Active Dir00,dir001,dir003

netui1.dll is OK and the found references to dir0 are legitimate.

FYI

We do not approve of nor support illegal software. Cracked software is not only unethical, it's a good way to get your machine infected. Malware and virus authors love to spread their infections via cracks. I recommend you cease this activity and get rid of any cracked software. Furthermore, P2P file sharing in itself is a security risk. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to infections. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


Lets see if we can capture the process that's causing those folders to regenerate. First you need to download a couple of utilities from Sysinternals, save them to the root of the drive (right in Local Disk C: ), then extract them there.

Filemon
Regmon

Now shut down as many running programs and processes as you can, open both programs and delete the Dir0? folders, then press F5 to refresh until any one of the Dir0? folders reappears. Once recreated, click File>Save in both Filemon and Regmon to save the logs. Upload both those logs to my submission channel. Please try to do the folder deletion/refresh/savelog operation(s) as quickly as possible after starting the Filemon and Regmon apps to help keep the log size to a minimum.

 

herm...i never used that program....i think my friend using my computer to download the software...btw i already delete the torrent...n tq 4 ur info....

 

hey noah...read this plz.....

Malware Submission
There was a problem with your submission. Please Contact Us and let us know the name of the file, the size of the file, and the error code given below.

Error 2: The filesize of your file exceeds our allowed maximum of 3MB.


by the way....this is the fast save log ....so how can i send this log?? any idea??

 

Zip them up and send them to me by email. Use RE: smitRem in the subject line.

 

Believe it or not, from what I can make sense of in the Filemon log, it appears that opera.exe is resposible for the creation of those folders. Did you have Opera open when you created the log? It sure was a running process.

Any chance you'd be willing to uninstall Opera, delete the dir0? folders then immediately empty the recycle bin to see if they are again created?

 

wait....actually...when the 1st time i follow ur instruction...the DIR Folder not appear ...so i stop the filemon n regmon application...suddenly that folder regenerate again...n then i try for the 2nd times....i run filemon n regmon again...i press F5 several times...they not appear...i try open Notepad...it's regenerate agains...so...i stop the application n try the same thing for the 3rd n 4th times...for the 3rd times...i run filemon n regmon...i press F5 several times...no action....n then i open winAMP....it's regenerate agains....for the 4th times...i open Opera...it's still regenerate....if i run filemon n regmon only...the folder no regenerate n appear....but if i run any progam when filemon n regmon still active...the folder will appear...i hope u understand...

 

That is a very interesting observation, and a good one! Forget removing Opera. We're going to go another route.

Download this zip.

• Unzip it to the desktop. It will not work if you run it from inside the zip.
• After unzipping open the pv folder.
• Double click on the runme.bat. A dos window will open.
• Select option 1 for explorer dlls by typing 1 and then pressing enter.
• Notepad will open with a log in it. Copy and paste the log into this topic.
• Then run option 2 for IE dlls, and post it's log too.

They're usually pretty large and will likely take more than one post.


Next, Open C:\Windows and look for ntbtlog.txt or ntbootlog.txt
If present, delete it.
Now restart the computer and begin tapping the F8 key to enable the Advanced Startup Menu
Select Enable bootlogging
Once logged on, locate the ntbtlog.txt (ntbootlog.txt) file and upload it to my submission channel

 

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) Windows Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3173 (xpsp_sp2_gdr.070709-0051) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) Shell Browser UI Library
GDI32.dll 77f10000 290816 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3316 (xpsp_sp2_gdr.080219-1316) GDI Client DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266
SHDOCVW.dll 7e290000 1503232 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) Net Win32 API DLL
WININET.dll 78050000 851968 C:\WINDOWS\system32\WININET.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 78000000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16705 (vista_gdr.080618-1506) Run time utility for Internet Explorer
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
actxprxy.dll 71d40000 114688 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
ieframe.dll 42ef0000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Explorer
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
urlmon.dll 78130000 1208320 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16705 (vista_gdr.080618-1506) OLE32 Extensions for Win32
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
NETSHELL.dll 76400000 1728512 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Connections Shell
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 42e40000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.16705 (vista_gdr.080618-1506) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows HTTP Services
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) My Documents Folder UI
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.3319 (xpsp_sp2_gdr.080222-1435) MSCTF Server DLL
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
NeroDigitalExt.dll 10000000 1806336 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll 2, 0, 0, 8 Nero Digital Shell Extension
MFC71.DLL 7c140000 1060864 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL 7.10.3077.0 MFCDLL Shared Library - Retail Version
MSVCR71.dll 7c340000 352256 C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
MSVCP71.dll 7c3a0000 503808 C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll 7.10.3077.0 Microsoft® C++ Runtime Library
MFC71ENU.DLL 5d360000 57344 C:\WINDOWS\system32\MFC71ENU.DLL 7.10.3077.0 MFC Language Specific Resources
PDFShell.dll 1270000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 8.1.0.0 PDF Shell Extension
MSVCR80.dll 2280000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 8.00.50727.1433 Microsoft® C Runtime Library
nvcpl.dll 2810000 7700480 C:\WINDOWS\system32\nvcpl.dll 6.14.10.9131 NVIDIA Display Properties Extension
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
nvshell.dll 12d0000 471040 C:\WINDOWS\system32\nvshell.dll
WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
fumshext.dll 13c0000 90112 C:\Program Files\Free Download Manager\FUM\fumshext.dll
vgdshell.dll 13e0000 81920 C:\WINDOWS\system32\vgdshell.dll 1,7, 0, 0 VDShell Module
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
VGDShlRc.dll 11c0000 45056 C:\WINDOWS\system32\VGDShlRc.dll 1,7, 0, 0 VDShell Module
BurnInterFace.dll 1400000 53248 C:\Program Files\FarStone\VirtualDrive\BurnInterFace.dll 1, 0, 0, 1 BurnInterFace DLL
EPPShell.dll 1640000 77824 C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll 1, 1, 0, 0
7-zip.dll 1a50000 77824 C:\Program Files\7-Zip\7-zip.dll 4.57 7-Zip Shell Extension
NBShell.dll 1a70000 81920 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll 2, 2, 10, 0 Nero BackItUp
MFC71U.DLL 3070000 1056768 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL 7.10.3077.0 MFCDLL Shared Library - Retail Version
rarext.dll 3180000 176128 C:\Program Files\WinRAR\rarext.dll
shlext.dll 35b0000 73728 C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll 7.00.00.15 ShlExt.dll
mbamext.dll 35d0000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 1, 0, 0 Malwarebytes' Anti-Malware
VDExt900.dll 1620000 73728 C:\Program Files\FarStone\VirtualDrive\VDExt900.dll 1, 0, 0, 1 VDExtend DLL
browselc.dll 3640000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
AcroIEHelper.dll 3660000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.0.0.2006102200 Adobe PDF Helper for Internet Explorer
SDHelper.dll 36c0000 1601536 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1, 6, 0, 12 SBSD IE Protection
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
faultrep.dll 69450000 90112 C:\WINDOWS\system32\faultrep.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Error Reporting
olepro32.dll 5edd0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.2180
jsproxy.dll 42b80000 40960 C:\WINDOWS\system32\jsproxy.dll 7.00.6000.16705 (vista_gdr.080618-1506) JScript Proxy Auto-Configuration
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414) Fusion 2.5
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
asfsipc.dll 41f00000 28672 C:\WINDOWS\system32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\system32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows Script Host
MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub

 

Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 634880 C:\Program Files\Internet Explorer\IEXPLORE.EXE 7.00.6000.16705 (vista_gdr.080618-1506) Internet Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3173 (xpsp_sp2_gdr.070709-0051) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
GDI32.dll 77f10000 290816 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3316 (xpsp_sp2_gdr.080219-1316) GDI Client DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) Shell Light-weight Utility Library
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) Windows Shell Common Dll
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
urlmon.dll 78130000 1208320 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16705 (vista_gdr.080618-1506) OLE32 Extensions for Win32
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266
iertutil.dll 78000000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16705 (vista_gdr.080618-1506) Run time utility for Internet Explorer
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
IEFRAME.dll 42ef0000 6082560 C:\WINDOWS\system32\IEFRAME.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Explorer
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.3319 (xpsp_sp2_gdr.080222-1435) MSCTF Server DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Text Frame Work Service IME
IEUI.dll 5dff0000 192512 C:\WINDOWS\system32\IEUI.dll 7.00.5730.11 (winmain(wmbla).061017-1135) Internet Explorer UI Engine
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
gdiplus.dll 4ec50000 1728512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\gdiplus.dll 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302) Microsoft GDI+
xmllite.dll 47060000 135168 C:\WINDOWS\system32\xmllite.dll 1.00.1018.0 Microsoft XmlLite Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
msimtf.dll 746f0000 172032 C:\WINDOWS\system32\msimtf.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
ieproxy.dll 61930000 303104 C:\Program Files\Internet Explorer\ieproxy.dll 7.00.5730.11 (winmain(wmbla).061017-1135) IE ActiveX Interface Marshaling Library
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414) Fusion 2.5
WININET.dll 78050000 851968 C:\WINDOWS\system32\WININET.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Extensions for Win32
Normaliz.dll 1480000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
ws2_32.dll 71ab0000 94208 C:\WINDOWS\system32\ws2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
yt.dll 62900000 892928 C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll 2007, 11, 20, 1 Yahoo! Toolbar
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
imagehlp.dll 76c90000 163840 C:\WINDOWS\system32\imagehlp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
snmpapi.dll 71f60000 32768 C:\WINDOWS\system32\snmpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SNMP Utility Library
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) Net Win32 API DLL
AcroIEHelper.dll 10000000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.0.0.2006102200 Adobe PDF Helper for Internet Explorer
MSVCR80.dll 22a0000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 8.00.50727.1433 Microsoft® C Runtime Library
SDHelper.dll 2350000 1601536 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1, 6, 0, 12 SBSD IE Protection
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
faultrep.dll 69450000 90112 C:\WINDOWS\system32\faultrep.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Error Reporting
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
olepro32.dll 5edd0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.2180
jsproxy.dll 42b80000 40960 C:\WINDOWS\system32\jsproxy.dll 7.00.6000.16705 (vista_gdr.080618-1506) JScript Proxy Auto-Configuration
iefdm2.dll 2770000 94208 C:\Program Files\Free Download Manager\iefdm2.dll
mwtsp.dll 2950000 352256 C:\WINDOWS\system32\mwtsp.dll 926, 0, 0, 0 MWL - Transport Service Provider (TSP)
SPORDER.dll 6c5f0000 1167360 C:\WINDOWS\system32\SPORDER.dll 5.00.1641.1 WinSock2 reorder service providers
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
YTBM.dll 63000000 356352 C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTBM.dll 2007, 11, 12, 1 Yahoo! Toolbar Bookmarks Module
MPRAPI.dll 76d40000 98304 C:\WINDOWS\system32\MPRAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MP Router Administration DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) Remote Access AutoDial Helper
YCAPlugin.dll 2c70000 126976 C:\Program Files\Yahoo!\Companion\Installs\cpn3\YCAPlugin.dll 1.0.0.1 TODO: <File description>
mwnsp.dll 30b0000 131072 C:\WINDOWS\system32\mwnsp.dll 926, 0, 0, 0 MWL - Namespace Service Provider (NSP)
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) DNS Client API DLL
asycfilt.dll 708f0000 77824 C:\WINDOWS\system32\asycfilt.dll 5.1.2600.2180
actxprxy.dll 71d40000 114688 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
mshtml.dll 435d0000 3620864 C:\WINDOWS\system32\mshtml.dll 7.00.6000.16705 (vista_gdr.080618-1506) Microsoft (R) HTML Viewer
msls31.dll 746c0000 167936 C:\WINDOWS\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
ieapfltr.dll 43560000 393216 C:\WINDOWS\system32\ieapfltr.dll 7.0.6000.16461 Microsoft Phishing Filter
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
schannel.dll 767f0000 159744 C:\WINDOWS\system32\schannel.dll 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) TLS / SSL Security Provider
jscript.dll 63380000 491520 C:\WINDOWS\system32\jscript.dll 5.7.0.5730 Microsoft (R) JScript
Flash9f.ocx 30000000 3862528 C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx 9,0,124,0 Adobe Flash Player 9.0 r124
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
dssenh.dll 68100000 147456 C:\WINDOWS\system32\dssenh.dll 5.1.2600.2133 (xpsp.040514-1639) Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
iepeers.dll 58760000 204800 C:\WINDOWS\system32\iepeers.dll 7.00.5730.11 (winmain(wmbla).061017-1135) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
SwSupport.dll 69000000 57344 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll 10.1.4r20 Director Support
ddrawex.dll 6d430000 40960 C:\WINDOWS\system32\ddrawex.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Direct Draw Ex
DDRAW.dll 73760000 299008 C:\WINDOWS\system32\DDRAW.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\system32\DCIMAN32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DCI Manager
mshtmled.dll 42b90000 487424 C:\WINDOWS\system32\mshtmled.dll 7.00.6000.16705 (vista_gdr.080618-1506) Microsoft® HTML Editing Component
Dxtrans.dll 420c0000 233472 C:\WINDOWS\system32\Dxtrans.dll 7.00.6000.16705 (vista_gdr.080618-1506) DirectX Media -- DirectX Transform Core
Dxtmsft.dll 42010000 356352 C:\WINDOWS\system32\Dxtmsft.dll 7.00.6000.16705 (vista_gdr.080618-1506) DirectX Media -- Image DirectX Transforms
IMGUTIL.DLL 1b000000 49152 C:\WINDOWS\system32\IMGUTIL.DLL 7.00.5730.11 (winmain(wmbla).061017-1135) IE plugin image decoder support DLL
pngfilt.dll 41e30000 57344 C:\WINDOWS\system32\pngfilt.dll 7.00.6000.16705 (vista_gdr.080618-1506) IE PNG plugin image decoder

 

ok noah...i already sent the ntbtlog.txt to your channel...

 

Please open HijackThis to the Misc Tools section.
Select Open Ads Spy from the System Tools list.
Check only the box labeled Ignore safe system info streams then click Scan.
When the scan completes select Save Log if anything is reported, then post the log here.


Did you notice the appearance of these folders around the time you installed Alcohol, or Virtual Drive, or soon there-after?

 

C:\Documents and Settings\All Users\Application Data\TEMP : 0CE7F3C9 (158 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 0CE7F3C9 (158 bytes)
C:\Documents and Settings\Bayang\Favorites\Liverpoolfc.tv Official Web Site.url : favicon (1406 bytes)
C:\Documents and Settings\Bayang\Favorites\Maybank2u.com - Pembayaran Bil...url : favicon (766 bytes)
C:\Documents and Settings\Bayang\Favorites\Selangor Football Club.url : favicon (1334 bytes)

i don't remember...but i think maybe yes....because normally after i formatted my pc...i install all the software n application together...maybe one of the application affect my pc...

 

Well I sure haven't found anything else that would cause those folders to re-generate. Care to uninstall them to test?

 

ok i'll try 1st...n then i tell to you....

 

hye noah....i want to tell you....it's not working after i uninstall VirtualCD...n i uninstall 2 application.... 7-Zip, Mp3Maker...maybe it will help coz i think this is application that i installed after i format my pc 2-3 years ago...hermm...any solution?...you want me to uninstall 1 by 1 software/application that you think its related...??

 

Sorry for the delayed response ...... I've been very busy.

Remove Alcohol and VirtualCD then reboot. Create a new RSIT log after reboot so I can verify the services were removed. Then we'll see if the folders get recreated.

Would be great if you want to try removing apps 1 by 1. My next suspect would be Real.

 

it's ok noah...take ur time..no need to rush...

Logfile of random's system information tool 1.02 (written by random/random)
Run by Bayang at 2008-10-12 19:42:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 47 GB (47%) free of 100 GB
Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:31 PM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Bayang\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bayang.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] C:\Program Files\Free Download Manager\fum\fum.exe -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1CAA.tmp" /EF "HKCU "
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{76C937BC-70FE-401D-91BF-48DD00A4981E}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9063 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-07-25 7618560]
"nwiz "=nwiz.exe /install []
"LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair "=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray "=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPDJ Taskbar Utility "=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-23 176128]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-03-08 98304]
"HP Component Manager "=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"NvMediaCenter "=C:\WINDOWS\system32\NvMCTray.dll [2006-07-25 86016]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate "=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"Free Download Manager "=C:\Program Files\Free Download Manager\fdm.exe [2007-08-31 2437167]
"Free Upload Manager "=C:\Program Files\Free Download Manager\fum\fum.exe [2007-07-29 253952]
"Free Uploader Oe Integration "=C:\Program Files\Free Download Manager\FUM\fumoei.exe [2007-06-10 40960]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MSMSGS "=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2004-10-14 1694208]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-07 15360]
"EPSON Stylus CX5500 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE [2007-01-25 179200]
"Messenger (Yahoo!) "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"Yahoo! Pager "=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=36
"NoDrives "=0
"NoDriveAutoRun "=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\hIRC2.2\mirc.exe "= "C:\hIRC2.2\mirc.exe:*:Enabled:mIRC "
"C:\Valve\Condition Zero\czero.exe "= "C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher "
"C:\Program Files\TVUPlayer\TVUPlayer.exe "= "C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\WINDOWS\system32\ftp.exe "= "C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Protocol "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05be8a0c-7a86-11dd-b8be-001d7d7daed6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196c69b6-6fa0-11dd-b8b7-001d7d7daed6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
shell\Explore\command - Flash.10.Setup.exe
shell\Open\command - Flash.10.Setup.exe
shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab651b7-92fa-11dd-b8dc-001d7d7daed6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe


======List of files/folders created in the last 3 months======

2008-10-12 19:38:40 ----D---- C:\dir00
2008-10-12 19:37:59 ----D---- C:\dir02
2008-10-12 19:37:17 ----D---- C:\dir03
2008-10-12 19:37:17 ----D---- C:\dir01
2008-10-11 03:58:13 ----D---- C:\Program Files\Adobe Media Player
2008-10-11 03:58:09 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-08 01:55:56 ----D---- C:\WINDOWS\Applian FLV Player
2008-10-08 01:55:55 ----D---- C:\Program Files\FLV Player
2008-10-06 00:29:48 ----D---- C:\Program Files\Avira
2008-10-06 00:08:21 ----SD---- C:\WINDOWS\system32\%SystemDrive%
2008-09-27 17:14:38 ----D---- C:\DirectX 9.0c
2008-09-26 00:23:08 ----D---- C:\Program Files\PCAST
2008-09-25 17:39:00 ----D---- C:\Program Files\SopCast
2008-09-25 14:46:00 ----D---- C:\Lop SD
2008-09-22 00:22:20 ----HDC---- C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$
2008-09-22 00:21:38 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-21 00:57:48 ----AH---- C:\WINDOWS\akebook.ini
2008-09-21 00:57:48 ----AH---- C:\WINDOWS\a3kebook.ini
2008-09-21 00:57:48 ----A---- C:\WINDOWS\ANS2000.INI
2008-09-20 16:07:52 ----A---- C:\WINDOWS\hidec.exe
2008-09-20 16:07:52 ----A---- C:\WINDOWS\file_list.bat
2008-09-19 23:07:57 ----SHD---- C:\RECYCLER
2008-09-19 20:24:54 ----D---- C:\WINDOWS\temp
2008-09-15 20:18:41 ----A---- C:\WINDOWS\zip.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\VFind.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\swsc.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\swreg.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\sed.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\grep.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\fdsv.exe
2008-09-13 17:18:16 ----A---- C:\WINDOWS\gmer.ini
2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.exe
2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.dll
2008-09-11 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 23:32:47 ----D---- C:\rsit
2008-09-10 05:55:25 ----A---- C:\WINDOWS\MegaManager.INI
2008-09-10 01:42:23 ----D---- C:\Program Files\Gravity
2008-09-09 20:45:58 ----RASHD---- C:\autorun.inf
2008-09-08 21:34:27 ----A---- C:\WINDOWS\convit.ini
2008-09-08 21:34:27 ----A---- C:\WINDOWS\convfac.ini
2008-09-08 20:21:49 ----D---- C:\Documents and Settings\Bayang\Application Data\Megaupload
2008-09-08 20:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-09-08 20:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-08 20:21:27 ----D---- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
2008-09-07 15:50:57 ----D---- C:\QooBox
2008-09-04 20:03:01 ----D---- C:\WINDOWS\erdnt
2008-09-03 21:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-03 20:53:24 ----D---- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
2008-09-03 20:53:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 20:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 00:33:44 ----D---- C:\Program Files\Trend Micro
2008-09-02 23:39:50 ----D---- C:\Program Files\Recuva
2008-08-26 02:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-16 19:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-16 19:09:08 ----D---- C:\Program Files\AskSBar
2008-08-15 22:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 22:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 22:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 22:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 22:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 22:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\java.exe
2008-07-20 19:50:44 ----D---- C:\Westwood
2008-07-13 20:48:25 ----D---- C:\Program Files\AC3Filter

======List of files/folders modified in the last 3 months======

2008-10-12 19:42:08 ----D---- C:\WINDOWS\Prefetch
2008-10-12 19:37:17 ----D---- C:\WINDOWS
2008-10-12 19:36:26 ----D---- C:\Documents and Settings\Bayang\Application Data\Free Download Manager
2008-10-12 19:30:59 ----D---- C:\WINDOWS\system32\Macromed
2008-10-12 19:29:58 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-12 19:28:55 ----D---- C:\Documents and Settings\Bayang\Application Data\Azureus
2008-10-12 18:58:08 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-12 18:55:33 ----D---- C:\Movie
2008-10-11 04:15:47 ----D---- C:\WINDOWS\system32
2008-10-11 04:13:42 ----D---- C:\WINDOWS\system32\Adobe
2008-10-11 04:03:34 ----SHD---- C:\WINDOWS\Installer
2008-10-11 03:58:21 ----D---- C:\Documents and Settings\Bayang\Application Data\Adobe
2008-10-11 03:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-11 03:58:13 ----D---- C:\Program Files
2008-10-11 03:58:09 ----D---- C:\Program Files\Common Files
2008-10-10 22:27:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-10 22:27:43 ----HD---- C:\WINDOWS\inf
2008-10-10 22:27:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-09 19:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-09 15:51:41 ----D---- C:\Program Files\7-Zip
2008-10-09 13:39:10 ----D---- C:\hIRC2.2
2008-10-06 00:29:51 ----D---- C:\WINDOWS\system32\drivers
2008-10-06 00:11:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-06 00:08:26 ----A---- C:\WINDOWS\wininit.ini
2008-10-04 03:14:25 ----D---- C:\WINDOWS\Minidump
2008-09-30 21:49:51 ----SD---- C:\Documents and Settings\Bayang\Application Data\Microsoft
2008-09-30 21:49:50 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 21:49:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-29 14:40:48 ----D---- C:\Team17
2008-09-27 22:27:10 ----D---- C:\Program Files\TVUPlayer
2008-09-27 17:39:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-27 17:38:09 ----D---- C:\Program Files\Opera
2008-09-27 17:29:51 ----D---- C:\Program Files\Mozilla Firefox
2008-09-26 21:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-22 01:50:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-22 01:48:52 ----D---- C:\WINDOWS\system32\DirectX
2008-09-22 00:22:22 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-21 00:57:48 ----A---- C:\WINDOWS\win.ini
2008-09-21 00:57:48 ----A---- C:\WINDOWS\system.ini
2008-09-20 15:30:52 ----SD---- C:\WINDOWS\Tasks
2008-09-19 20:16:01 ----D---- C:\WINDOWS\AppPatch
2008-09-15 20:22:26 ----D---- C:\WINDOWS\system32\config
2008-09-14 04:18:27 ----D---- C:\WINDOWS\Debug
2008-09-11 03:00:59 ----D---- C:\WINDOWS\WinSxS
2008-09-11 03:00:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 17:53:21 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-09-04 20:24:50 ----SHD---- C:\System Volume Information
2008-09-04 20:24:50 ----D---- C:\WINDOWS\system32\Restore
2008-09-03 20:16:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-03 05:46:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 04:49:39 ----D---- C:\WINDOWS\Help
2008-08-27 04:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-16 19:09:02 ----D---- C:\Program Files\Azureus
2008-08-15 22:10:14 ----HD---- C:\Program Files\Messenger
2008-08-15 22:07:29 ----D---- C:\Program Files\Internet Explorer
2008-08-15 22:07:16 ----D---- C:\WINDOWS\ie7updates
2008-08-12 20:13:20 ----RSD---- C:\WINDOWS\Fonts
2008-08-12 19:25:23 ----D---- C:\WINDOWS\system32\QuickTime
2008-08-12 18:53:10 ----D---- C:\Program Files\Winamp
2008-08-11 21:11:06 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-08-11 21:10:32 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-08-11 21:10:20 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-07-22 18:07:56 ----D---- C:\Program Files\Java
2008-07-19 16:22:40 ----D---- C:\Documents and Settings\Bayang\Application Data\Skype
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-14 19:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-07 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-07 12032]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-25 3925920]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-07 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a9md9w36;a9md9w36; C:\WINDOWS\system32\drivers\a9md9w36.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-13 85969]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-25 155715]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-07 14336]

-----------------EOF-----------------

 

Looks as though you have another flash drive infection. Lets get that cleaned up before proceeding. Please delete the Flash_Disinfector.exe you currently have (if you still have it) then download a fresh copy from here and save it to your desktop.

Delete the current copy of ComboFix.exe and download a fresh copy from here, saving it to your desktop as well.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Now, please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new RSIT log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

ComboFix 08-10-11.04 - Bayang 2008-10-13 20:04:55.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1314 [GMT 8:00]
Running from: C:\Documents and Settings\Bayang\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\pcast
C:\Program Files\pcast\pCastCtl\dllcheck.exe
C:\Program Files\pcast\pCastCtl\GUpdate.dll
C:\Program Files\pcast\pCastCtl\Pcast P2P Ã÷ýÌå¿Ã˜¼Ã¾.url
C:\Program Files\pcast\pCastCtl\pCastCtl.dll
C:\Program Files\pcast\pCastCtl\uninst.exe
C:\WINDOWS\system32\system\

.
((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.

2008-10-12 19:38 . 2008-10-13 00:15 <DIR> d-------- C:\dir00
2008-10-12 19:37 . 2008-10-12 19:38 <DIR> d-------- C:\dir03
2008-10-12 19:37 . 2008-10-13 11:34 <DIR> d-------- C:\dir02
2008-10-12 19:37 . 2008-10-12 19:38 <DIR> d-------- C:\dir01
2008-10-11 03:58 . 2008-10-11 03:58 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-11 03:58 . 2008-10-11 03:58 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-10-10 20:15 . 2008-10-10 20:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-10 20:15 . 2008-10-10 20:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-08 01:55 . 2008-10-08 01:55 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-10-08 01:55 . 2008-10-08 01:55 <DIR> d-------- C:\Program Files\FLV Player
2008-10-06 00:29 . 2008-10-06 00:29 <DIR> d-------- C:\Program Files\Avira
2008-10-06 00:08 . 2008-10-06 00:08 <DIR> d---s---- C:\WINDOWS\system32\%SystemDrive%
2008-09-27 17:14 . 2008-09-27 17:14 <DIR> d-------- C:\DirectX 9.0c
2008-09-25 17:39 . 2008-09-25 17:40 <DIR> d-------- C:\Program Files\SopCast
2008-09-25 14:46 . 2008-09-29 14:50 <DIR> d-------- C:\Lop SD
2008-09-22 00:21 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-09-21 00:57 . 2008-09-21 00:57 59 --a------ C:\WINDOWS\ANS2000.INI
2008-09-21 00:57 . 2008-09-21 00:57 20 --ah----- C:\WINDOWS\akebook.ini
2008-09-21 00:57 . 2008-09-21 00:57 4 --ah----- C:\WINDOWS\a3kebook.ini
2008-09-20 16:07 . 2005-08-16 01:54 1,536 --a------ C:\WINDOWS\hidec.exe
2008-09-20 16:07 . 2008-09-20 16:07 552 --a------ C:\WINDOWS\file_list.bat
2008-09-18 23:24 . 2008-09-18 23:24 <DIR> d-------- C:\Documents and Settings\Bayang\Temp
2008-09-13 17:18 . 2008-10-07 23:48 250 --a------ C:\WINDOWS\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 12:06 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Free Download Manager
2008-10-13 12:06 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Azureus
2008-10-09 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-09 07:51 --------- d-----w C:\Program Files\7-Zip
2008-10-05 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-10-05 16:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-27 14:27 --------- d-----w C:\Program Files\TVUPlayer
2008-09-27 09:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 09:38 --------- d-----w C:\Program Files\Opera
2008-09-27 09:15 --------- d-----w C:\Program Files\AC3Filter
2008-09-26 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-15 12:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 09:53 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-09-09 17:42 --------- d-----w C:\Program Files\Gravity
2008-09-09 16:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 16:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 12:21 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Megaupload
2008-09-08 12:21 --------- d-----w C:\Documents and Settings\Bayang\Application Data\EmailNotifier
2008-09-08 12:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Megaupload
2008-09-08 12:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-03 12:53 --------- d-----w C:\Documents and Settings\Bayang\Application Data\Malwarebytes
2008-09-03 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-02 21:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 16:33 --------- d-----w C:\Program Files\Trend Micro
2008-09-02 15:39 --------- d-----w C:\Program Files\Recuva
2008-08-25 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-16 11:09 --------- d-----w C:\Program Files\Azureus
2008-08-16 11:09 --------- d-----w C:\Program Files\AskSBar
2008-08-16 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-04-15 12:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-10-01 07:00 40,960 ---ha-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-11_20.42.23.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-07 17:55:56 473,600 ----a-w C:\WINDOWS\Applian FLV Player\uninstall.exe
+ 2005-10-20 12:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-09-13 09:18:13 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 13:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-09-21 17:56:01 10,134 ----a-r C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\ARPPRODUCTICON.exe
+ 2008-09-21 17:56:01 65,536 ----a-r C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut2_0CE1A6C0F3F749E68F9D2431F9827441.exe
+ 2008-09-21 17:56:01 65,536 ----a-r C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut3_0CE1A6C0F3F749E68F9D2431F9827441.exe
+ 2008-09-21 17:56:01 65,536 ----a-r C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut4_0CE1A6C0F3F749E68F9D2431F9827441.exe
+ 2008-09-21 17:56:01 65,536 ----a-r C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut5_0CE1A6C0F3F749E68F9D2431F9827441.exe
+ 2008-09-21 17:56:01 8,854 ----a-r C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\UNINST_Uninstall_G_0CE1A6C0F3F749E68F9D2431F9827441_1.exe
+ 2008-08-06 08:22:02 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-08-06 08:30:48 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-08-06 08:22:42 499,712 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-08-06 07:45:40 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-08-06 08:22:44 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-08-06 07:35:52 706,048 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-08-06 07:35:52 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-08-06 07:35:52 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-08-06 07:42:04 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-08-06 07:35:52 54,656 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\pccuapi.dll
+ 2008-08-06 08:21:14 266,240 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-08-06 08:24:14 446,464 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-08-06 08:30:30 447,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100465.exe
+ 2008-08-06 08:24:56 114,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-08-06 08:21:04 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-08-06 07:35:52 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 02:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2008-09-13 09:18:13 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-10-16 13:17:04 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-09-26 13:55:10 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-03-15 07:06:46 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-05 04:13:22 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2006-06-01 06:15:20 509,440 ------w C:\WINDOWS\system32\Microsoft\Common Controller\xnacc.sys
- 2008-04-12 15:41:41 59,984 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-30 13:49:50 60,828 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-12 15:41:41 397,890 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-30 13:49:50 400,794 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Free Download Manager "= "C:\Program Files\Free Download Manager\fdm.exe" [2007-08-31 2437167]
"Free Upload Manager "= "C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 253952]
"Free Uploader Oe Integration "= "C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MSMSGS "= "C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-14 1694208]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-07 15360]
"EPSON Stylus CX5500 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE" [2007-01-25 179200]
"Messenger (Yahoo!) "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "= "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 7618560]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-03-08 98304]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz "= "nwiz.exe" [2006-07-25 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "NvMCTray.dll" [2006-07-25 C:\WINDOWS\system32\nvmctray.dll]
"RTHDCPL "= "RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12 "= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Azureus\\Azureus.exe "=
"C:\\hIRC2.2\\mirc.exe "=
"C:\\Valve\\Condition Zero\\czero.exe "=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\WINDOWS\\system32\\ftp.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13461:TCP "= 13461:TCP:NortonAV
"12656:TCP "= 12656:TCP:NortonAV
"17862:TCP "= 17862:TCP:NortonAV
"17484:TCP "= 17484:TCP:NortonAV
"14688:TCP "= 14688:TCP:NortonAV

R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05be8a0c-7a86-11dd-b8be-001d7d7daed6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196c69b6-6fa0-11dd-b8b7-001d7d7daed6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
\Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab651b7-92fa-11dd-b8dc-001d7d7daed6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe
.
Contents of the 'Scheduled Tasks' folder

2008-09-20 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Bayang\Application Data\Mozilla\Firefox\Profiles\b6mztx8s.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 20:07:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-13 20:08:32
ComboFix-quarantined-files.txt 2008-10-13 12:08:19
ComboFix2.txt 2008-09-15 12:29:25
ComboFix3.txt 2008-09-11 13:06:55
ComboFix4.txt 2008-09-11 12:42:44
ComboFix5.txt 2008-09-19 12:12:52

Pre-Run: 49,699,852,288 bytes free
Post-Run: 49,678,458,880 bytes free

238 --- E O F --- 2008-09-10 19:02:31

 

Logfile of random's system information tool 1.02 (written by random/random)
Run by Bayang at 2008-10-13 20:13:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 47 GB (47%) free of 100 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:38 PM, on 10/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Bayang\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bayang.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] C:\Program Files\Free Download Manager\fum\fum.exe -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1CAA.tmp" /EF "HKCU "
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{76C937BC-70FE-401D-91BF-48DD00A4981E}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8809 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-21 878352]
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-07-25 7618560]
"nwiz "=nwiz.exe /install []
"LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair "=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray "=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPDJ Taskbar Utility "=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-23 176128]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-03-08 98304]
"HP Component Manager "=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"NvMediaCenter "=C:\WINDOWS\system32\NvMCTray.dll [2006-07-25 86016]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate "=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"Free Download Manager "=C:\Program Files\Free Download Manager\fdm.exe [2007-08-31 2437167]
"Free Upload Manager "=C:\Program Files\Free Download Manager\fum\fum.exe [2007-07-29 253952]
"Free Uploader Oe Integration "=C:\Program Files\Free Download Manager\FUM\fumoei.exe [2007-06-10 40960]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MSMSGS "=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2004-10-14 1694208]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-07 15360]
"EPSON Stylus CX5500 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE [2007-01-25 179200]
"Messenger (Yahoo!) "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"Yahoo! Pager "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\hIRC2.2\mirc.exe "= "C:\hIRC2.2\mirc.exe:*:Enabled:mIRC "
"C:\Valve\Condition Zero\czero.exe "= "C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher "
"C:\Program Files\TVUPlayer\TVUPlayer.exe "= "C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\WINDOWS\system32\ftp.exe "= "C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Protocol "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05be8a0c-7a86-11dd-b8be-001d7d7daed6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196c69b6-6fa0-11dd-b8b7-001d7d7daed6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
shell\Explore\command - Flash.10.Setup.exe
shell\Open\command - Flash.10.Setup.exe
shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c71a70f-53d3-11dc-9434-000fea56435f}]
shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab651b7-92fa-11dd-b8dc-001d7d7daed6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe


======List of files/folders created in the last 3 months======

2008-10-13 20:08:36 ----D---- C:\WINDOWS\temp
2008-10-13 20:08:33 ----A---- C:\ComboFix.txt
2008-10-12 19:38:40 ----D---- C:\dir00
2008-10-12 19:37:59 ----D---- C:\dir02
2008-10-12 19:37:17 ----D---- C:\dir03
2008-10-12 19:37:17 ----D---- C:\dir01
2008-10-11 03:58:13 ----D---- C:\Program Files\Adobe Media Player
2008-10-11 03:58:09 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-08 01:55:56 ----D---- C:\WINDOWS\Applian FLV Player
2008-10-08 01:55:55 ----D---- C:\Program Files\FLV Player
2008-10-06 00:29:48 ----D---- C:\Program Files\Avira
2008-10-06 00:08:21 ----SD---- C:\WINDOWS\system32\%SystemDrive%
2008-09-27 17:14:38 ----D---- C:\DirectX 9.0c
2008-09-25 17:39:00 ----D---- C:\Program Files\SopCast
2008-09-25 14:46:00 ----D---- C:\Lop SD
2008-09-22 00:22:20 ----HDC---- C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$
2008-09-22 00:21:38 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-21 00:57:48 ----AH---- C:\WINDOWS\akebook.ini
2008-09-21 00:57:48 ----AH---- C:\WINDOWS\a3kebook.ini
2008-09-21 00:57:48 ----A---- C:\WINDOWS\ANS2000.INI
2008-09-20 16:07:52 ----A---- C:\WINDOWS\hidec.exe
2008-09-20 16:07:52 ----A---- C:\WINDOWS\file_list.bat
2008-09-15 20:18:41 ----A---- C:\WINDOWS\zip.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\VFind.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\swsc.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\swreg.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\sed.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\grep.exe
2008-09-15 20:18:41 ----A---- C:\WINDOWS\fdsv.exe
2008-09-13 17:18:16 ----A---- C:\WINDOWS\gmer.ini
2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.exe
2008-09-13 17:18:13 ----A---- C:\WINDOWS\gmer.dll
2008-09-11 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 23:32:47 ----D---- C:\rsit
2008-09-10 05:55:25 ----A---- C:\WINDOWS\MegaManager.INI
2008-09-10 01:42:23 ----D---- C:\Program Files\Gravity
2008-09-09 20:45:58 ----RASHD---- C:\autorun.inf
2008-09-08 21:34:27 ----A---- C:\WINDOWS\convit.ini
2008-09-08 21:34:27 ----A---- C:\WINDOWS\convfac.ini
2008-09-08 20:21:49 ----D---- C:\Documents and Settings\Bayang\Application Data\Megaupload
2008-09-08 20:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-09-08 20:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-08 20:21:27 ----D---- C:\Documents and Settings\Bayang\Application Data\EmailNotifier
2008-09-07 15:50:57 ----D---- C:\QooBox
2008-09-04 20:03:01 ----D---- C:\WINDOWS\erdnt
2008-09-03 21:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-03 20:53:24 ----D---- C:\Documents and Settings\Bayang\Application Data\Malwarebytes
2008-09-03 20:53:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 20:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 00:33:44 ----D---- C:\Program Files\Trend Micro
2008-09-02 23:39:50 ----D---- C:\Program Files\Recuva
2008-08-26 02:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-16 19:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-16 19:09:08 ----D---- C:\Program Files\AskSBar
2008-08-15 22:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 22:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 22:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 22:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 22:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 22:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-22 18:07:57 ----A---- C:\WINDOWS\system32\java.exe
2008-07-20 19:50:44 ----D---- C:\Westwood

======List of files/folders modified in the last 3 months======

2008-10-13 20:12:53 ----D---- C:\Documents and Settings\Bayang\Application Data\Azureus
2008-10-13 20:12:39 ----D---- C:\Documents and Settings\Bayang\Application Data\Free Download Manager
2008-10-13 20:08:38 ----D---- C:\WINDOWS\system32
2008-10-13 20:08:36 ----D---- C:\WINDOWS
2008-10-13 20:07:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 20:07:12 ----A---- C:\WINDOWS\system.ini
2008-10-13 20:06:26 ----D---- C:\WINDOWS\system32\drivers
2008-10-13 20:06:25 ----D---- C:\WINDOWS\AppPatch
2008-10-13 20:06:25 ----D---- C:\Program Files\Common Files
2008-10-13 20:05:12 ----D---- C:\Program Files
2008-10-13 20:04:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 20:00:49 ----D---- C:\WINDOWS\Prefetch
2008-10-12 19:30:59 ----D---- C:\WINDOWS\system32\Macromed
2008-10-12 18:58:08 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-12 18:55:33 ----D---- C:\Movie
2008-10-11 04:13:42 ----D---- C:\WINDOWS\system32\Adobe
2008-10-11 04:03:34 ----SHD---- C:\WINDOWS\Installer
2008-10-11 03:58:21 ----D---- C:\Documents and Settings\Bayang\Application Data\Adobe
2008-10-11 03:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-10 22:27:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-10 22:27:43 ----HD---- C:\WINDOWS\inf
2008-10-09 19:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-09 15:51:41 ----D---- C:\Program Files\7-Zip
2008-10-09 13:39:10 ----D---- C:\hIRC2.2
2008-10-06 00:11:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-06 00:08:26 ----A---- C:\WINDOWS\wininit.ini
2008-10-04 03:14:25 ----D---- C:\WINDOWS\Minidump
2008-09-30 21:49:51 ----SD---- C:\Documents and Settings\Bayang\Application Data\Microsoft
2008-09-30 21:49:50 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 21:49:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-29 14:40:48 ----D---- C:\Team17
2008-09-27 22:27:10 ----D---- C:\Program Files\TVUPlayer
2008-09-27 17:39:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-27 17:38:09 ----D---- C:\Program Files\Opera
2008-09-27 17:29:51 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 17:15:46 ----D---- C:\Program Files\AC3Filter
2008-09-26 21:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-22 01:50:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-22 01:48:52 ----D---- C:\WINDOWS\system32\DirectX
2008-09-22 00:22:22 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-21 00:57:48 ----A---- C:\WINDOWS\win.ini
2008-09-20 15:30:52 ----SD---- C:\WINDOWS\Tasks
2008-09-15 20:22:26 ----D---- C:\WINDOWS\system32\config
2008-09-14 04:18:27 ----D---- C:\WINDOWS\Debug
2008-09-11 03:00:59 ----D---- C:\WINDOWS\WinSxS
2008-09-11 03:00:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 17:53:21 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-09-04 20:24:50 ----SHD---- C:\System Volume Information
2008-09-04 20:24:50 ----D---- C:\WINDOWS\system32\Restore
2008-09-03 20:16:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-03 05:46:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 04:49:39 ----D---- C:\WINDOWS\Help
2008-08-27 04:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-16 19:09:02 ----D---- C:\Program Files\Azureus
2008-08-15 22:10:14 ----HD---- C:\Program Files\Messenger
2008-08-15 22:07:29 ----D---- C:\Program Files\Internet Explorer
2008-08-15 22:07:16 ----D---- C:\WINDOWS\ie7updates
2008-08-12 20:13:20 ----RSD---- C:\WINDOWS\Fonts
2008-08-12 19:25:23 ----D---- C:\WINDOWS\system32\QuickTime
2008-08-12 18:53:10 ----D---- C:\Program Files\Winamp
2008-08-11 21:11:06 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-08-11 21:10:32 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-08-11 21:10:20 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-07-22 18:07:56 ----D---- C:\Program Files\Java
2008-07-19 16:22:40 ----D---- C:\Documents and Settings\Bayang\Application Data\Skype
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-14 19:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-07 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-07 12032]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-25 3925920]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-07 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R4 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 a9md9w36;a9md9w36; C:\WINDOWS\system32\drivers\a9md9w36.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-13 85969]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-25 155715]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-07 14336]

-----------------EOF-----------------