Inactive [InActive] some wierd stuff going on w/ explorer

aapocalypse · 2008/11/18

So for about the past hour my explorer keeps shutting itslef down and coming back up. Kaspersky keeps saying that it has found a threat and every attempt it uses to remove it fails. I have done system restores and the like as well. any help is aprreciated.
Logfile of random's system information tool 1.04 (written by random/random)
Run by Anthony - Desiree at 2008-11-18 18:14:19
Microsoft Windows XP Professional Service Pack 2
System drive C: has 360 GB (75%) free of 477 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:36 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Anthony - Desiree\Desktop\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\Anthony - Desiree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {188976FB-7E3B-49EC-A8CD-A5CB50292EBF} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7A336406-F1F1-43B7-B52E-5EA47D40F682} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {A2587760-63ED-4EF5-B30D-A7C5B53EE597} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DFE3768D-DD34-47AC-8935-97D505C33F2A} - (no file)
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {E9F8CFC9-8C6B-414F-951D-1CD84F98206A} - C:\WINDOWS\system32\iiffEvwW.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe "
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MobMapUpdater] "C:\Program Files\MobMapUpdater\MobMapUpdater.exe" --silent
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217385160713
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: khfCVOFw - C:\WINDOWS\
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8804 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{188976FB-7E3B-49EC-A8CD-A5CB50292EBF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-10-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A336406-F1F1-43B7-B52E-5EA47D40F682}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2587760-63ED-4EF5-B30D-A7C5B53EE597}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFE3768D-DD34-47AC-8935-97D505C33F2A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9F8CFC9-8C6B-414F-951D-1CD84F98206A}]
C:\WINDOWS\system32\iiffEvwW.dll [2008-11-18 246272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - []
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL [2006-11-07 1821184]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP "=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-04-25 201992]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"RemoteControl8 "=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut "=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"IntelAudioStudio "=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-09-21 9138176]
"Kernel and Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"CurseClient "=C:\Program Files\Curse\CurseClient.exe [2008-11-02 4789760]
"DAEMON Tools Lite "=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Aim6 "=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"Messenger (Yahoo!) "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-11-17 2019624]
"MobMapUpdater "=C:\Program Files\MobMapUpdater\MobMapUpdater.exe --silent []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Anthony - Desiree\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfCVOFw]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{A2587760-63ED-4EF5-B30D-A7C5B53EE597} "= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
C:\WINDOWS\system32\iiffEvwW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe "= "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox "
"C:\Program Files\World of Warcraft\Launcher.exe "= "C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\WINDOWS\system32\PnkBstrA.exe "= "C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA "
"C:\WINDOWS\system32\PnkBstrB.exe "= "C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB "
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe "= "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Xfire\xfire.exe "= "C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire "
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat "= "C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) "
"C:\Program Files\Curse\CurseClient.exe "= "C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client "
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe "= "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm "= "C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2 "
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe "= "C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Ventrilo\Ventrilo.exe "= "C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 3 months======

2008-11-18 18:14:19 ----DC---- C:\rsit
2008-11-18 18:14:19 ----D---- C:\Program Files\trend micro
2008-11-18 16:48:51 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-18 16:03:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-18 15:35:53 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-18 14:08:35 ----A---- C:\WINDOWS\system32\fff3d9c4-.txt
2008-11-18 14:08:00 ----ASH---- C:\WINDOWS\system32\WwvEffii.ini2
2008-11-18 14:08:00 ----ASH---- C:\WINDOWS\system32\WwvEffii.ini
2008-11-18 14:07:56 ----A---- C:\WINDOWS\system32\iiffEvwW.dll
2008-11-18 14:03:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-18 14:03:19 ----D---- C:\Fraps
2008-11-18 14:02:49 ----A---- C:\WINDOWS\system32\rqRiFyvS.dll
2008-11-18 14:02:49 ----A---- C:\WINDOWS\system32\mlJATnmm.dll
2008-11-18 14:02:42 ----A---- C:\WINDOWS\system32\cbXRLCSl.dll
2008-11-17 20:56:14 ----D---- C:\Program Files\Ventrilo
2008-11-17 20:56:08 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-17 01:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-11-17 01:33:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-11-17 01:25:28 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\uniblue
2008-11-17 01:16:25 ----D---- C:\Program Files\Uniblue
2008-11-17 01:11:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-17 01:08:11 ----DC---- C:\416690f76dbd2ae32738
2008-11-17 01:07:52 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-17 01:06:06 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\acccore
2008-11-17 01:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-17 01:05:17 ----D---- C:\Program Files\Viewpoint
2008-11-17 01:05:17 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-17 01:05:15 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-17 01:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-11-17 01:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-17 01:04:32 ----D---- C:\Program Files\Common Files\AOL
2008-11-17 01:04:14 ----D---- C:\Program Files\AIM6
2008-11-17 00:59:36 ----RHDC---- C:\AHCache
2008-11-12 22:39:38 ----D---- C:\Program Files\MSXML 4.0
2008-11-10 20:23:19 ----D---- C:\Program Files\BfSV
2008-11-09 22:43:09 ----D---- C:\Program Files\Gameforge4D
2008-11-09 22:43:09 ----A---- C:\WINDOWS\system32\SX5363S.DLL
2008-11-09 22:43:09 ----A---- C:\WINDOWS\system32\Sx5363.ini
2008-11-09 22:43:09 ----A---- C:\WINDOWS\system32\RV32RTP.dll
2008-11-04 23:01:12 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-11-04 23:01:02 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-04 22:29:17 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\DAEMON Tools
2008-11-03 17:36:06 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\LimeWire
2008-11-03 17:34:18 ----D---- C:\Program Files\LimeWire
2008-11-03 17:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-30 06:29:04 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Nero
2008-10-30 06:27:23 ----D---- C:\Program Files\Common Files\Nero
2008-10-30 06:26:41 ----D---- C:\Program Files\Nero 9
2008-10-29 21:40:37 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Logitech
2008-10-29 21:40:19 ----D---- C:\Program Files\Common Files\LogiShared
2008-10-29 21:40:14 ----A---- C:\WINDOWS\warhead.ini
2008-10-29 21:38:57 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-10-29 21:38:28 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-10-29 21:38:28 ----A---- C:\WINDOWS\KHALMNPR.Exe
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\KemXML.dll
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\KemWnd.dll
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\KemUtil.dll
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\kemutb.dll
2008-10-29 21:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-29 21:37:53 ----D---- C:\Program Files\Logitech
2008-10-29 21:37:51 ----D---- C:\Program Files\Common Files\Logitech
2008-10-29 21:37:25 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-29 20:24:22 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-10-28 18:51:31 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-28 18:51:25 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\SystemRequirementsLab
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\java.exe
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-25 22:00:32 ----D---- C:\WINDOWS\pss
2008-10-24 19:28:29 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\DivX
2008-10-24 17:22:46 ----D---- C:\Program Files\DivX
2008-10-24 09:37:24 ----D---- C:\Program Files\eMule
2008-10-20 12:52:05 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Turbine
2008-10-20 11:31:37 ----D---- C:\Program Files\Turbine
2008-10-20 09:25:58 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\GetRightToGo
2008-10-18 17:38:53 ----D---- C:\Program Files\Qtracker
2008-10-18 17:20:03 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\minimem
2008-10-15 23:01:44 ----D---- C:\Program Files\Yahoo!
2008-10-15 23:01:32 ----D---- C:\Program Files\CCleaner
2008-10-15 23:01:18 ----D---- C:\Program Files\Defraggler
2008-10-14 20:24:58 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Windows Search
2008-10-14 18:52:17 ----D---- C:\Program Files\MSBuild
2008-10-14 18:50:11 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-14 18:49:37 ----D---- C:\Program Files\Reference Assemblies
2008-10-14 18:47:58 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-10-14 18:47:47 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-10-14 18:47:44 ----DC---- C:\d40a26fdff5a7771697be2bf37
2008-10-14 18:43:06 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Windows Desktop Search
2008-10-14 18:42:28 ----D---- C:\Program Files\Windows Desktop Search
2008-10-14 18:42:25 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-10-14 18:42:07 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-10-14 18:39:23 ----D---- C:\Program Files\MSXML 6.0
2008-10-14 18:29:13 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-14 18:29:13 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-14 18:29:13 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-14 07:12:25 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-13 23:06:00 ----D---- C:\Documents and Settings\All Users\Application Data\Comcast
2008-10-11 21:41:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-11 21:41:44 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-11 07:48:32 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-08 09:00:07 ----D---- C:\Documents and Settings\All Users\Application Data\Razer
2008-10-07 18:31:49 ----D---- C:\Program Files\VentSrv
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-06 14:08:27 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-06 13:54:02 ----DC---- C:\AeriaGames
2008-10-06 12:58:14 ----D---- C:\Program Files\Common Files\Scanner
2008-10-06 12:58:14 ----D---- C:\Program Files\ComcastToolbar
2008-10-06 12:58:14 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\ComcastToolbar
2008-10-06 12:52:04 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 09:26:30 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-10-06 08:58:20 ----D---- C:\Program Files\Common Files\SupportSoft
2008-10-06 08:58:20 ----D---- C:\Program Files\ComcastUI
2008-10-06 07:15:43 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 17:50:16 ----A---- C:\WINDOWS\system32\frapsvid.dll
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-25 07:21:33 ----D---- C:\Program Files\Infogrames
2008-09-25 03:03:38 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-09-25 03:03:38 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-25 03:03:34 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-09-25 03:03:32 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-09-25 03:03:32 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-09-25 03:03:32 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-09-25 03:03:30 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-09-25 03:03:30 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-09-25 03:03:18 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-24 09:57:56 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Creative
2008-09-24 09:56:59 ----N---- C:\WINDOWS\Ctregrun.exe
2008-09-24 09:48:12 ----D---- C:\Program Files\Creative
2008-09-20 13:42:29 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-09-20 13:42:20 ----A---- C:\WINDOWS\system32\vbar332.dll
2008-09-20 13:42:20 ----A---- C:\WINDOWS\system32\dsetup.dll
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-19 16:55:10 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-09-19 16:55:10 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-09-19 16:54:18 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-19 14:17:18 ----A---- C:\WINDOWS\syscheck.INI
2008-09-19 14:17:01 ----A---- C:\WINDOWS\PCFriend.INI
2008-09-19 14:15:33 ----A---- C:\WINDOWS\system32\INLOADER.DLL
2008-09-19 14:15:24 ----D---- C:\Program Files\PCFriendly
2008-09-19 14:15:14 ----A---- C:\WINDOWS\uninst.exe
2008-09-16 11:00:13 ----D---- C:\Program Files\LucasArts
2008-09-15 19:14:26 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-09-15 19:14:24 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-15 10:12:37 ----D---- C:\Program Files\InterActual
2008-09-15 08:25:08 ----A---- C:\WINDOWS\DXT13.tmp
2008-09-15 08:21:26 ----D---- C:\UnrealTournament
2008-08-29 20:06:44 ----A---- C:\WINDOWS\system32\msxml6.dll

======List of files/folders modified in the last 3 months======

2008-11-18 18:14:24 ----D---- C:\WINDOWS\Prefetch
2008-11-18 18:14:19 ----RD---- C:\Program Files
2008-11-18 18:14:19 ----D---- C:\WINDOWS\Temp
2008-11-18 18:12:24 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 18:10:18 ----D---- C:\WINDOWS\system32\drivers
2008-11-18 18:08:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 18:06:29 ----SHD---- C:\WINDOWS\Installer
2008-11-18 17:58:43 ----D---- C:\WINDOWS
2008-11-18 17:54:16 ----D---- C:\WINDOWS\system32
2008-11-18 17:52:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 16:48:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-18 16:12:00 ----D---- C:\WINDOWS\system32\config
2008-11-18 16:11:13 ----D---- C:\WINDOWS\system32\wbem
2008-11-18 16:11:11 ----D---- C:\WINDOWS\Registration
2008-11-18 16:04:01 ----D---- C:\Documents and Settings
2008-11-18 11:38:37 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\uTorrent
2008-11-17 21:14:57 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-17 20:58:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 20:58:39 ----D---- C:\WINDOWS\Debug
2008-11-17 20:57:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-17 20:56:31 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Ventrilo
2008-11-17 20:55:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-17 20:55:00 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Xfire
2008-11-17 15:05:10 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\OpenOffice.org2
2008-11-17 04:02:44 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-17 04:02:41 ----RSD---- C:\WINDOWS\assembly
2008-11-17 01:36:58 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-17 01:34:55 ----HD---- C:\WINDOWS\inf
2008-11-17 01:13:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-17 01:10:38 ----D---- C:\WINDOWS\WinSxS
2008-11-17 01:09:27 ----D---- C:\WINDOWS\system32\en-US
2008-11-17 01:09:23 ----RSD---- C:\WINDOWS\Fonts
2008-11-17 01:06:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 01:04:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-17 01:04:33 ----D---- C:\Program Files\Internet Explorer
2008-11-17 01:04:32 ----D---- C:\Program Files\Common Files
2008-11-14 15:46:15 ----D---- C:\Program Files\MobMapUpdater
2008-11-14 15:43:37 ----D---- C:\Program Files\Windows Updates Downloader
2008-11-14 15:43:09 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-14 15:42:40 ----D---- C:\Program Files\EA GAMES
2008-11-14 15:42:18 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\My Battle for Middle-earth Files
2008-11-14 15:40:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 15:37:39 ----SD---- C:\WINDOWS\Tasks
2008-11-13 11:14:31 ----D---- C:\Program Files\World of Warcraft
2008-11-13 00:54:10 ----D---- C:\Program Files\Xfire
2008-11-12 22:40:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 22:27:54 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-09 01:46:14 ----SD---- C:\Documents and Settings\Anthony - Desiree\Application Data\Microsoft
2008-11-04 22:26:14 ----D---- C:\WINDOWS\system32\DirectX
2008-11-04 17:22:41 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Mozilla
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 14:20:19 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Thinstall
2008-11-03 14:18:00 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Adobe
2008-11-03 14:17:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-02 13:10:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-29 22:50:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-29 22:48:43 ----D---- C:\WINDOWS\Minidump
2008-10-29 21:39:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-27 21:24:44 ----D---- C:\Program Files\Java
2008-10-26 15:52:09 ----SH---- C:\boot.ini
2008-10-26 15:52:09 ----A---- C:\WINDOWS\win.ini
2008-10-26 15:52:09 ----A---- C:\WINDOWS\system.ini
2008-10-24 17:08:31 ----D---- C:\WAR2
2008-10-23 00:44:07 ----D---- C:\WINDOWS\security
2008-10-19 21:12:56 ----D---- C:\Program Files\IrfanView
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 19:04:06 ----D---- C:\WINDOWS\Help
2008-10-14 18:59:32 ----D---- C:\WINDOWS\system32\usmt
2008-10-14 18:59:32 ----D---- C:\WINDOWS\nview
2008-10-14 18:55:55 ----D---- C:\WINDOWS\ie7updates
2008-10-14 18:48:10 ----D---- C:\WINDOWS\system32\spool
2008-10-08 10:18:16 ----D---- C:\Program Files\Curse
2008-10-08 03:48:58 ----D---- C:\WINDOWS\msagent
2008-10-08 02:07:36 ----D---- C:\Program Files\Messenger
2008-10-08 02:06:42 ----D---- C:\Program Files\Windows Media Player
2008-10-08 02:05:53 ----D---- C:\Program Files\Outlook Express
2008-10-08 02:05:53 ----D---- C:\Program Files\Common Files\System
2008-10-08 02:05:20 ----D---- C:\WINDOWS\system32\Com
2008-10-06 07:18:26 ----D---- C:\Program Files\Common Files\AVSMedia
2008-10-06 07:16:03 ----D---- C:\WINDOWS\twain_32
2008-10-06 07:16:03 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Canon
2008-10-06 07:14:26 ----D---- C:\Program Files\BitDefender
2008-10-06 07:13:54 ----A---- C:\WINDOWS\bdagent.INI
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-17 22:27:54 ----D---- C:\WINDOWS\system32\Restore
2008-09-17 22:22:30 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Sonic Focus
2008-09-15 19:14:20 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-09-15 19:14:20 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-09-15 19:14:20 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-09-15 19:14:18 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-09-15 19:14:18 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-09-15 19:14:18 ----N---- C:\WINDOWS\system32\px.dll
2008-09-14 22:29:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-05 22:30:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 22:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 22:29:58 ----A---- C:\WINDOWS\system32\WgaTray.exe
2008-09-04 11:42:02 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 02:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 02:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 03:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 00:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-11 213008]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 abl4vsa1;abl4vsa1; C:\WINDOWS\system32\drivers\abl4vsa1.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-04-25 201992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-01 66872]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 Ventrilo;Ventrilo; C:\Program Files\VentSrv\ventrilo_svc.exe [2005-07-13 65536]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

PeteC · 2008/11/18

Welcome to WindowsBBS

Read this and post the logs requested in this thread.

aapocalypse · 2008/11/18

And here is the second log

info.txt logfile of random's system information tool 1.04 2008-11-18 18:14:38

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AirRivals 1.0.0.26--> "C:\Program Files\Gameforge4D\AirRivals\unins000.exe "
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BfSV 0.96--> "C:\Program Files\BfSV\unins000.exe "
Browser MOUSE-->C:\Program Files\Browser MOUSE\uninst00.exe
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
Comcast Universal Installer v1.2-->MsiExec.exe /I{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen MicroPhoto-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AEC8F41-4701-415D-9782-F69CFB535463}\SETUP.EXE" -l0x9 /remove
Curse Client-->C:\Program Files\Curse\uninstall.exe
CyberLink PowerDVD 8--> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
Defraggler (remove only)--> "C:\Program Files\Defraggler\uninst.exe "
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=" "
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LimeWire PRO 4.18.1--> "C:\Program Files\LimeWire\uninstall.exe "
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package--> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe "
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5--> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 9.0.9.4 Lite--> "C:\Program Files\Nero 9\unins000.exe "
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Qtracker-->C:\PROGRA~1\Qtracker\UNWISE.EXE C:\PROGRA~1\Qtracker\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Lord of the Rings Onlineâ„¢: Shadows of Angmarâ„¢ v01.08.00.812--> "C:\Program Files\Turbine\The Lord of the Rings Online\unins000.exe "
Uniblue RegistryBooster 2009--> "C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009--> "C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Imaging Component--> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Search 4.0--> "C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)--> "C:\Program Files\Xfire\uninst.exe "
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"NUMBER_OF_PROCESSORS "=2
"OS "=Windows_NT
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL "=6
"PROCESSOR_REVISION "=0f0d
"STACKS "=0,0
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"windir "=%SystemRoot%

-----------------EOF-----------------

noahdfear · 2008/11/18

Welcome to WindowsBBS aapocalypse

Quite a number of infections onboard there. Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

aapocalypse · 2008/11/19

Combo Fix log

ComboFix 08-11-18.A1 - Anthony - Desiree 2008-11-19 9:35:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1566 [GMT -5:00]
Running from: c:\documents and settings\Anthony - Desiree\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\iiffEvwW.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\WwvEffii.ini
c:\windows\system32\WwvEffii.ini2

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-19 09:13 . 2008-11-19 09:13 <DIR> d-------- c:\program files\Alex Feinman
2008-11-18 20:31 . 2008-11-18 20:31 <DIR> d-------- c:\documents and settings\Anthony
2008-11-18 19:46 . 2008-11-18 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-18 19:45 . 2008-11-18 19:45 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-18 19:45 . 2008-11-18 19:45 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\SUPERAntiSpyware.com
2008-11-18 18:42 . 2008-11-18 18:42 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\Malwarebytes
2008-11-18 18:42 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-18 18:41 . 2008-11-18 18:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-18 18:41 . 2008-11-18 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-18 18:41 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 18:28 . 2008-11-18 19:01 <DIR> d-------- c:\program files\a-squared Anti-Malware
2008-11-18 18:25 . 2008-11-18 18:25 <DIR> d-------- c:\program files\a-squared HiJackFree
2008-11-18 18:14 . 2008-11-18 18:14 <DIR> d----c--- C:\rsit
2008-11-18 18:14 . 2008-11-18 18:15 <DIR> d-------- c:\program files\trend micro
2008-11-18 16:48 . 2008-11-18 21:16 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-18 16:04 . 2008-11-18 16:10 <DIR> d---s---- c:\documents and settings\Administrator
2008-11-18 14:03 . 2008-11-18 18:02 <DIR> d-------- C:\Fraps
2008-11-18 14:03 . 2008-11-18 15:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-17 20:56 . 2008-11-17 20:56 <DIR> d-------- c:\program files\Ventrilo
2008-11-17 20:56 . 2008-11-17 20:56 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-17 01:34 . 2008-11-18 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-17 01:33 . 2008-11-17 01:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-11-17 01:25 . 2008-11-17 01:34 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\uniblue
2008-11-17 01:16 . 2008-11-18 18:06 <DIR> d-------- c:\program files\Uniblue
2008-11-17 01:11 . 2008-11-17 01:16 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-17 01:08 . 2008-11-17 01:08 <DIR> d----c--- C:\416690f76dbd2ae32738
2008-11-17 01:07 . 2008-11-17 01:13 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-17 01:06 . 2008-11-17 01:06 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\acccore
2008-11-17 01:05 . 2008-11-17 01:05 <DIR> d-------- c:\program files\Viewpoint
2008-11-17 01:05 . 2008-11-17 01:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-17 01:05 . 2008-11-17 01:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-17 01:05 . 2008-11-17 01:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-17 01:04 . 2008-11-17 01:04 <DIR> d-------- c:\program files\Common Files\AOL
2008-11-17 01:04 . 2008-11-17 01:05 <DIR> d-------- c:\program files\AIM6
2008-11-17 01:04 . 2008-11-17 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2008-11-17 01:04 . 2008-11-17 01:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-11-17 01:04 . 2008-11-17 01:05 463 --ah-c--- C:\IPH.PH
2008-11-17 00:59 . 2008-11-17 00:59 <DIR> dr-h-c--- C:\AHCache
2008-11-12 22:39 . 2008-11-12 22:39 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-10 20:23 . 2008-11-10 20:23 <DIR> d-------- c:\program files\BfSV
2008-11-09 22:43 . 2008-11-09 22:43 <DIR> d-------- c:\program files\Gameforge4D
2008-11-09 22:43 . 2004-05-10 12:14 118,272 --a------ c:\windows\system32\SX5363S.DLL
2008-11-09 22:43 . 2004-05-10 12:14 102,400 --a------ c:\windows\system32\RV32RTP.dll
2008-11-09 22:43 . 2004-05-10 12:15 40 --a------ c:\windows\system32\Sx5363.ini
2008-11-06 08:47 . 2008-11-06 08:47 0 --ah----- c:\windows\SwSys2.bmp
2008-11-06 08:47 . 2008-11-06 08:47 0 --ah----- c:\windows\SwSys1.bmp
2008-11-04 23:01 . 2008-11-14 15:46 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-04 23:01 . 2008-11-04 23:01 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-04 22:29 . 2008-11-04 22:29 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\DAEMON Tools
2008-11-04 22:29 . 2008-11-04 22:29 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-03 17:36 . 2008-11-18 17:21 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\LimeWire
2008-11-03 17:34 . 2008-11-03 17:34 <DIR> d-------- c:\program files\LimeWire
2008-11-03 17:17 . 2008-11-17 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-30 06:29 . 2008-10-30 06:29 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\Nero
2008-10-30 06:27 . 2008-10-30 06:27 <DIR> d-------- c:\program files\Common Files\Nero
2008-10-30 06:26 . 2008-10-30 06:27 <DIR> d-------- c:\program files\Nero 9
2008-10-30 06:16 . 2008-05-15 01:33 18,399,371 --a------ c:\documents and settings\All Users\P._Nero_B.ROM_8.3.2.1.exe
2008-10-29 21:40 . 2008-10-29 21:40 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-10-29 21:40 . 2008-10-29 21:40 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\Logitech
2008-10-29 21:40 . 2008-10-29 21:40 31 --a------ c:\windows\warhead.ini
2008-10-29 21:39 . 2008-10-29 21:39 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-29 21:39 . 2008-10-29 21:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-29 21:39 . 2008-10-29 21:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-10-29 21:38 . 2007-04-11 14:33 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-10-29 21:38 . 2007-04-23 03:00 163,840 --a------ c:\windows\system32\kemutb.dll
2008-10-29 21:38 . 2007-04-23 03:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-10-29 21:38 . 2007-04-23 03:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-10-29 21:38 . 2007-04-23 03:00 69,632 --a------ c:\windows\system32\KemXML.dll
2008-10-29 21:38 . 2007-04-11 14:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2008-10-29 21:38 . 2007-04-11 14:32 36,112 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2008-10-29 21:38 . 2007-04-11 14:32 34,832 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2008-10-29 21:37 . 2008-10-29 21:40 <DIR> d-------- c:\program files\Logitech
2008-10-29 21:37 . 2008-10-29 21:38 <DIR> d-------- c:\program files\Common Files\Logitech
2008-10-29 21:37 . 2008-10-29 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-10-29 21:37 . 2008-10-29 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-29 20:24 . 2008-10-29 20:24 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-10-28 18:51 . 2008-10-28 18:51 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-10-28 18:51 . 2008-10-28 18:51 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\SystemRequirementsLab
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-27 21:25 . 2008-10-27 21:24 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-24 19:28 . 2008-10-26 15:58 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\DivX
2008-10-24 17:22 . 2008-11-07 22:08 <DIR> d-------- c:\program files\DivX
2008-10-24 09:37 . 2008-11-14 15:45 <DIR> d-------- c:\program files\eMule
2008-10-20 12:52 . 2008-10-20 12:52 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\Turbine
2008-10-20 11:31 . 2008-10-20 11:31 <DIR> d-------- c:\program files\Turbine
2008-10-20 09:25 . 2008-10-20 11:31 <DIR> d-------- c:\documents and settings\Anthony - Desiree\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 15:03 630,816 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-19 15:03 3,236 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-19 15:03 22,864 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-19 15:03 2,788,384 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-19 14:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-19 00:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-18 16:38 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\uTorrent
2008-11-18 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 01:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-18 01:56 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\Ventrilo
2008-11-18 01:55 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\Xfire
2008-11-17 20:05 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\OpenOffice.org2
2008-11-17 06:05 --------- d-----w c:\program files\Yahoo!
2008-11-17 03:28 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\ComcastToolbar
2008-11-14 20:46 --------- d-----w c:\program files\MobMapUpdater
2008-11-14 20:45 --------- d-----w c:\program files\Common Files\SupportSoft
2008-11-14 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-11-14 20:43 --------- d-----w c:\program files\Windows Updates Downloader
2008-11-14 20:43 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-14 20:42 --------- d-----w c:\program files\EA GAMES
2008-11-14 20:42 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\My Battle for Middle-earth Files
2008-11-14 20:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 16:14 --------- d-----w c:\program files\World of Warcraft
2008-11-13 05:54 --------- d-----w c:\program files\Xfire
2008-11-13 03:28 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-13 03:27 183,120 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-03 19:20 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\Thinstall
2008-10-28 02:24 --------- d-----w c:\program files\Java
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 02:12 --------- d-----w c:\program files\IrfanView
2008-10-18 22:40 --------- d-----w c:\program files\Qtracker
2008-10-18 22:20 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\minimem
2008-10-16 04:01 --------- d-----w c:\program files\Defraggler
2008-10-16 04:01 --------- d-----w c:\program files\CCleaner
2008-10-15 01:24 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\Windows Search
2008-10-14 23:52 --------- d-----w c:\program files\MSBuild
2008-10-14 23:49 --------- d-----w c:\program files\Reference Assemblies
2008-10-14 23:43 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\Windows Desktop Search
2008-10-14 23:42 --------- d-----w c:\program files\Windows Desktop Search
2008-10-14 23:39 --------- d-----w c:\program files\MSXML 6.0
2008-10-14 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-14 04:06 --------- d-----w c:\documents and settings\All Users\Application Data\Comcast
2008-10-12 02:49 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-12 02:49 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-12 02:41 --------- d-----w c:\program files\Kaspersky Lab
2008-10-11 12:59 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-11 12:48 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-10-08 15:18 --------- d-----w c:\program files\Curse
2008-10-08 14:00 --------- d-----w c:\documents and settings\All Users\Application Data\Razer
2008-10-08 01:57 --------- d-----w c:\program files\VentSrv
2008-10-06 17:58 --------- d-----w c:\program files\Common Files\Scanner
2008-10-06 17:58 --------- d-----w c:\program files\ComcastToolbar
2008-10-06 13:58 --------- d-----w c:\program files\ComcastUI
2008-10-06 12:18 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-06 12:17 --------- d-----w c:\program files\PCFriendly
2008-10-06 12:16 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\Canon
2008-10-06 12:14 --------- d-----w c:\program files\BitDefender
2008-10-06 12:13 81,984 ----a-w c:\windows\system32\bdod.bin
2008-10-02 22:50 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 12:21 --------- d-----w c:\program files\Infogrames
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-24 18:23 --------- d-----w c:\program files\Creative
2008-09-24 17:51 --------- d-----w c:\documents and settings\Anthony - Desiree\Application Data\Creative
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-30 01:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-02 00:41 22,328 ----a-w c:\documents and settings\Anthony - Desiree\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2008-07-31 10:46 502272 6225f14b8ce08ccba8b25ad27843c674 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CurseClient "= "c:\program files\Curse\CurseClient.exe" [2008-11-02 4789760]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Uniblue RegistryBooster 2009 "= "c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-11-17 2019624]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"RemoteControl8 "= "c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut "= "c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"IntelAudioStudio "= "c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"a-squared "= "c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-11-02 2780816]
"FLMOFFICE4DMOUSE "= "c:\program files\Browser MOUSE\mouse32a.exe" [2008-07-29 360448]
"AVP "= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"nwiz "= "nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-29 692224]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1 "= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe "=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe "=
"c:\\Program Files\\Xfire\\xfire.exe "=
"c:\\Program Files\\Curse\\CurseClient.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\program files\Gameforge4D\AirRivals\Launcher.atm "= c:\program files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
"c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe "= c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-11-17 24652]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2008-07-31 36224]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2008-07-29 36224]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys []
.
- - - - ORPHANS REMOVED - - - -

BHO-{188976FB-7E3B-49EC-A8CD-A5CB50292EBF} - (no file)
BHO-{7A336406-F1F1-43B7-B52E-5EA47D40F682} - (no file)
BHO-{887846FF-041E-4357-8064-6515B746AD50} - c:\windows\system32\iiffEvwW.dll
BHO-{A2587760-63ED-4EF5-B30D-A7C5B53EE597} - (no file)
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
BHO-{DFE3768D-DD34-47AC-8935-97D505C33F2A} - (no file)
Toolbar-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-MobMapUpdater - c:\program files\MobMapUpdater\MobMapUpdater.exe
ShellExecuteHooks-{A2587760-63ED-4EF5-B30D-A7C5B53EE597} - (no file)
Notify-khfCVOFw - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Anthony - Desiree\Application Data\Mozilla\Firefox\Profiles\31um1qoo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.comcast.net?cid=NET_mmhpset
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 10:05:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\VentSrv\ventrilo_svc.exe
c:\program files\VentSrv\ventrilo_srv.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-11-19 10:12:02 - machine was rebooted [Anthony - Desiree]
ComboFix-quarantined-files.txt 2008-11-19 15:11:59

Pre-Run: 377,059,667,968 bytes free
Post-Run: 376,950,591,488 bytes free

323 --- E O F --- 2008-11-13 03:41:48

aapocalypse · 2008/11/19

Hijack this log

buntuLogfile of random's system information tool 1.04 (written by random/random)
Run by Anthony - Desiree at 2008-11-19 10:13:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 360 GB (75%) free of 477 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:03 AM, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony - Desiree\Desktop\RSIT.exe
C:\Program Files\trend micro\Anthony - Desiree.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe "
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217385160713
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7759 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-10-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL [2006-11-07 1821184]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"RemoteControl8 "=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut "=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"IntelAudioStudio "=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-09-21 9138176]
"Kernel and Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"a-squared "=C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe [2008-11-02 2780816]
"FLMOFFICE4DMOUSE "=C:\Program Files\Browser MOUSE\mouse32a.exe [2008-07-29 360448]
"AVP "=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-04-25 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"CurseClient "=C:\Program Files\Curse\CurseClient.exe [2008-11-02 4789760]
"DAEMON Tools Lite "=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Aim6 "=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"Messenger (Yahoo!) "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-11-17 2019624]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe "= "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox "
"C:\Program Files\World of Warcraft\Launcher.exe "= "C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\WINDOWS\system32\PnkBstrA.exe "= "C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA "
"C:\WINDOWS\system32\PnkBstrB.exe "= "C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB "
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe "= "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Xfire\xfire.exe "= "C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire "
"C:\Program Files\Curse\CurseClient.exe "= "C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client "
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe "= "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm "= "C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2 "
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe "= "C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Ventrilo\Ventrilo.exe "= "C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 3 months======

2008-11-19 10:12:03 ----AC---- C:\ComboFix.txt
2008-11-19 09:18:58 ----AC---- C:\Boot.bak
2008-11-19 09:18:51 ----RASHDC---- C:\cmdcons
2008-11-19 09:17:28 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\zip.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\VFIND.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\SWSC.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\SWREG.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\sed.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\grep.exe
2008-11-19 09:17:27 ----A---- C:\WINDOWS\fdsv.exe
2008-11-19 09:17:13 ----DC---- C:\Qoobox
2008-11-19 09:17:13 ----D---- C:\WINDOWS\ERDNT
2008-11-19 09:13:54 ----D---- C:\Program Files\Alex Feinman
2008-11-18 20:31:50 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-18 20:31:48 ----HD---- C:\Program Files\Uninstall Information
2008-11-18 19:46:14 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-18 19:45:54 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-18 19:45:54 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\SUPERAntiSpyware.com
2008-11-18 18:42:14 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Malwarebytes
2008-11-18 18:41:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-18 18:41:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-18 18:28:15 ----D---- C:\Program Files\a-squared Anti-Malware
2008-11-18 18:25:21 ----D---- C:\Program Files\a-squared HiJackFree
2008-11-18 18:14:19 ----DC---- C:\rsit
2008-11-18 18:14:19 ----D---- C:\Program Files\trend micro
2008-11-18 16:48:51 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-18 16:03:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-18 14:08:35 ----A---- C:\WINDOWS\system32\fff3d9c4-.txt
2008-11-18 14:03:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-18 14:03:19 ----D---- C:\Fraps
2008-11-17 20:56:14 ----D---- C:\Program Files\Ventrilo
2008-11-17 20:56:08 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-17 01:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-11-17 01:33:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-11-17 01:25:28 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\uniblue
2008-11-17 01:16:25 ----D---- C:\Program Files\Uniblue
2008-11-17 01:11:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-17 01:08:11 ----DC---- C:\416690f76dbd2ae32738
2008-11-17 01:07:52 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-17 01:06:06 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\acccore
2008-11-17 01:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-17 01:05:17 ----D---- C:\Program Files\Viewpoint
2008-11-17 01:05:17 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-17 01:05:15 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-17 01:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-11-17 01:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-17 01:04:32 ----D---- C:\Program Files\Common Files\AOL
2008-11-17 01:04:14 ----D---- C:\Program Files\AIM6
2008-11-17 00:59:36 ----RHDC---- C:\AHCache
2008-11-12 22:39:38 ----D---- C:\Program Files\MSXML 4.0
2008-11-10 20:23:19 ----D---- C:\Program Files\BfSV
2008-11-09 22:43:09 ----D---- C:\Program Files\Gameforge4D
2008-11-09 22:43:09 ----A---- C:\WINDOWS\system32\SX5363S.DLL
2008-11-09 22:43:09 ----A---- C:\WINDOWS\system32\Sx5363.ini
2008-11-09 22:43:09 ----A---- C:\WINDOWS\system32\RV32RTP.dll
2008-11-04 23:01:12 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-11-04 23:01:02 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-04 22:29:17 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\DAEMON Tools
2008-11-03 17:36:06 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\LimeWire
2008-11-03 17:34:18 ----D---- C:\Program Files\LimeWire
2008-11-03 17:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-30 06:29:04 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Nero
2008-10-30 06:27:23 ----D---- C:\Program Files\Common Files\Nero
2008-10-30 06:26:41 ----D---- C:\Program Files\Nero 9
2008-10-29 21:40:37 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Logitech
2008-10-29 21:40:19 ----D---- C:\Program Files\Common Files\LogiShared
2008-10-29 21:40:14 ----A---- C:\WINDOWS\warhead.ini
2008-10-29 21:38:57 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-10-29 21:38:28 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-10-29 21:38:28 ----A---- C:\WINDOWS\KHALMNPR.Exe
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\KemXML.dll
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\KemWnd.dll
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\KemUtil.dll
2008-10-29 21:38:09 ----A---- C:\WINDOWS\system32\kemutb.dll
2008-10-29 21:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-29 21:37:53 ----D---- C:\Program Files\Logitech
2008-10-29 21:37:51 ----D---- C:\Program Files\Common Files\Logitech
2008-10-29 21:37:25 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-29 20:24:22 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-10-28 18:51:31 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-28 18:51:25 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\SystemRequirementsLab
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\java.exe
2008-10-27 21:25:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-25 22:00:32 ----D---- C:\WINDOWS\pss
2008-10-24 19:28:29 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\DivX
2008-10-24 17:22:46 ----D---- C:\Program Files\DivX
2008-10-24 09:37:24 ----D---- C:\Program Files\eMule
2008-10-20 12:52:05 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Turbine
2008-10-20 11:31:37 ----D---- C:\Program Files\Turbine
2008-10-20 09:25:58 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\GetRightToGo
2008-10-18 17:38:53 ----D---- C:\Program Files\Qtracker
2008-10-18 17:20:03 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\minimem
2008-10-15 23:01:44 ----D---- C:\Program Files\Yahoo!
2008-10-15 23:01:32 ----D---- C:\Program Files\CCleaner
2008-10-15 23:01:18 ----D---- C:\Program Files\Defraggler
2008-10-14 20:24:58 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Windows Search
2008-10-14 18:52:17 ----D---- C:\Program Files\MSBuild
2008-10-14 18:50:11 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-14 18:49:37 ----D---- C:\Program Files\Reference Assemblies
2008-10-14 18:47:58 ----A---- C:\WINDOWS\system32\spmsg2.dll
2008-10-14 18:47:47 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-10-14 18:47:44 ----DC---- C:\d40a26fdff5a7771697be2bf37
2008-10-14 18:43:06 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Windows Desktop Search
2008-10-14 18:42:28 ----D---- C:\Program Files\Windows Desktop Search
2008-10-14 18:42:25 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-10-14 18:42:07 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-10-14 18:39:23 ----D---- C:\Program Files\MSXML 6.0
2008-10-14 18:29:13 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-14 18:29:13 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-14 18:29:13 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-14 07:12:25 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-13 23:06:00 ----D---- C:\Documents and Settings\All Users\Application Data\Comcast
2008-10-11 21:41:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-11 21:41:44 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-11 07:48:32 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-08 09:00:07 ----D---- C:\Documents and Settings\All Users\Application Data\Razer
2008-10-07 18:31:49 ----D---- C:\Program Files\VentSrv
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-06 14:08:30 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-06 14:08:27 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-06 13:54:02 ----DC---- C:\AeriaGames
2008-10-06 12:58:14 ----D---- C:\Program Files\Common Files\Scanner
2008-10-06 12:58:14 ----D---- C:\Program Files\ComcastToolbar
2008-10-06 12:58:14 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\ComcastToolbar
2008-10-06 12:52:04 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 09:26:30 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-10-06 08:58:20 ----D---- C:\Program Files\Common Files\SupportSoft
2008-10-06 08:58:20 ----D---- C:\Program Files\ComcastUI
2008-10-06 07:15:43 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 17:50:16 ----A---- C:\WINDOWS\system32\frapsvid.dll
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-25 07:21:33 ----D---- C:\Program Files\Infogrames
2008-09-25 03:03:38 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-09-25 03:03:38 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-25 03:03:34 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-09-25 03:03:32 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-09-25 03:03:32 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-09-25 03:03:32 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-09-25 03:03:30 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-09-25 03:03:30 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-09-25 03:03:18 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-24 09:57:56 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Creative
2008-09-24 09:56:59 ----N---- C:\WINDOWS\Ctregrun.exe
2008-09-24 09:48:12 ----D---- C:\Program Files\Creative
2008-09-20 13:42:29 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-09-20 13:42:20 ----A---- C:\WINDOWS\system32\vbar332.dll
2008-09-20 13:42:20 ----A---- C:\WINDOWS\system32\dsetup.dll
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-19 16:55:10 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-09-19 16:55:10 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-09-19 16:54:18 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-19 14:17:18 ----A---- C:\WINDOWS\syscheck.INI
2008-09-19 14:17:01 ----A---- C:\WINDOWS\PCFriend.INI
2008-09-19 14:15:33 ----A---- C:\WINDOWS\system32\INLOADER.DLL
2008-09-19 14:15:24 ----D---- C:\Program Files\PCFriendly
2008-09-19 14:15:14 ----A---- C:\WINDOWS\uninst.exe
2008-09-16 11:00:13 ----D---- C:\Program Files\LucasArts
2008-09-15 19:14:26 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-09-15 19:14:24 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-15 10:12:37 ----D---- C:\Program Files\InterActual
2008-09-15 08:25:08 ----A---- C:\WINDOWS\DXT13.tmp
2008-09-15 08:21:26 ----D---- C:\UnrealTournament
2008-08-29 20:06:44 ----A---- C:\WINDOWS\system32\msxml6.dll

======List of files/folders modified in the last 3 months======

2008-11-19 10:13:41 ----D---- C:\WINDOWS\Temp
2008-11-19 10:12:38 ----D---- C:\Program Files\Mozilla Firefox
2008-11-19 10:12:06 ----D---- C:\WINDOWS\system32\drivers
2008-11-19 10:12:06 ----D---- C:\WINDOWS\system32
2008-11-19 10:12:05 ----D---- C:\WINDOWS\Prefetch
2008-11-19 10:12:04 ----D---- C:\WINDOWS
2008-11-19 10:11:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-19 10:05:48 ----AC---- C:\WINDOWS\system.ini
2008-11-19 10:02:48 ----D---- C:\WINDOWS\system32\config
2008-11-19 09:36:40 ----D---- C:\WINDOWS\AppPatch
2008-11-19 09:36:40 ----D---- C:\Program Files\Common Files
2008-11-19 09:18:58 ----RASH---- C:\boot.ini
2008-11-19 09:17:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-19 09:14:03 ----SHD---- C:\WINDOWS\Installer
2008-11-19 09:13:54 ----RD---- C:\Program Files
2008-11-19 00:58:15 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-19 00:58:09 ----RSD---- C:\WINDOWS\assembly
2008-11-18 20:31:36 ----D---- C:\Documents and Settings
2008-11-18 19:45:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 16:48:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-18 16:11:13 ----D---- C:\WINDOWS\system32\wbem
2008-11-18 16:11:11 ----D---- C:\WINDOWS\Registration
2008-11-18 11:38:37 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\uTorrent
2008-11-17 21:14:57 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-17 20:58:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 20:58:39 ----D---- C:\WINDOWS\Debug
2008-11-17 20:57:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-17 20:56:31 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Ventrilo
2008-11-17 20:55:00 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Xfire
2008-11-17 15:05:10 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\OpenOffice.org2
2008-11-17 01:36:58 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-17 01:34:55 ----HD---- C:\WINDOWS\inf
2008-11-17 01:13:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-17 01:10:38 ----D---- C:\WINDOWS\WinSxS
2008-11-17 01:09:27 ----D---- C:\WINDOWS\system32\en-US
2008-11-17 01:09:23 ----RSD---- C:\WINDOWS\Fonts
2008-11-17 01:06:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 01:04:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-17 01:04:33 ----D---- C:\Program Files\Internet Explorer
2008-11-14 15:46:15 ----D---- C:\Program Files\MobMapUpdater
2008-11-14 15:43:37 ----D---- C:\Program Files\Windows Updates Downloader
2008-11-14 15:43:09 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-14 15:42:40 ----D---- C:\Program Files\EA GAMES
2008-11-14 15:42:18 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\My Battle for Middle-earth Files
2008-11-14 15:40:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 15:37:39 ----SD---- C:\WINDOWS\Tasks
2008-11-13 11:14:31 ----D---- C:\Program Files\World of Warcraft
2008-11-13 00:54:10 ----D---- C:\Program Files\Xfire
2008-11-12 22:40:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 22:27:54 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-09 01:46:14 ----SD---- C:\Documents and Settings\Anthony - Desiree\Application Data\Microsoft
2008-11-04 22:26:14 ----D---- C:\WINDOWS\system32\DirectX
2008-11-04 17:22:41 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Mozilla
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 14:20:19 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Thinstall
2008-11-03 14:18:00 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Adobe
2008-11-03 14:17:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-02 13:10:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-29 22:50:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-29 22:48:43 ----D---- C:\WINDOWS\Minidump
2008-10-29 21:39:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-27 21:24:44 ----D---- C:\Program Files\Java
2008-10-26 15:52:09 ----A---- C:\WINDOWS\win.ini
2008-10-24 17:08:31 ----D---- C:\WAR2
2008-10-23 00:44:07 ----D---- C:\WINDOWS\security
2008-10-19 21:12:56 ----D---- C:\Program Files\IrfanView
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 19:04:06 ----D---- C:\WINDOWS\Help
2008-10-14 18:59:32 ----D---- C:\WINDOWS\system32\usmt
2008-10-14 18:59:32 ----D---- C:\WINDOWS\nview
2008-10-14 18:55:55 ----D---- C:\WINDOWS\ie7updates
2008-10-14 18:48:10 ----D---- C:\WINDOWS\system32\spool
2008-10-08 10:18:16 ----D---- C:\Program Files\Curse
2008-10-08 03:48:58 ----D---- C:\WINDOWS\msagent
2008-10-08 02:07:36 ----D---- C:\Program Files\Messenger
2008-10-08 02:06:42 ----D---- C:\Program Files\Windows Media Player
2008-10-08 02:05:53 ----D---- C:\Program Files\Outlook Express
2008-10-08 02:05:53 ----D---- C:\Program Files\Common Files\System
2008-10-08 02:05:20 ----D---- C:\WINDOWS\system32\Com
2008-10-06 07:18:26 ----D---- C:\Program Files\Common Files\AVSMedia
2008-10-06 07:16:03 ----D---- C:\WINDOWS\twain_32
2008-10-06 07:16:03 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Canon
2008-10-06 07:14:26 ----D---- C:\Program Files\BitDefender
2008-10-06 07:13:54 ----A---- C:\WINDOWS\bdagent.INI
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-17 22:27:54 ----D---- C:\WINDOWS\system32\Restore
2008-09-17 22:22:30 ----D---- C:\Documents and Settings\Anthony - Desiree\Application Data\Sonic Focus
2008-09-15 19:14:20 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-09-15 19:14:20 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-09-15 19:14:20 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-09-15 19:14:18 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-09-15 19:14:18 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-09-15 19:14:18 ----A---- C:\WINDOWS\system32\px.dll
2008-09-14 22:29:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-05 22:30:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 22:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 22:29:58 ----A---- C:\WINDOWS\system32\WgaTray.exe
2008-09-04 11:42:02 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 02:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 02:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 03:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 00:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-11 213008]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 a7fosw5a;a7fosw5a; C:\WINDOWS\system32\drivers\a7fosw5a.sys []
S3 ak41nk7a;ak41nk7a; C:\WINDOWS\system32\drivers\ak41nk7a.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-11-02 419448]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-04-25 201992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-01 66872]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 Ventrilo;Ventrilo; C:\Program Files\VentSrv\ventrilo_svc.exe [2005-07-13 65536]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

aapocalypse · 2008/11/19

Thanks for the help I am noticing a change already. My comp runs faster and explorer.ese is staying up.

noahdfear · 2008/11/20

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
http://www.windowsbbs.com/malware-virus-removal/78819-active-some-wierd-stuff-going-w-explorer.html#post427821

Collect::
c:\windows\SwSys2.bmp
c:\windows\SwSys1.bmp
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

Highlight and copy the contents of the code box below.
Code:
@echo off
echo.  Searching ..... please wait
echo ~~winlogon backups~~>check.txt
echo.>>check.txt
dir %Systemdrive%\winlogon.exe /a h /s >>check.txt
echo.>>check.txt
start notepad check.txt
exit
cls
Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close and a log will open. Please post the contents of that log.

Log in or Sign up

Inactive [InActive] some wierd stuff going on w/ explorer

aapocalypse Inactive Thread Starter

PeteC SuperGeek Staff

aapocalypse Inactive Thread Starter

noahdfear Inactive

aapocalypse Inactive Thread Starter

aapocalypse Inactive Thread Starter

aapocalypse Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Inactive [InActive] some wierd stuff going on w/ explorer

aapocalypse Inactive Thread Starter

PeteC SuperGeek Staff

aapocalypse Inactive Thread Starter

noahdfear Inactive

aapocalypse Inactive Thread Starter

aapocalypse Inactive Thread Starter

aapocalypse Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches