Inactive [InActive] Run a DLL as an APP problem

So I was searching online for help and i found this forum, someone had posted this same problem.

"Run a DLL as an App has encountered a problem and needs to close. We are sorry for the inconvenience. "
This started happening after i did a system restore because i had downloaded a virus and didn't delete it all quickly enough. (first time i've been so careless since i was 13!)

in reading the rest of the forum, i brought me to this thread.

So i have run HijackThis but i'm in no way capable of trying to fix it myself and would like some help please. I'll be forever grateful!

also, this error message appears right after i turned on my computer, and i'm running windows xp

 

made size smaller because this is a lot of text.. (Admin: please don't)

Logfile of HijackThis v1.99.1
Scan saved at 1:18:12 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winlogen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winlogen.exe
C:\DOCUME~1\User\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ksjf93orkekfniw73nfdd] C:\DOCUME~1\User\LOCALS~1\Temp\winlogen.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ksjf93orkekfniw73nfdd] C:\DOCUME~1\User\LOCALS~1\Temp\winlogen.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\User\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

Welcome to WindowsBBS halloween

Please do the following in the order given.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Close the MBAM log for now.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Now, download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and the MBAM log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Finally, after you've posted the ComboFix and MBAM logs, download RSIT by random/random and save it to your desktop.

• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• If prompted to allow RSIT to access the internet, please allow it.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in another reply.

 

Thank you so much for helping me out with this. Here are the logs:

ComboFix Log:

ComboFix 08-09-27.06 - User 2008-09-28 23:04:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.139 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\str.sys
C:\WINDOWS\system32\paso.el
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.

2008-09-28 23:06 . 2008-04-13 20:12 1,041,408 --a------ C:\WINDOWS\OLD49.tmp
2008-09-28 22:55 . 2008-04-13 20:12 86,528 --a------ C:\WINDOWS\system32\OLD2F.tmp
2008-09-28 22:53 . 2008-04-13 20:12 86,528 --a------ C:\WINDOWS\system32\OLD24.tmp
2008-09-28 22:51 . 2008-04-13 20:12 86,528 --a------ C:\WINDOWS\system32\OLD15.tmp
2008-09-28 22:46 . 2008-09-28 23:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-09-28 22:25 . 2008-09-28 22:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 22:25 . 2008-09-28 22:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-28 22:25 . 2008-09-28 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 22:25 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 22:25 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 00:04 . 2008-04-13 20:12 441,344 --a------ C:\WINDOWS\system32\OLD8.tmp
2008-09-28 00:03 . 2008-04-13 20:12 354,816 --a------ C:\WINDOWS\system32\OLD3.tmp
2008-09-27 22:17 . 2008-09-27 22:17 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 22:17 . 2008-09-27 22:17 63,488 --a------ C:\WINDOWS\system32\io.e18
2008-09-27 22:17 . 2008-09-27 22:17 32,768 --a------ C:\WINDOWS\system32\onmac.frv
2008-09-27 22:17 . 2008-09-27 22:17 32,768 --a------ C:\WINDOWS\system32\ffcty.sp
2008-09-27 22:17 . 2008-09-27 22:17 28,672 --a------ C:\WINDOWS\system32\mnax.help
2008-09-27 22:17 . 2008-09-27 22:17 28,672 --a------ C:\WINDOWS\system32\can.sdr
2008-09-27 22:16 . 2008-09-27 22:16 <DIR> d--hs---- C:\Documents and Settings\LocalService\Application Data\twain_32
2008-09-27 22:16 . 2008-09-27 22:16 108,544 --a------ C:\gmrv.exe
2008-09-27 22:16 . 2008-09-27 22:16 86,016 --a------ C:\vxqh.exe
2008-09-27 22:16 . 2008-09-27 22:16 30,976 --a------ C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys
2008-09-27 22:16 . 2008-09-27 22:16 2 --a------ C:\-62823691
2008-09-27 22:15 . 2008-09-27 22:15 61,952 --a------ C:\nhfjlb.exe
2008-09-16 23:35 . 2008-09-16 23:35 <DIR> d-------- C:\WINDOWS\BBSTORE
2008-09-16 23:35 . 2008-09-16 23:35 <DIR> d-------- C:\Program Files\The Learning Company
2008-09-16 23:34 . 2008-09-16 23:34 0 --a------ C:\WINDOWS\SETUP32.INI
2008-09-06 22:24 . 2008-09-06 22:24 0 --a------ C:\WINDOWS\PCFriend.INI
2008-09-06 22:22 . 1996-10-15 14:40 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2008-09-06 22:21 . 2008-09-07 13:25 <DIR> d-------- C:\Program Files\PCFriendly
2008-09-06 16:20 . 2008-09-06 16:20 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 16:20 . 2008-09-07 14:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-09-06 16:05 . 2008-09-06 16:05 <DIR> d-------- C:\Documents and Settings\User\Application Data\Anonymizer
2008-09-06 16:04 . 2008-09-06 16:04 <DIR> d-------- C:\Program Files\Anonymizer
2008-09-06 16:04 . 2008-09-06 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer
2008-09-06 15:50 . 2008-09-06 16:04 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}
2008-09-06 11:22 . 2008-09-06 11:25 <DIR> d-------- C:\Program Files\Sophos
2008-09-05 12:20 . 2008-09-05 12:20 <DIR> d-------- C:\savinstall
2008-09-03 23:02 . 2008-09-03 23:02 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-09-03 23:02 . 2008-09-28 19:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\U3
2008-08-31 21:14 . 2008-08-31 21:14 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\CiscoCAA
2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Program Files\Cisco Systems
2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\CiscoCAA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 03:00 --------- d-----w C:\Program Files\Viewpoint
2008-09-29 03:00 --------- d-----w C:\Program Files\Three Rings Design
2008-09-29 03:00 --------- d-----w C:\Documents and Settings\User\Application Data\Viewpoint
2008-09-29 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-29 02:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-29 01:28 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-09-28 04:07 --------- d-----w C:\Documents and Settings\User\Application Data\gtk-2.0
2008-09-28 02:30 --------- d-----w C:\Program Files\GIMP-2.0
2008-09-28 02:17 578,560 ----a-w C:\WINDOWS\system32\user32.DLL
2008-09-22 20:34 --------- d-----w C:\Documents and Settings\User\Application Data\yoclient
2008-09-20 03:31 --------- d-----w C:\Program Files\mIRC
2008-09-06 18:45 --------- d-----w C:\Program Files\Google
2008-08-31 12:21 --------- d-----w C:\Program Files\Amazon
2008-08-31 12:21 --------- d-----w C:\Documents and Settings\User\Application Data\Amazon
2008-08-13 00:01 138,752 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-10 03:52 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-10 03:52 --------- d-----w C:\Program Files\Windows Live
2008-08-10 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 03:37 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-08-06 04:57 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-08-04 22:42 --------- d-----w C:\Program Files\Java
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2006-01-27 01:17 32 ----a-r C:\Documents and Settings\All Users\hash.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2007-04-12 01:54 8 --sh--r C:\WINDOWS\system32\9F8D75C525.sys
2008-01-18 01:03 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
577,536 2007-03-08 15:36:28 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
577,024 2004-08-04 05:00:00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
578,560 2008-04-14 00:12:08 C:\WINDOWS\ServicePackFiles\i386\user32.dll
578,560 2008-09-28 02:17:13 C:\WINDOWS\system32\user32.DLL
578,560 2008-09-28 02:17:13 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 01:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-09-27 22:17 578560 45d5eeb1f430e10550681cb5fee5d924 C:\WINDOWS\system32\user32.DLL
2008-09-27 22:17 578560 45d5eeb1f430e10550681cb5fee5d924 C:\WINDOWS\system32\dllcache\user32.dll

2008-04-13 20:12 1033728 386dd03340d1e58a0eef5894c42462ec C:\WINDOWS\explorer.exe
2007-06-13 07:26 1040896 3c0608125c98df502fc4a3fff5719158 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 1040896 826a71868cdcc9f22e600414659fa14d C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 01:00 1039872 777fe645b920bddd7a13eba45664a980 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1041408 39de830a3cfae78798ba85df852fa9d8 C:\WINDOWS\LastGood\explorer.exe
2008-04-13 20:12 1041408 dc5da6bd48cc843e60584e7041bb49da C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 20:12 1041408 38414529a3174834adfffa975c274c24 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 01:00 32256 8ecf95a0cf39ade919845bbdb477af93 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 33792 1e6def4fc0d4a7c0b13c15daf3247584 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 26112 53063cb2e845754c43222a76b675eef5 C:\WINDOWS\system32\userinit.exe
2008-04-13 20:12 33792 f19c84801eabb9049d940595273169f6 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1702912]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update "= "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" [X]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AspireService "= "C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 114688]
"MediaSync "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 434176]
"eRecoveryService "= "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 163840]
"PaperPort PTD "= "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch "= "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 49152]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 57344]
"ControlCenter2.0 "= "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 860160]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 294912]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3747840]
"SoundMan "= "SOUNDMAN.EXE" [2005-09-21 C:\WINDOWS\soundman.exe]
"VTTimer "= "VTTimer.exe" [2005-05-13 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp "= "VTtrayp.exe" [2005-05-13 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-06-28 2056266]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-12-02 122880]
Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit "= "C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\twext.exe, "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\mIRC\\mirc.exe "=
"C:\\Program Files\\Soulseek\\slsk.exe "=
"C:\\Program Files\\Azureus\\Azureus.exe "=
"C:\\Program Files\\Trillian\\trillian.exe "=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe "=
"C:\\Program Files\\Last.fm\\LastFM.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\AIM6\\aim6.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Documents and Settings\\User\\Desktop\\Open Canvas.exe "=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"C:\\Program Files\\uTorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe "=
"C:\\Program Files\\Last.fm\\unins000.exe "=
"C:\\WINDOWS\\system32\\services.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21642:TCP "= 21642:TCP:utorrent
"21642:UDP "= 21642:UDP:utorrent
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 remndkrdn;remndkrdn;C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys [2008-09-27 30976]
S3 3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9;3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9;E:\Player\cds300.dll [ ]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2006-07-10 99840]

*Newly Created Service* - CATCHME
*Newly Created Service* - INT15.SYS
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pcih9q7m.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/webhp?hl=en
FF -: plugin - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 23:10:48
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\cmd.exe.tmp 396800 bytes executable
C:\WINDOWS\system32\ipconfig.exe.tmp 63488 bytes executable
C:\WINDOWS\system32\twain_32
C:\WINDOWS\system32\twext.exe 519168 bytes executable

scan completed successfully
hidden files: 4

**************************************************************************
.
Completion time: 2008-09-28 23:14:48
ComboFix-quarantined-files.txt 2008-09-29 03:14:35

Pre-Run: 30,780,391,424 bytes free
Post-Run: 31,875,608,576 bytes free

251 --- E O F --- 2008-09-12 03:08:01




MBAM Log:

Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 3

9/28/2008 10:42:57 PM
mbam-log-2008-09-28 (22-42-57).txt

Scan type: Quick Scan
Objects scanned: 59421
Time elapsed: 14 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 9
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayWoOFV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gks834t.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\wvUnMGww.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74f53bcb-1ebf-47b9-9ba3-0e5a82e3caf8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{74f53bcb-1ebf-47b9-9ba3-0e5a82e3caf8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a982037a-5fa0-44bd-8bb8-bce93ebbdfe8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvunmgww (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a982037a-5fa0-44bd-8bb8-bce93ebbdfe8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\efpinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a982037a-5fa0-44bd-8bb8-bce93ebbdfe8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ksjf93orkekfniw73nfdd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ksjf93orkekfniw73nfdd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yaywoofv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yaywoofv -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yayWoOFV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\VFOoWyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VFOoWyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnMGww.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nvrsol32.dll (Spyware.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\gks834t.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\iiffgeBt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\seekmo.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\winlogen.exe (Trojan.Agent) -> Delete on reboot.
C:\d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.

 

This log file for RSIT was too long for one post, so here it is in two parts.

Part 1

Logfile of random's system information tool 1.02 (written by random/random)
Run by User at 2008-09-28 23:22:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (41%) free of 74 GB
Total RAM: 447 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:12 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalLogfile of random's system information tool 1.02 (written by random/random)
Run by User at 2008-09-28 23:22:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (41%) free of 74 GB
Total RAM: 447 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:12 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7613 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "=Alaunch []
"SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2005-09-21 90112]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"VTTimer "=C:\WINDOWS\system32\VTTimer.exe [2005-05-13 53248]
"VTTrayp "=C:\WINDOWS\system32\VTtrayp.exe [2005-05-13 143360]
"AspireService "=C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2005-09-29 114688]
"MediaSync "=C:\Program Files\Acer\Acer eConsole\MediaSync.exe [2005-09-21 434176]
"eRecoveryService "=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]
"SSBkgdUpdate "=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 163840]
"PaperPort PTD "=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch "=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 49152]
"SetDefPrt "=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 57344]
"ControlCenter2.0 "=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 860160]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 294912]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"googletalk "=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3747840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1702912]
"updateMgr "=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Google Update "=C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe
Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer "
"C:\Program Files\Acer\Acer eConsole\eConsole.exe "= "C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole "
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe "= "C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\Soulseek\slsk.exe "= "C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\Program Files\Trillian\trillian.exe "= "C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian "
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe "= "C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary "
"C:\Program Files\Last.fm\LastFM.exe "= "C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Documents and Settings\User\Desktop\Open Canvas.exe "= "C:\Documents and Settings\User\Desktop\Open Canvas.exe:*:Enabled:Open Canvas "
"C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe "= "C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Google\Google Talk\googletalk.exe "= "C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "
"C:\Program Files\uTorrent\utorrent.exe "= "C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe "= "C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe:*:Enabled:Clean Access Agent "
"C:\Program Files\Last.fm\unins000.exe "= "C:\Program Files\Last.fm\unins000.exe:*:Enabled:Uninstall Last.fm "
"C:\WINDOWS\system32\services.exe "= "C:\WINDOWS\system32\services.exe:*:enabledshell32.dll,-1 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

======List of files/folders created in the last 3 months======

2008-09-28 23:21:13 ----D---- C:\Program Files\trend micro
2008-09-28 23:21:12 ----D---- C:\rsit
2008-09-28 23:14:51 ----A---- C:\ComboFix.txt
2008-09-28 23:06:20 ----A---- C:\WINDOWS\OLD49.tmp
2008-09-28 23:04:09 ----D---- C:\WINDOWS\erdnt
2008-09-28 23:03:20 ----D---- C:\QooBox
2008-09-28 23:03:14 ----A---- C:\WINDOWS\zip.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\VFind.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\SWSC.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\swreg.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\sed.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\grep.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\fdsv.exe
2008-09-28 22:55:00 ----A---- C:\WINDOWS\system32\OLD2F.tmp
2008-09-28 22:53:12 ----A---- C:\WINDOWS\system32\OLD24.tmp
2008-09-28 22:51:17 ----A---- C:\WINDOWS\system32\OLD15.tmp
2008-09-28 22:46:54 ----D---- C:\WINDOWS\LastGood
2008-09-28 22:25:44 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-28 22:25:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 22:25:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 00:06:53 ----D---- C:\Config.Msi
2008-09-28 00:04:39 ----A---- C:\WINDOWS\system32\OLD8.tmp
2008-09-28 00:03:03 ----A---- C:\WINDOWS\system32\OLD3.tmp
2008-09-27 22:21:37 ----A---- C:\WINDOWS\system32\f762a624-.txt
2008-09-27 22:16:30 ----A---- C:\vxqh.exe
2008-09-27 22:16:28 ----A---- C:\gmrv.exe
2008-09-27 22:15:46 ----SHD---- C:\WINDOWS\system32\twain_32
2008-09-27 22:15:41 ----A---- C:\nhfjlb.exe
2008-09-16 23:35:14 ----D---- C:\WINDOWS\BBSTORE
2008-09-16 23:35:08 ----D---- C:\Program Files\The Learning Company
2008-09-16 23:34:52 ----A---- C:\WINDOWS\SETUP32.INI
2008-09-11 23:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 23:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-06 22:24:07 ----A---- C:\WINDOWS\PCFriend.INI
2008-09-06 22:22:16 ----A---- C:\WINDOWS\system32\INLOADER.DLL
2008-09-06 22:21:58 ----D---- C:\Program Files\PCFriendly
2008-09-06 16:20:09 ----D---- C:\Program Files\uTorrent
2008-09-06 16:20:08 ----D---- C:\Documents and Settings\User\Application Data\uTorrent
2008-09-06 16:05:46 ----D---- C:\Documents and Settings\User\Application Data\Anonymizer
2008-09-06 16:04:58 ----D---- C:\Program Files\Anonymizer
2008-09-06 16:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\Anonymizer
2008-09-06 15:50:36 ----HD---- C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}
2008-09-06 11:30:14 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-06 11:22:18 ----D---- C:\Program Files\Sophos
2008-09-05 12:20:19 ----D---- C:\savinstall
2008-09-03 23:02:36 ----D---- C:\Program Files\Common Files\SWF Studio
2008-09-03 23:02:08 ----D---- C:\Documents and Settings\User\Application Data\U3
2008-08-30 21:41:54 ----D---- C:\Documents and Settings\User\Application Data\CiscoCAA
2008-08-30 21:41:48 ----D---- C:\Program Files\Cisco Systems
2008-08-29 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-28 19:55:56 ----D---- C:\WINDOWS\Prefetch
2008-08-28 19:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-28 19:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-28 19:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-28 19:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-28 19:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-28 19:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-28 19:36:10 ----D---- C:\WINDOWS\system32\en-us
2008-08-28 19:36:09 ----D---- C:\WINDOWS\system32\scripting
2008-08-28 19:36:08 ----D---- C:\WINDOWS\l2schemas
2008-08-28 19:36:07 ----D---- C:\WINDOWS\system32\en
2008-08-28 19:36:06 ----D---- C:\WINDOWS\system32\bits
2008-08-28 19:33:57 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-28 19:31:48 ----D---- C:\WINDOWS\network diagnostic
2008-08-28 19:26:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-28 19:24:59 ----D---- C:\WINDOWS\EHome
2008-08-28 19:17:45 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-28 19:17:38 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-28 19:17:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-28 19:17:27 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-28 19:17:27 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-28 19:17:15 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-28 19:17:14 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-28 19:17:09 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-28 19:17:08 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-28 19:17:07 ----A---- C:\WINDOWS\system32\slserv.exe
2008-08-28 19:17:07 ----A---- C:\WINDOWS\slrundll.exe
2008-08-28 19:17:04 ----A---- C:\WINDOWS\system32\setupn.exe
2008-08-28 19:17:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-28 19:17:01 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-28 19:17:00 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-28 19:17:00 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-28 19:16:58 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-28 19:16:58 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-28 19:16:58 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-28 19:16:57 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-28 19:16:54 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-28 19:16:52 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-08-28 19:16:46 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-28 19:16:46 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-28 19:16:46 ----A---- C:\WINDOWS\system32\napstat.exe
2008-08-28 19:16:45 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-28 19:16:45 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-28 19:16:45 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-28 19:16:43 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-28 19:16:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-28 19:16:32 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-08-28 19:16:31 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-28 19:16:31 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-28 19:16:31 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-28 19:16:30 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-28 19:16:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-28 19:16:20 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-28 19:16:10 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-28 19:16:05 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-28 19:16:05 ----A---- C:\WINDOWS\002885_.tmp
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-28 19:15:58 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-28 19:15:58 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-28 19:15:58 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-28 19:15:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-28 19:15:51 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-28 19:15:50 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-28 19:15:49 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-28 19:15:49 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-28 19:15:49 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-28 19:15:42 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-14 22:33:19 ----D---- C:\Documents and Settings\User\Application Data\gtk-2.0
2008-08-14 00:07:38 ----D---- C:\Program Files\GIMP-2.0
2008-08-13 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 03:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 03:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 03:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 03:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-13 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-09 23:37:33 ----D---- C:\Program Files\Windows Journal Viewer
2008-08-04 18:42:53 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-04 18:42:53 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-04 18:42:53 ----A---- C:\WINDOWS\system32\java.exe
2008-07-14 21:51:08 ----D---- C:\Program Files\illiminable
2008-07-09 15:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

======List of files/folders modified in the last 3 months======

2008-09-28 23:21:13 ----RD---- C:\Program Files
2008-09-28 23:15:50 ----D---- C:\Program Files\Mozilla Firefox
2008-09-28 23:15:06 ----D---- C:\WINDOWS\temp
2008-09-28 23:15:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-28 23:15:00 ----AD---- C:\WINDOWS\system32
2008-09-28 23:14:57 ----AD---- C:\WINDOWS
2008-09-28 23:10:44 ----A---- C:\WINDOWS\system.ini
2008-09-28 23:08:20 ----AD---- C:\WINDOWS\system32\drivers
2008-09-28 23:08:19 ----D---- C:\WINDOWS\AppPatch
2008-09-28 23:08:19 ----D---- C:\Program Files\Common Files
2008-09-28 23:07:07 ----HD---- C:\WINDOWS\inf
2008-09-28 23:07:07 ----D---- C:\WINDOWS\system32\Com
2008-09-28 23:07:01 ----D---- C:\Program Files\Internet Explorer
2008-09-28 23:02:31 ----D---- C:\WINDOWS\system32\Restore
2008-09-28 23:02:28 ----D---- C:\WINDOWS\system32\usmt
2008-09-28 23:02:01 ----D---- C:\Program Files\Windows Media Player
2008-09-28 23:00:39 ----D---- C:\Documents and Settings\User\Application Data\Viewpoint
2008-09-28 23:00:39 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-28 23:00:36 ----D---- C:\Program Files\Viewpoint
2008-09-28 23:00:05 ----D---- C:\Program Files\Three Rings Design
2008-09-28 22:58:35 ----SHD---- C:\WINDOWS\Installer
2008-09-28 22:56:31 ----D---- C:\Program Files\Adobe
2008-09-28 22:54:05 ----D---- C:\Program Files\Common Files\Adobe
2008-09-28 22:52:54 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2008-09-28 22:46:52 ----D---- C:\Program Files\Movie Maker
2008-09-28 22:46:05 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-28 22:45:59 ----A---- C:\WINDOWS\system32\eRLog.ini
2008-09-28 22:45:26 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2008-09-28 22:44:39 ----D---- C:\WINDOWS\system32\wbem
2008-09-28 22:44:39 ----D---- C:\Program Files\Windows NT
2008-09-28 22:44:39 ----D---- C:\Program Files\Outlook Express
2008-09-28 22:44:39 ----D---- C:\Program Files\NetMeeting
2008-09-28 22:43:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-28 21:28:41 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-09-28 00:08:01 ----D---- C:\WINDOWS\system32\config
2008-09-28 00:07:46 ----D---- C:\WINDOWS\Registration
2008-09-27 22:17:13 ----A---- C:\WINDOWS\system32\user32.DLL
2008-09-22 16:34:14 ----D---- C:\Documents and Settings\User\Application Data\yoclient
2008-09-19 23:31:07 ----D---- C:\Program Files\mIRC
2008-09-17 09:43:48 ----D---- C:\WINDOWS\Help
2008-09-11 23:06:04 ----A---- C:\WINDOWS\imsins.BAK
2008-09-11 23:06:03 ----D---- C:\WINDOWS\WinSxS
2008-09-08 09:43:04 ----SD---- C:\WINDOWS\Tasks
2008-09-07 14:12:16 ----RSD---- C:\WINDOWS\assembly
2008-09-07 14:12:16 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-07 13:47:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-06 16:00:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-06 14:45:50 ----D---- C:\Program Files\Google
2008-08-31 08:21:19 ----D---- C:\Program Files\Amazon
2008-08-31 08:21:19 ----D---- C:\Documents and Settings\User\Application Data\Amazon
2008-08-31 08:18:29 ----D---- C:\Program Files\Common Files\System
2008-08-29 02:11:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-29 01:16:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 01:15:46 ----AD---- C:\i386
2008-08-28 20:09:53 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-28 19:55:53 ----A---- C:\WINDOWS\setuplog.txt
2008-08-28 19:55:26 ----D---- C:\Program Files\Messenger
2008-08-28 19:55:25 ----D---- C:\WINDOWS\system32\Setup
2008-08-28 19:55:24 ----RSD---- C:\WINDOWS\Fonts
2008-08-28 19:45:21 ----D---- C:\WINDOWS\security
2008-08-28 19:36:26 ----D---- C:\WINDOWS\ime
2008-08-28 19:36:06 ----D---- C:\WINDOWS\PeerNet
2008-08-28 19:33:52 ----D---- C:\WINDOWS\system32\npp
2008-08-28 19:33:51 ----D---- C:\WINDOWS\msagent
2008-08-28 19:33:49 ----D---- C:\WINDOWS\srchasst
2008-08-28 19:33:22 ----AD---- C:\WINDOWS\system32\oobe
2008-08-28 19:33:20 ----AD---- C:\WINDOWS\system
2008-08-28 19:30:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-28 19:26:20 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2008-08-28 18:43:34 ----D---- C:\WINDOWS\Debug
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-12 20:01:17 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-09 23:52:48 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-08-09 23:52:30 ----D---- C:\Program Files\Windows Live
2008-08-09 23:52:14 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-09 23:43:50 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-06 00:57:36 ----D---- C:\Documents and Settings\User\Application Data\AdobeUM
2008-08-04 18:42:51 ----D---- C:\Program Files\Java
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-10 04:01:04 ----D---- C:\Documents and Settings
2008-07-07 16:26:58 ----A---- C:\WINDOWS\system32\es.dll

 

Part 2


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2006-03-16 55168]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 remndkrdn;remndkrdn; \??\C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-21 3727680]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-12-06 6144]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-06 925192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-05-13 172544]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9;3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9; \??\E:\Player\cds300.dll []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2006-07-10 99840]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 247296]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-10-19 749568]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-11 80384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 921088]

-----------------EOF-----------------

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 7613 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "=Alaunch []
"SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2005-09-21 90112]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"VTTimer "=C:\WINDOWS\system32\VTTimer.exe [2005-05-13 53248]
"VTTrayp "=C:\WINDOWS\system32\VTtrayp.exe [2005-05-13 143360]
"AspireService "=C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2005-09-29 114688]
"MediaSync "=C:\Program Files\Acer\Acer eConsole\MediaSync.exe [2005-09-21 434176]
"eRecoveryService "=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]
"SSBkgdUpdate "=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 163840]
"PaperPort PTD "=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch "=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 49152]
"SetDefPrt "=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 57344]
"ControlCenter2.0 "=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 860160]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 294912]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"googletalk "=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3747840]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1702912]
"updateMgr "=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Google Update "=C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 133104]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe
Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer "
"C:\Program Files\Acer\Acer eConsole\eConsole.exe "= "C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole "
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe "= "C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\Soulseek\slsk.exe "= "C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\Program Files\Trillian\trillian.exe "= "C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian "
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe "= "C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary "
"C:\Program Files\Last.fm\LastFM.exe "= "C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Documents and Settings\User\Desktop\Open Canvas.exe "= "C:\Documents and Settings\User\Desktop\Open Canvas.exe:*:Enabled:Open Canvas "
"C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe "= "C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Google\Google Talk\googletalk.exe "= "C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "
"C:\Program Files\uTorrent\utorrent.exe "= "C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe "= "C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe:*:Enabled:Clean Access Agent "
"C:\Program Files\Last.fm\unins000.exe "= "C:\Program Files\Last.fm\unins000.exe:*:Enabled:Uninstall Last.fm "
"C:\WINDOWS\system32\services.exe "= "C:\WINDOWS\system32\services.exe:*:enabledshell32.dll,-1 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "


and actually there's a part three...

 

Part Three (last)


======List of files/folders created in the last 3 months======
2008-09-28 23:21:13 ----D---- C:\Program Files\trend micro
2008-09-28 23:21:12 ----D---- C:\rsit
2008-09-28 23:14:51 ----A---- C:\ComboFix.txt
2008-09-28 23:06:20 ----A---- C:\WINDOWS\OLD49.tmp
2008-09-28 23:04:09 ----D---- C:\WINDOWS\erdnt
2008-09-28 23:03:20 ----D---- C:\QooBox
2008-09-28 23:03:14 ----A---- C:\WINDOWS\zip.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\VFind.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\SWSC.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\swreg.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\sed.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\grep.exe
2008-09-28 23:03:14 ----A---- C:\WINDOWS\fdsv.exe
2008-09-28 22:55:00 ----A---- C:\WINDOWS\system32\OLD2F.tmp
2008-09-28 22:53:12 ----A---- C:\WINDOWS\system32\OLD24.tmp
2008-09-28 22:51:17 ----A---- C:\WINDOWS\system32\OLD15.tmp
2008-09-28 22:46:54 ----D---- C:\WINDOWS\LastGood
2008-09-28 22:25:44 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-28 22:25:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 22:25:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 00:06:53 ----D---- C:\Config.Msi
2008-09-28 00:04:39 ----A---- C:\WINDOWS\system32\OLD8.tmp
2008-09-28 00:03:03 ----A---- C:\WINDOWS\system32\OLD3.tmp
2008-09-27 22:21:37 ----A---- C:\WINDOWS\system32\f762a624-.txt
2008-09-27 22:16:30 ----A---- C:\vxqh.exe
2008-09-27 22:16:28 ----A---- C:\gmrv.exe
2008-09-27 22:15:46 ----SHD---- C:\WINDOWS\system32\twain_32
2008-09-27 22:15:41 ----A---- C:\nhfjlb.exe
2008-09-16 23:35:14 ----D---- C:\WINDOWS\BBSTORE
2008-09-16 23:35:08 ----D---- C:\Program Files\The Learning Company
2008-09-16 23:34:52 ----A---- C:\WINDOWS\SETUP32.INI
2008-09-11 23:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 23:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-06 22:24:07 ----A---- C:\WINDOWS\PCFriend.INI
2008-09-06 22:22:16 ----A---- C:\WINDOWS\system32\INLOADER.DLL
2008-09-06 22:21:58 ----D---- C:\Program Files\PCFriendly
2008-09-06 16:20:09 ----D---- C:\Program Files\uTorrent
2008-09-06 16:20:08 ----D---- C:\Documents and Settings\User\Application Data\uTorrent
2008-09-06 16:05:46 ----D---- C:\Documents and Settings\User\Application Data\Anonymizer
2008-09-06 16:04:58 ----D---- C:\Program Files\Anonymizer
2008-09-06 16:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\Anonymizer
2008-09-06 15:50:36 ----HD---- C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}
2008-09-06 11:30:14 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-06 11:22:18 ----D---- C:\Program Files\Sophos
2008-09-05 12:20:19 ----D---- C:\savinstall
2008-09-03 23:02:36 ----D---- C:\Program Files\Common Files\SWF Studio
2008-09-03 23:02:08 ----D---- C:\Documents and Settings\User\Application Data\U3
2008-08-30 21:41:54 ----D---- C:\Documents and Settings\User\Application Data\CiscoCAA
2008-08-30 21:41:48 ----D---- C:\Program Files\Cisco Systems
2008-08-29 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-28 19:55:56 ----D---- C:\WINDOWS\Prefetch
2008-08-28 19:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-28 19:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-28 19:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-28 19:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-28 19:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-28 19:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-28 19:36:10 ----D---- C:\WINDOWS\system32\en-us
2008-08-28 19:36:09 ----D---- C:\WINDOWS\system32\scripting
2008-08-28 19:36:08 ----D---- C:\WINDOWS\l2schemas
2008-08-28 19:36:07 ----D---- C:\WINDOWS\system32\en
2008-08-28 19:36:06 ----D---- C:\WINDOWS\system32\bits
2008-08-28 19:33:57 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-28 19:31:48 ----D---- C:\WINDOWS\network diagnostic
2008-08-28 19:26:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-28 19:24:59 ----D---- C:\WINDOWS\EHome
2008-08-28 19:17:45 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-28 19:17:38 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-28 19:17:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-28 19:17:27 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-28 19:17:27 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-28 19:17:15 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-28 19:17:14 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-28 19:17:09 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-28 19:17:08 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-28 19:17:07 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-28 19:17:07 ----A---- C:\WINDOWS\system32\slserv.exe
2008-08-28 19:17:07 ----A---- C:\WINDOWS\slrundll.exe
2008-08-28 19:17:04 ----A---- C:\WINDOWS\system32\setupn.exe
2008-08-28 19:17:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-28 19:17:01 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-28 19:17:00 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-28 19:17:00 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-28 19:16:58 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-28 19:16:58 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-28 19:16:58 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-28 19:16:57 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-28 19:16:54 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-28 19:16:52 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-08-28 19:16:46 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-28 19:16:46 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-28 19:16:46 ----A---- C:\WINDOWS\system32\napstat.exe
2008-08-28 19:16:45 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-28 19:16:45 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-28 19:16:45 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-28 19:16:43 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-28 19:16:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-28 19:16:32 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-08-28 19:16:31 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-28 19:16:31 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-28 19:16:31 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-28 19:16:30 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-28 19:16:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-28 19:16:20 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-28 19:16:19 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-28 19:16:10 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-28 19:16:05 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-28 19:16:05 ----A---- C:\WINDOWS\002885_.tmp
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-28 19:16:03 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-28 19:16:00 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-28 19:15:58 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-28 19:15:58 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-28 19:15:58 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-28 19:15:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-28 19:15:51 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-28 19:15:50 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-28 19:15:49 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-28 19:15:49 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-28 19:15:49 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-28 19:15:48 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-28 19:15:42 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-14 22:33:19 ----D---- C:\Documents and Settings\User\Application Data\gtk-2.0
2008-08-14 00:07:38 ----D---- C:\Program Files\GIMP-2.0
2008-08-13 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 03:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 03:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 03:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 03:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-13 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-09 23:37:33 ----D---- C:\Program Files\Windows Journal Viewer
2008-08-04 18:42:53 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-04 18:42:53 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-04 18:42:53 ----A---- C:\WINDOWS\system32\java.exe
2008-07-14 21:51:08 ----D---- C:\Program Files\illiminable
2008-07-09 15:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

======List of files/folders modified in the last 3 months======

2008-09-28 23:21:13 ----RD---- C:\Program Files
2008-09-28 23:15:50 ----D---- C:\Program Files\Mozilla Firefox
2008-09-28 23:15:06 ----D---- C:\WINDOWS\temp
2008-09-28 23:15:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-28 23:15:00 ----AD---- C:\WINDOWS\system32
2008-09-28 23:14:57 ----AD---- C:\WINDOWS
2008-09-28 23:10:44 ----A---- C:\WINDOWS\system.ini
2008-09-28 23:08:20 ----AD---- C:\WINDOWS\system32\drivers
2008-09-28 23:08:19 ----D---- C:\WINDOWS\AppPatch
2008-09-28 23:08:19 ----D---- C:\Program Files\Common Files
2008-09-28 23:07:07 ----HD---- C:\WINDOWS\inf
2008-09-28 23:07:07 ----D---- C:\WINDOWS\system32\Com
2008-09-28 23:07:01 ----D---- C:\Program Files\Internet Explorer
2008-09-28 23:02:31 ----D---- C:\WINDOWS\system32\Restore
2008-09-28 23:02:28 ----D---- C:\WINDOWS\system32\usmt
2008-09-28 23:02:01 ----D---- C:\Program Files\Windows Media Player
2008-09-28 23:00:39 ----D---- C:\Documents and Settings\User\Application Data\Viewpoint
2008-09-28 23:00:39 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-28 23:00:36 ----D---- C:\Program Files\Viewpoint
2008-09-28 23:00:05 ----D---- C:\Program Files\Three Rings Design
2008-09-28 22:58:35 ----SHD---- C:\WINDOWS\Installer
2008-09-28 22:56:31 ----D---- C:\Program Files\Adobe
2008-09-28 22:54:05 ----D---- C:\Program Files\Common Files\Adobe
2008-09-28 22:52:54 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2008-09-28 22:46:52 ----D---- C:\Program Files\Movie Maker
2008-09-28 22:46:05 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-28 22:45:59 ----A---- C:\WINDOWS\system32\eRLog.ini
2008-09-28 22:45:26 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2008-09-28 22:44:39 ----D---- C:\WINDOWS\system32\wbem
2008-09-28 22:44:39 ----D---- C:\Program Files\Windows NT
2008-09-28 22:44:39 ----D---- C:\Program Files\Outlook Express
2008-09-28 22:44:39 ----D---- C:\Program Files\NetMeeting
2008-09-28 22:43:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-28 21:28:41 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-09-28 00:08:01 ----D---- C:\WINDOWS\system32\config
2008-09-28 00:07:46 ----D---- C:\WINDOWS\Registration
2008-09-27 22:17:13 ----A---- C:\WINDOWS\system32\user32.DLL
2008-09-22 16:34:14 ----D---- C:\Documents and Settings\User\Application Data\yoclient
2008-09-19 23:31:07 ----D---- C:\Program Files\mIRC
2008-09-17 09:43:48 ----D---- C:\WINDOWS\Help
2008-09-11 23:06:04 ----A---- C:\WINDOWS\imsins.BAK
2008-09-11 23:06:03 ----D---- C:\WINDOWS\WinSxS
2008-09-08 09:43:04 ----SD---- C:\WINDOWS\Tasks
2008-09-07 14:12:16 ----RSD---- C:\WINDOWS\assembly
2008-09-07 14:12:16 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-07 13:47:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-06 16:00:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-06 14:45:50 ----D---- C:\Program Files\Google
2008-08-31 08:21:19 ----D---- C:\Program Files\Amazon
2008-08-31 08:21:19 ----D---- C:\Documents and Settings\User\Application Data\Amazon
2008-08-31 08:18:29 ----D---- C:\Program Files\Common Files\System
2008-08-29 02:11:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-29 01:16:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 01:15:46 ----AD---- C:\i386
2008-08-28 20:09:53 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-28 19:55:53 ----A---- C:\WINDOWS\setuplog.txt
2008-08-28 19:55:26 ----D---- C:\Program Files\Messenger
2008-08-28 19:55:25 ----D---- C:\WINDOWS\system32\Setup
2008-08-28 19:55:24 ----RSD---- C:\WINDOWS\Fonts
2008-08-28 19:45:21 ----D---- C:\WINDOWS\security
2008-08-28 19:36:26 ----D---- C:\WINDOWS\ime
2008-08-28 19:36:06 ----D---- C:\WINDOWS\PeerNet
2008-08-28 19:33:52 ----D---- C:\WINDOWS\system32\npp
2008-08-28 19:33:51 ----D---- C:\WINDOWS\msagent
2008-08-28 19:33:49 ----D---- C:\WINDOWS\srchasst
2008-08-28 19:33:22 ----AD---- C:\WINDOWS\system32\oobe
2008-08-28 19:33:20 ----AD---- C:\WINDOWS\system
2008-08-28 19:30:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-28 19:26:20 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2008-08-28 18:43:34 ----D---- C:\WINDOWS\Debug
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-12 20:01:17 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-09 23:52:48 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-08-09 23:52:30 ----D---- C:\Program Files\Windows Live
2008-08-09 23:52:14 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-09 23:43:50 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-06 00:57:36 ----D---- C:\Documents and Settings\User\Application Data\AdobeUM
2008-08-04 18:42:51 ----D---- C:\Program Files\Java
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-10 04:01:04 ----D---- C:\Documents and Settings
2008-07-07 16:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2006-03-16 55168]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 remndkrdn;remndkrdn; \??\C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-21 3727680]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-12-06 6144]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-06 925192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-05-13 172544]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9;3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9; \??\E:\Player\cds300.dll []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2006-07-10 99840]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 247296]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-10-19 749568]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-11 80384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 921088]
-----------------EOF-----------------

 

You need to download the installation package for the Setup Disks for Floppy Boot Install from Microsoft so that we can use it to install the Recovery Console on your computer. No validation required! If necessary, change the language version to match your installation. Do NOT change the name of the downloaded file!

• Microsoft Windows XP Home Edition
  • Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

When complete, ComboFix should continue to run, may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.


Note - I did notice that you have Service Pack 3 installed, however, the Service Pack 2 Recovery Console setup package is still the correct one to use.

 

ok, here's those two logs

combofix:
ComboFix 08-09-27.06 - User 2008-09-29 14:11:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.143 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\explorer.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.

2008-09-28 23:21 . 2008-09-28 23:21 <DIR> d-------- C:\rsit
2008-09-28 23:21 . 2008-09-28 23:22 <DIR> d-------- C:\Program Files\trend micro
2008-09-28 22:25 . 2008-09-28 22:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 22:25 . 2008-09-28 22:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-28 22:25 . 2008-09-28 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 22:25 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 22:25 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 00:04 . 2008-04-13 20:12 441,344 --a------ C:\WINDOWS\system32\OLD8.tmp
2008-09-28 00:03 . 2008-04-13 20:12 354,816 --a------ C:\WINDOWS\system32\OLD3.tmp
2008-09-27 22:17 . 2008-09-27 22:17 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 22:17 . 2008-09-27 22:17 63,488 --a------ C:\WINDOWS\system32\io.e18
2008-09-27 22:17 . 2008-09-27 22:17 32,768 --a------ C:\WINDOWS\system32\onmac.frv
2008-09-27 22:17 . 2008-09-27 22:17 32,768 --a------ C:\WINDOWS\system32\ffcty.sp
2008-09-27 22:17 . 2008-09-27 22:17 28,672 --a------ C:\WINDOWS\system32\mnax.help
2008-09-27 22:17 . 2008-09-27 22:17 28,672 --a------ C:\WINDOWS\system32\can.sdr
2008-09-27 22:16 . 2008-09-27 22:16 <DIR> d--hs---- C:\Documents and Settings\LocalService\Application Data\twain_32
2008-09-27 22:16 . 2008-09-27 22:16 108,544 --a------ C:\gmrv.exe
2008-09-27 22:16 . 2008-09-27 22:16 86,016 --a------ C:\vxqh.exe
2008-09-27 22:16 . 2008-09-27 22:16 30,976 --a------ C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys
2008-09-27 22:16 . 2008-09-27 22:16 2 --a------ C:\-62823691
2008-09-27 22:15 . 2008-09-29 14:20 <DIR> d--hs---- C:\WINDOWS\system32\twain_32
2008-09-27 22:15 . 2008-09-27 22:15 61,952 --a------ C:\nhfjlb.exe
2008-09-16 23:35 . 2008-09-16 23:35 <DIR> d-------- C:\WINDOWS\BBSTORE
2008-09-16 23:35 . 2008-09-16 23:35 <DIR> d-------- C:\Program Files\The Learning Company
2008-09-16 23:34 . 2008-09-16 23:34 0 --a------ C:\WINDOWS\SETUP32.INI
2008-09-06 22:24 . 2008-09-06 22:24 0 --a------ C:\WINDOWS\PCFriend.INI
2008-09-06 22:22 . 1996-10-15 14:40 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2008-09-06 22:21 . 2008-09-07 13:25 <DIR> d-------- C:\Program Files\PCFriendly
2008-09-06 16:20 . 2008-09-06 16:20 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 16:20 . 2008-09-07 14:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-09-06 16:05 . 2008-09-06 16:05 <DIR> d-------- C:\Documents and Settings\User\Application Data\Anonymizer
2008-09-06 16:04 . 2008-09-06 16:04 <DIR> d-------- C:\Program Files\Anonymizer
2008-09-06 16:04 . 2008-09-06 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer
2008-09-06 15:50 . 2008-09-06 16:04 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}
2008-09-06 11:22 . 2008-09-06 11:25 <DIR> d-------- C:\Program Files\Sophos
2008-09-05 12:20 . 2008-09-05 12:20 <DIR> d-------- C:\savinstall
2008-09-03 23:02 . 2008-09-03 23:02 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-09-03 23:02 . 2008-09-28 19:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\U3
2008-08-31 21:14 . 2008-08-31 21:14 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\CiscoCAA
2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Program Files\Cisco Systems
2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\CiscoCAA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 18:02 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-09-29 03:00 --------- d-----w C:\Program Files\Viewpoint
2008-09-29 03:00 --------- d-----w C:\Program Files\Three Rings Design
2008-09-29 03:00 --------- d-----w C:\Documents and Settings\User\Application Data\Viewpoint
2008-09-29 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-29 02:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-28 04:07 --------- d-----w C:\Documents and Settings\User\Application Data\gtk-2.0
2008-09-28 02:30 --------- d-----w C:\Program Files\GIMP-2.0
2008-09-22 20:34 --------- d-----w C:\Documents and Settings\User\Application Data\yoclient
2008-09-20 03:31 --------- d-----w C:\Program Files\mIRC
2008-09-06 18:45 --------- d-----w C:\Program Files\Google
2008-08-31 12:21 --------- d-----w C:\Program Files\Amazon
2008-08-31 12:21 --------- d-----w C:\Documents and Settings\User\Application Data\Amazon
2008-08-10 03:52 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-10 03:52 --------- d-----w C:\Program Files\Windows Live
2008-08-10 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 03:37 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-08-06 04:57 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-08-04 22:42 --------- d-----w C:\Program Files\Java
2006-01-27 01:17 32 ----a-r C:\Documents and Settings\All Users\hash.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2007-04-12 01:54 8 --sh--r C:\WINDOWS\system32\9F8D75C525.sys
2008-01-18 01:03 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
file copied: C:\WINDOWS\system32\user32.dll -> C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir.vir ( 578560 bytes )

C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
577,536 2007-03-08 15:36:28 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
577,024 2004-08-04 05:00:00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
578,560 2008-04-14 00:12:08 C:\WINDOWS\ServicePackFiles\i386\user32.dll
578,560 2008-09-28 02:17:13 C:\WINDOWS\system32\user32.DLL
578,560 2008-09-28 02:17:13 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 01:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-09-27 22:17 578560 45d5eeb1f430e10550681cb5fee5d924 C:\WINDOWS\system32\user32.DLL
2008-09-27 22:17 578560 45d5eeb1f430e10550681cb5fee5d924 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 01:00 32256 8ecf95a0cf39ade919845bbdb477af93 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 33792 1e6def4fc0d4a7c0b13c15daf3247584 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 33792 43275dbd2ec5ccccb708cea8ac76b73e C:\WINDOWS\system32\userinit.exe
2008-04-13 20:12 33792 e107541015ebfb5155f9e8c3b392ac01 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-28_23.13.26.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2007-06-13 11:26:03 1,040,896 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
- 2007-06-13 10:23:07 1,033,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
+ 2007-06-13 10:23:07 1,040,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
- 2004-08-04 05:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
+ 2004-08-04 05:00:00 32,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
- 2004-08-04 05:00:00 1,032,192 -c----w C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
+ 2004-08-04 05:00:00 1,039,872 -c----w C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
- 2008-04-14 00:12:19 1,033,728 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 00:12:19 1,041,408 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
- 2008-09-29 02:44:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-29 18:20:03 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-29 02:44:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-29 18:20:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-29 02:44:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 18:20:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 00:12:16 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-04-14 00:12:30 420,864 ----a-w C:\WINDOWS\system32\dllcache\ntvdm.exe
- 2008-08-28 23:55:27 183,424 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-29 17:10:27 182,632 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-14 00:12:36 32,256 ------w C:\WINDOWS\system32\sort.exe
+ 2008-04-14 00:12:36 24,576 ----a-w C:\WINDOWS\system32\sort.exe
- 2005-10-19 20:31:52 749,568 ----a-w C:\WINDOWS\system32\Tablet.exe
+ 2005-10-19 20:31:52 757,760 ----a-w C:\WINDOWS\system32\Tablet.exe
+ 2008-04-14 00:11:24 519,168 ----a-r C:\WINDOWS\system32\twext.exe
+ 2008-09-29 18:21:49 16,384 ----a-w C:\WINDOWS\temp\Cookies\index.dat
+ 2008-09-29 18:21:49 16,384 ----a-w C:\WINDOWS\temp\History\History.IE5\index.dat
+ 2008-09-29 18:19:55 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4a8.dat
+ 2008-09-29 18:21:50 32,768 ----a-w C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1702912]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update "= "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" [X]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AspireService "= "C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 114688]
"MediaSync "= "C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 434176]
"eRecoveryService "= "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 405504]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 163840]
"PaperPort PTD "= "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 65585]
"IndexSearch "= "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 49152]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 57344]
"ControlCenter2.0 "= "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 860160]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 294912]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3747840]
"SoundMan "= "SOUNDMAN.EXE" [2005-09-21 C:\WINDOWS\soundman.exe]
"VTTimer "= "VTTimer.exe" [2005-05-13 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp "= "VTtrayp.exe" [2005-05-13 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-06-28 2064458]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-12-02 122880]
Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit "= "C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\twext.exe, "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\mIRC\\mirc.exe "=
"C:\\Program Files\\Soulseek\\slsk.exe "=
"C:\\Program Files\\Azureus\\Azureus.exe "=
"C:\\Program Files\\Trillian\\trillian.exe "=
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe "=
"C:\\Program Files\\Last.fm\\LastFM.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\AIM6\\aim6.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Documents and Settings\\User\\Desktop\\Open Canvas.exe "=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"C:\\Program Files\\uTorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe "=
"C:\\Program Files\\Last.fm\\unins000.exe "=
"C:\\WINDOWS\\system32\\services.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21642:TCP "= 21642:TCP:utorrent
"21642:UDP "= 21642:UDP:utorrent
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 remndkrdn;remndkrdn;C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys [2008-09-27 30976]
S3 3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9;3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9;E:\Player\cds300.dll [ ]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2006-07-10 99840]

*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pcih9q7m.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/webhp?hl=en
FF -: plugin - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 14:20:50
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-29 14:26:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-29 18:25:52
ComboFix2.txt 2008-09-29 03:14:51

Pre-Run: 32,094,511,104 bytes free
Post-Run: 31,972,974,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

270 --- E O F --- 2008-09-12 03:08:01



hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 2:27:42 PM, on 9/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

 

Highlight and copy the contents of the code box below.

Code:

@echo off
echo Please wait
echo.>done.txt
ren C:\WINDOWS\system32\dllcache\user32.dll user32.dll.old
ren C:\WINDOWS\system32\dllcache\userinit.exe userinit.exe.old
copy C:\WINDOWS\ServicePackFiles\i386\user32.dll C:\WINDOWS\system32\dllcache
copy C:\WINDOWS\ServicePackFiles\i386\userinit.exe C:\WINDOWS\system32\dllcache
if exist C:\WINDOWS\system32\dllcache\user32.dll ren C:\WINDOWS\system32\user32.dll user32.dll.old& echo user32 renamed>>done.txt
if exist C:\WINDOWS\system32\dllcache\userinit.exe ren C:\WINDOWS\system32\userinit.exe userinit.exe.old& echo userinit renamed>>done.txt
start notepad done.txt
exit
cls

Click Start>Run and type cmd then hit Enter to open a command window.
Right click in the command window and select Paste.
The command window will close on it's own and a text file will open when it completes.
Post the contents of that log here.

 

Here's what it had:


user32 renamed
userinit renamed

 

Highlight and copy the contents of the code box below.

Code:

@echo off
echo.>done.txt
if exist C:\WINDOWS\system32\user32.dll echo user32 present>>done.txt
if exist C:\WINDOWS\system32\userinit.exe echo userinit present>>done.txt
start notepad done.txt
exit
cls

Click Start>Run and type cmd then hit Enter to open a command window.
Right click in the command window and select Paste.
The command window will close on it's own and a text file will open when it completes.
Post the contents of that log here.

 

it had-

user32 present

 

Please navigate to C:\WINDOWS\system32 and check for the existence of both userinit.exe and userinit.exe.old, then let me know what you find.

 

Mmmm... I only found userinit.exe.old

 

Right click and copy C:\WINDOWS\ServicePackFiles\i386\user32.dll then paste it into C:\Windows\system32. Let me know if successful.

 

I'm confused, where is it that i right click and copy? do i copy the user32.dll that's already in the c:\windows\system32 ?

 

I'm sorry. I just realized I told you to copy user32.dll instead of userinit.exe
Navigate to C:\WINDOWS\ServicePackFiles\i386, locate then right click on the file userinit.exe and Copy
Now navigate to C:\Windows\system32, right click a blank space and Paste the copied file

 

Ah, alright. yeah, that seemed to work fine.

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/newreply.php?do=newreply&noquote=1&p=419474
KillAll::
Collect::[22]
C:\WINDOWS\system32\OLD8.tmp
C:\WINDOWS\system32\OLD3.tmp
C:\WINDOWS\system32\io.e18
C:\WINDOWS\system32\onmac.frv
C:\WINDOWS\system32\ffcty.sp
C:\WINDOWS\system32\mnax.help
C:\WINDOWS\system32\can.sdr
C:\gmrv.exe
C:\vxqh.exe
C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys
C:\-62823691
C:\nhfjlb.exe
C:\Documents and Settings\All Users\hash.dat
C:\WINDOWS\@@desktop.dat
C:\WINDOWS\@desktop@.dat
C:\WINDOWS\system32\twext.exe
C:\WINDOWS\system32\drivers\qbudlstuaplbz.sys
Folder::
C:\Documents and Settings\LocalService\Application Data\twain_32
C:\WINDOWS\system32\twain_32
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "LaunchApp "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
 "Userinit "= "C:\\WINDOWS\\system32\\userinit.exe, "
Driver::
remndkrdn
3a0c4ec6-4278-44a3-8d1c-d3f01f1238f9

Now, restart your computer before completing the following.


Close all other windows and programs and disable any realtime protection apps.
Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Combofix should run and may reboot the computer when it's done. A log will open when it's complete.
Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.
Thanks!