac3filter.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Azureus\\Azureus.exe "=
    "C:\\hIRC2.2\\mirc.exe "=
    "C:\\Valve\\Condition Zero\\czero.exe "=
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13461:TCP "= 13461:TCP:NortonAV
    "12656:TCP "= 12656:TCP:NortonAV
    "17862:TCP "= 17862:TCP:NortonAV
    "17484:TCP "= 17484:TCP:NortonAV
    "14688:TCP "= 14688:TCP:NortonAV
    "4266:UDP "= 4266:UDP:Windows Media Format SDK (Opera.exe)
    "4267:UDP "= 4267:UDP:Windows Media Format SDK (Opera.exe)
    "4270:UDP "= 4270:UDP:Windows Media Format SDK (Opera.exe)

    R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec50bf6-83f8-11dc-a964-000fea56435f}]
    \Shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    \Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4685dd-726e-11db-8b58-4c0010522dba}]
    \Shell\AutoRun\command - G:\autorun.exe
    \Shell\readit\command - notepad readme.doc
    .
    Contents of the 'Scheduled Tasks' folder
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-15 20:24:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-15 20:29:24 - machine was rebooted [Bayang]
    ComboFix-quarantined-files.txt 2008-09-15 12:29:17
    ComboFix2.txt 2008-09-11 13:06:55
    ComboFix3.txt 2008-09-11 12:42:44
    ComboFix4.txt 2008-09-07 08:07:51

    Pre-Run: 3,594,432,512 bytes free
    Post-Run: 3,490,340,864 bytes free

    919 --- E O F --- 2008-09-10 19:02:31
     
  19. 2008/09/15
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.28
    Database version: 1154
    Windows 5.1.2600 Service Pack 2

    9/15/2008 9:06:51 PM
    mbam-log-2008-09-15 (21-06-51).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 118682
    Time elapsed: 29 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------------------------------------------------------


    Logfile of random's system information tool (written by random/random)
    Run by Bayang at 2008-09-15 21:23:52
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (3%) free of 100 GB
    Total RAM: 2046 MB (75% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:01 PM, on 9/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
    C:\Program Files\FarStone\VirtualDrive\VDTask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Bayang\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Bayang.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe "
    O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Upload Manager] C:\Program Files\Free Download Manager\fum\fum.exe -autorun
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1CAA.tmp" /EF "HKCU "
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76C937BC-70FE-401D-91BF-48DD00A4981E}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9493 bytes

    Scheduled tasks folder

    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
    C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
    C:\WINDOWS\tasks\Uniblue SpyEraser.job

    Registry dump

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
    Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-05 1947080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-07-25 7618560]
    "nwiz "=C:\WINDOWS\system32\nwiz.exe [2006-07-25 1519616]
    "LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
    "LogitechVideoRepair "=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
    "LogitechVideoTray "=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
    "ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
    "NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
    "HPDJ Taskbar Utility "=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-23 176128]
    "RAMDrive "=C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe [2004-09-22 36864]
    "VirtualDrive "=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2004-09-30 139264]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-03-08 98304]
    "HP Component Manager "=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
    "NvMediaCenter "=C:\WINDOWS\system32\NvMCTray.dll [2006-07-25 86016]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
    "WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
    "avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
    "LogitechSoftwareUpdate "=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
    "Free Download Manager "=C:\Program Files\Free Download Manager\fdm.exe [2007-08-31 2437167]
    "Free Upload Manager "=C:\Program Files\Free Download Manager\fum\fum.exe [2007-07-29 253952]
    "Free Uploader Oe Integration "=C:\Program Files\Free Download Manager\FUM\fumoei.exe [2007-06-10 40960]
    "SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
    "MSMSGS "=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2004-10-14 1694208]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-07 15360]
    "EPSON Stylus CX5500 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE [2007-01-25 179200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
    "C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
    "C:\hIRC2.2\mirc.exe "= "C:\hIRC2.2\mirc.exe:*:Enabled:mIRC "
    "C:\Valve\Condition Zero\czero.exe "= "C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher "
    "C:\Program Files\TVUPlayer\TVUPlayer.exe "= "C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec50bf6-83f8-11dc-a964-000fea56435f}]
    shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
    shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4685dd-726e-11db-8b58-4c0010522dba}]
    shell\AutoRun\command - G:\autorun.exe
    shell\readit\command - notepad readme.doc


    List of files/folders created in the last three months

    2008-09-15 21:17:58 ----D---- C:\dir00
    2008-09-15 21:17:53 ----D---- C:\dir02
    2008-09-15 21:17:49 ----D---- C:\dir03
    2008-09-15 20:30:36 ----SHD---- C:\RECYCLER
    2008-09-15 20:29:27 ----D---- C:\WINDOWS\temp
    2008-09-15 20:29:25 ----A---- C:\ComboFix.txt
    2008-09-15 20:22:12 ----D---- C:\dir01
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\zip.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\VFind.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\swxcacls.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\swsc.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\swreg.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\sed.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\Nircmd.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\grep.exe
    2008-09-15 20:18:41 ----A---- C:\WINDOWS\fdsv.exe
    2008-09-13 17:18:16 ----A---- C:\WINDOWS\gmer.ini
    2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.exe
    2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.dll
    2008-09-11 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-11 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-09-10 23:32:47 ----D---- C:\rsit
    2008-09-10 05:55:25 ----A---- C:\WINDOWS\MegaManager.INI
    2008-09-10 01:42:23 ----D---- C:\Program Files\Gravity
    2008-09-09 20:45:58 ----RASHD---- C:\autorun.inf
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convit.ini
    2008-09-08 21:34:27 ----A---- C:\WINDOWS\convfac.ini
    2008-09-08 20:21:49 ----D---- C:\Documents and Settings\Bayang\Application Data\Megaupload
    2008-09-08 20:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
    2008-09-08 20:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
    2008-09-08 20:21:27 ----D---- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
    2008-09-08 20:21:26 ----D---- C:\Program Files\MegauploadToolbar
    2008-09-08 20:21:26 ----D---- C:\Documents and Settings\Bayang\Application Data\MegauploadToolbar
    2008-09-07 21:16:28 ----A---- C:\WINDOWS\system32\avsda.dll
    2008-09-07 15:50:57 ----D---- C:\QooBox
    2008-09-04 20:03:01 ----D---- C:\WINDOWS\erdnt
    2008-09-03 21:14:05 ----D---- C:\Program Files\Avira
    2008-09-03 21:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-03 20:53:24 ----D---- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
    2008-09-03 20:53:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-03 20:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-03 00:33:44 ----D---- C:\Program Files\Trend Micro
    2008-09-02 23:39:50 ----D---- C:\Program Files\Recuva
    2008-08-26 02:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-08-16 19:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-16 19:09:08 ----D---- C:\Program Files\AskSBar
    2008-08-15 22:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 22:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 22:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 22:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 22:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 22:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-12 20:13:16 ----D---- C:\Program Files\Sibelius Software
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\java.exe
    2008-07-20 19:50:44 ----D---- C:\Westwood
    2008-07-13 20:48:25 ----D---- C:\Program Files\AC3Filter
    2008-07-13 20:44:46 ----D---- C:\Program Files\AC3File
    2008-07-11 00:28:11 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
    2008-07-10 01:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-06-20 14:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-06-16 18:16:11 ----D---- C:\Movie
    2008-06-16 01:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-06-16 01:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-06-16 01:42:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2008-06-16 01:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-06-16 01:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

    List of drivers

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-07 36096]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System [2007-12-06 72]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys []
    R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2003-08-07 10899]
    R3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
    R3 FVDSCSI;FVDSCSI; C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-25 3925920]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-07 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 awlc1ov7;awlc1ov7; C:\WINDOWS\system32\drivers\awlc1ov7.sys []
    S3 az2wq17i;az2wq17i; C:\WINDOWS\system32\drivers\az2wq17i.sys []
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-13 85969]
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    List of services

    R2 AntiVirScheduler;Avira AntiVir Premium Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2008-06-12 68865]
    R2 AntiVirService;Avira AntiVir Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2008-08-07 149761]
    R2 AVEService;Avira AntiVir Premium MailGuard helper service; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-25 155715]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-07 14336]

    -----------------EOF-----------------
     
  20. 2008/09/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Persistent boogers! :mad: Please right click on C:\Dir01 and select Send To>Compressed (zipped) Folder. It will create a file named Dir01.zip located right there in C:
    Go to my submission channel and click Browse, navigate to and select the Dir01.zip file, then click Send File.
    Wait for it to tell you the file has been received before closing the window.

    You have two files on your system, that from what I can tell, are related to an application named Angle Conversions (Convert-it). Does that sound familiar to you? If not, please upload those files to my submission channel for analysis as well. They are located at;

    C:\WINDOWS\convfac.ini
    C:\WINDOWS\convit.ini
     
  21. 2008/09/16
    bayang

    bayang Inactive Thread Starter

    Joined:
    2008/09/07
    Messages:
    120
    Likes Received:
    0
    i'll never use that application...i never heard that and i already sent the zip files to your channel...something weird rite??...anyway...tq noah for your help..n i hope u can help me...
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.