PDA

View Full Version : Virtumonde


mayorofarta
2008-05-15, 08:03
Here's my HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:52, on 2008-05-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Melloware\Intelliremote\Intelliremote.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Autoruns\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21480760-CF88-40F7-8A2E-AC6DB2CFA952} - C:\WINDOWS\system32\qoMdCSjh.dll (file missing)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\wvUnKDVo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63F9D938-20AB-4F02-9407-26D00E73E23D} - C:\WINDOWS\system32\khfEUnKd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BF8A2ABB-98DF-4E26-8DD3-5608D1D0602E} - C:\WINDOWS\system32\khfCvVnK.dll (file missing)
O2 - BHO: (no name) - {C0993514-BEE7-4A61-A033-34E34E2709C4} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM3b1d1851] Rundll32.exe "C:\WINDOWS\system32\kxbpixpo.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1168] command /c del "C:\WINDOWS\system32\khfCvVnK.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6392] cmd /c del "C:\WINDOWS\system32\khfCvVnK.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9497] command /c del "C:\WINDOWS\system32\qoMdCSjh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5278] cmd /c del "C:\WINDOWS\system32\qoMdCSjh.dll_old"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: cfosspeed.exe.lnk = C:\Program Files\cFosSpeed\cfosspeed.exe
O4 - Global Startup: Intelliremote.exe.lnk = C:\Program Files\Melloware\Intelliremote\Intelliremote.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvUnKDVo - C:\WINDOWS\SYSTEM32\wvUnKDVo.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 14084 bytes

Thanks in advance!
mayorofarta
2008-05-15, 10:50
Can anyone check my Combofix log file? I have followed the procedures I read in other threads and here what I get. Is it clean?

ComboFix 08-05-12.1 - Mayorofarta 2008-05-15 10:33:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.1517 [GMT 3:00]
Running from: C:\Documents and Settings\Mayorofarta.CEREBRO\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bJQpqtwa.ini
C:\WINDOWS\system32\bJQpqtwa.ini2
C:\WINDOWS\system32\CbKUCJlm.ini
C:\WINDOWS\system32\CbKUCJlm.ini2
C:\WINDOWS\system32\dhvxmhmv.ini
C:\WINDOWS\system32\djoxrctm.ini
C:\WINDOWS\system32\dKnUEfhk.ini
C:\WINDOWS\system32\dKnUEfhk.ini2
C:\WINDOWS\system32\fteubfue.ini
C:\WINDOWS\system32\GPVuCJjl.ini2
C:\WINDOWS\system32\hjSCdMoq.ini
C:\WINDOWS\system32\hjSCdMoq.ini2
C:\WINDOWS\system32\hyouutfr.ini
C:\WINDOWS\system32\jhcgmknq.ini
C:\WINDOWS\system32\jStCIkkj.ini
C:\WINDOWS\system32\KnVvCfhk.ini
C:\WINDOWS\system32\KnVvCfhk.ini2
C:\WINDOWS\system32\KRCbKUvw.ini
C:\WINDOWS\system32\MTssDfhk.ini
C:\WINDOWS\system32\MTssDfhk.ini2
C:\WINDOWS\system32\nwrysufr.ini
C:\WINDOWS\system32\okymxqnx.ini
C:\WINDOWS\system32\rpvvkysq.ini
C:\WINDOWS\system32\uhflqjfn.ini
C:\WINDOWS\system32\wwGhPqss.ini
C:\WINDOWS\system32\wwGhPqss.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-15 09:07 . 2008-05-15 09:08 <DIR> d-------- C:\Program Files\File Type Manager
2008-05-15 09:07 . 2008-05-15 09:07 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-15 09:07 . 2008-05-15 09:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-15 07:48 . 2008-05-15 07:48 114,688 --a------ C:\WINDOWS\system32\vmhmxvhd.dll
2008-05-15 07:42 . 2008-05-15 07:42 126,464 --a------ C:\WINDOWS\system32\kxbpixpo.dll
2008-05-15 06:03 . 2008-05-15 06:03 114,688 --a------ C:\WINDOWS\system32\eufbuetf.dll
2008-05-15 06:00 . 2008-05-15 06:00 126,464 --a------ C:\WINDOWS\system32\clilvkfl.dll
2008-05-15 03:02 . 2008-05-15 03:02 114,688 --a------ C:\WINDOWS\system32\xnqxmyko.dll
2008-05-15 03:00 . 2008-05-15 03:00 126,464 --a------ C:\WINDOWS\system32\kfkpbgqg.dll
2008-05-14 13:59 . 2008-05-14 13:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
2008-05-14 13:53 . 2008-05-14 13:53 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-05-14 13:53 . 2008-05-14 14:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-05-14 12:33 . 2008-05-14 12:33 113,728 --a------ C:\WINDOWS\system32\REN_rftuuoyh.dll.vir
2008-05-14 11:55 . 2008-05-14 11:55 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-14 11:55 . 2008-05-14 11:55 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-14 11:20 . 2008-05-14 11:20 2,973 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-14 11:07 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-14 11:07 . 2008-04-14 05:40 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-05-14 11:07 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-05-14 11:05 . 2008-04-14 05:42 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2008-05-14 11:05 . 2008-04-14 05:42 33,280 --a--c--- C:\WINDOWS\system32\dllcache\rundll32.exe
2008-05-14 11:00 . 2008-04-14 05:41 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-05-14 11:00 . 2008-04-14 05:41 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-05-14 11:00 . 2008-04-14 05:41 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-05-14 11:00 . 2008-04-14 05:41 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-05-14 10:57 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003387_.tmp
2008-05-14 10:19 . 2008-05-14 10:19 114,240 --a------ C:\WINDOWS\system32\REN_mtcrxojd.dll.vir
2008-05-14 08:26 . 2008-05-14 08:08 371,200 --a------ C:\WINDOWS\system32\hgGVOICu.dll.vir
2008-05-14 08:10 . 2008-05-14 08:10 <DIR> d-------- C:\WINDOWS\RegCure
2008-05-14 08:10 . 2008-05-14 08:25 <DIR> d-------- C:\Program Files\RegCure
2008-05-14 08:09 . 2008-05-14 08:09 114,240 --a------ C:\WINDOWS\system32\REN_qsykvvpr.dll.vir
2008-05-14 08:07 . 2008-05-14 08:07 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\TuneUp Software
2008-05-14 05:59 . 2008-05-14 05:45 371,200 --a------ C:\WINDOWS\system32\ssqRKayV.dll.vir
2008-05-14 05:51 . 2008-05-14 05:51 114,240 --a------ C:\WINDOWS\system32\REN_rfusyrwn.dll.vir
2008-05-14 04:01 . 2008-05-14 04:01 <DIR> d-------- C:\Documents and Settings\Administrator.CEREBRO
2008-05-14 04:01 . 2008-05-15 10:33 1,024 --ah----- C:\Documents and Settings\Administrator.CEREBRO\NTUSER.dat.LOG
2008-05-14 03:50 . 2008-05-14 13:55 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-14 03:50 . 2008-05-14 03:50 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\PC Tools
2008-05-14 03:50 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-14 03:50 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-14 03:50 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-14 03:50 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-14 02:27 . 2008-05-14 02:27 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-14 01:38 . 2008-05-14 01:38 294 --ahs---- C:\WINDOWS\system32\hgobtryw.ini
2008-05-14 00:20 . 2008-05-14 00:22 371,200 --a------ C:\WINDOWS\system32\fccdcDtr.dll.vir
2008-05-13 23:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-13 22:00 . 2008-05-15 09:41 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-13 21:50 . 2008-05-13 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-13 02:56 . 2008-02-18 12:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-13 02:50 . 2008-05-15 10:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-13 02:50 . 2008-05-13 02:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-13 00:58 . 2008-05-13 00:58 <DIR> d-------- C:\Program Files\SEGA
2008-05-12 21:40 . 2008-05-15 07:41 1,949 --a------ C:\WINDOWS\wininit.ini
2008-05-12 19:40 . 2008-05-12 19:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2008-05-12 19:40 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-12 19:40 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-12 19:40 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-12 19:40 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-12 19:40 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-12 19:35 . 2008-05-12 19:35 115,776 --a------ C:\WINDOWS\system32\REN_cbstikiy.dll.vir
2008-05-12 19:35 . 2008-05-15 10:42 109,807 --a------ C:\WINDOWS\BM3b1d1851.xml
2008-05-12 19:32 . 2008-05-12 19:32 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\Simply Super Software
2008-05-12 18:37 . 2008-05-12 18:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\GRETECH
2008-05-12 18:36 . 2008-05-12 18:36 <DIR> d-------- C:\Program Files\GRETECH
2008-05-12 18:36 . 2008-05-12 18:36 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\GRETECH
2008-05-12 18:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-12 18:28 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-12 18:28 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-12 01:28 . 2008-05-12 01:28 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Contacts
2008-05-12 00:14 . 2008-05-12 00:14 <DIR> d-------- C:\Program Files\TechSmith
2008-05-12 00:14 . 2008-05-12 00:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2008-05-11 23:47 . 2008-05-11 23:47 58 --ahs---- C:\WINDOWS\system32\User.ini
2008-05-11 23:42 . 2008-05-11 23:42 48,128 --a------ C:\WINDOWS\system32\wmoptimizer.dll.vir
2008-05-11 23:17 . 2008-05-11 23:17 268 --ah----- C:\sqmdata00.sqm
2008-05-11 23:17 . 2008-05-11 23:17 244 --ah----- C:\sqmnoopt00.sqm
2008-05-11 23:10 . 2008-05-12 20:00 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\skypePM
2008-05-11 23:10 . 2008-05-11 23:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-05-11 23:10 . 2008-05-11 23:10 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-11 23:05 . 2008-05-11 23:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 23:05 . 2008-05-11 23:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-05-11 22:55 . 2008-05-11 22:55 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-05-11 22:48 . 2008-05-11 22:48 <DIR> d-------- C:\Program Files\filehippo.com
2008-05-11 22:44 . 2008-05-11 22:44 <DIR> d-------- C:\Program Files\TeraCopy
2008-05-11 22:44 . 2008-05-15 09:11 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\TeraCopy
2008-05-11 22:35 . 2008-05-11 22:35 <DIR> d-------- C:\Program Files\Defraggler
2008-05-11 18:48 . 2008-05-11 18:48 <DIR> d-------- C:\Program Files\IrfanView
2008-05-11 18:46 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-05-11 18:46 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-05-11 18:34 . 2008-05-11 18:34 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-05-11 18:34 . 2008-05-11 18:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2008-05-11 18:34 . 2006-11-22 11:35 42,496 --a------ C:\WINDOWS\system32\AdvUninstCPL.cpl
2008-05-11 04:20 . 2008-05-11 04:33 <DIR> d-------- C:\Program Files\Fusion
2008-05-11 02:14 . 2008-05-12 20:00 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\Skype
2008-05-11 00:39 . 2008-05-11 04:17 <DIR> d-------- C:\Program Files\Jnes
2008-05-11 00:31 . 2008-05-11 02:24 <DIR> d-------- C:\Program Files\Nestopia
2008-05-10 20:33 . 2008-05-10 20:33 <DIR> d-------- C:\WINDOWS\5 Spots
2008-05-10 20:33 . 2008-05-10 20:33 <DIR> d-------- C:\Program Files\5 Spots
2008-05-10 18:47 . 2008-05-10 18:48 <DIR> d-------- C:\Program Files\DVDFab 5
2008-05-08 20:20 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 20:01 . 2008-05-08 20:01 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\dwhelper
2008-05-06 16:43 . 2008-05-06 16:49 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\Azureus
2008-05-06 05:21 . 2008-05-12 19:45 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-05-06 05:21 . 2008-05-12 19:45 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-05-05 18:25 . 2008-05-05 18:25 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\ScummVM
2008-05-05 14:39 . 2008-05-05 14:39 <DIR> d-------- C:\Program Files\Sea War The Battles 2
2008-05-05 14:20 . 2008-05-05 14:20 <DIR> d-------- C:\WINDOWS\The Great Sea Battle
2008-05-05 14:20 . 2008-05-05 14:20 4 --a------ C:\WINDOWS\sbsystem.dat
2008-04-20 02:38 . 2008-04-20 02:38 <DIR> d-------- C:\Program Files\AlbumArt Aggregator
2008-04-20 01:30 . 2008-04-20 03:17 <DIR> d-------- C:\Program Files\Emsa DLL Register Tool
2008-04-18 20:01 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-04-18 20:01 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-17 21:05 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 13:49 . 2008-04-15 13:49 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-15 13:12 . 2008-04-15 13:12 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-15 13:10 . 2008-04-15 13:10 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-15 11:17 . 2008-04-15 11:17 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\Media Player Classic
2008-04-15 05:29 . 2005-05-24 21:24 169,534 --a------ C:\WINDOWS\SFO.ICO
2008-04-15 05:10 . 2008-04-15 05:10 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\PSPDocMaker
2008-04-15 05:07 . 2007-01-03 17:36 1,875,110 --a------ C:\WINDOWS\system\cygwin1.dll
2008-04-15 05:07 . 2007-01-03 17:46 66,048 --a------ C:\WINDOWS\system\cygz.dll
2008-04-15 04:52 . 2008-04-15 05:32 399 --a------ C:\WINDOWS\AudioConverter.INI
2008-04-15 04:49 . 2008-04-15 05:32 2,373 --a------ C:\WINDOWS\EaseAudioConverter.ini
2008-04-15 04:49 . 2008-04-15 05:32 47 --a------ C:\WINDOWS\aceg.ini
2008-04-15 04:47 . 2008-04-15 04:47 <DIR> d-------- C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\NCH Swift Sound
2008-04-15 04:47 . 2001-02-15 17:52 95,292 --a------ C:\WINDOWS\system32\atrac3.acm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:40 --------- d-----w C:\Program Files\cFosSpeed
2008-05-15 04:52 --------- d-----w C:\Program Files\Autoruns
2008-05-15 00:06 --------- d-----w C:\Program Files\Trojan Remover
2008-05-14 14:32 --------- d-----w C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\uTorrent
2008-05-13 23:03 --------- d-----w C:\Program Files\DC++
2008-05-13 22:59 --------- d-----w C:\Program Files\DC++0.699
2008-05-13 21:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-12 23:59 --------- d-----w C:\Program Files\iTunes
2008-05-12 23:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-05-12 23:58 --------- d-----w C:\Program Files\QuickTime
2008-05-12 23:50 --------- d-----w C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\Apple Computer
2008-05-12 19:24 --------- d-----w C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\Orbit
2008-05-12 15:57 --------- d-----w C:\Program Files\Bullfrog
2008-05-11 21:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 20:10 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-11 20:05 --------- d-----w C:\Program Files\Windows Live
2008-05-11 20:03 --------- d-----w C:\Program Files\Paint.NET
2008-05-11 19:56 --------- d-----w C:\Program Files\Java
2008-05-10 14:36 --------- d-----w C:\Program Files\AutoGK
2008-05-10 14:35 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-05 18:10 --------- d-----w C:\Program Files\ScummVM
2008-04-19 22:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-19 22:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-04-15 10:13 --------- d-----w C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\CyberLink
2008-04-15 10:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-04-15 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 10:10 --------- d-----w C:\Program Files\CyberLink
2008-04-15 10:09 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-15 09:13 --------- d-----w C:\Documents and Settings\Mayorofarta.CEREBRO\Application Data\Vso
2008-04-14 05:37 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2008-04-14 04:17 --------- d-----w C:\Program Files\SubtitleCreator
2008-04-14 03:20 --------- d-----w C:\Program Files\FurySync
2008-04-14 02:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 02:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 02:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 02:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 02:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 02:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 02:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 02:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 02:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 02:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 02:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 23:28 --------- d-----w C:\Program Files\UnderCoverXP
2008-04-13 22:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 21:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 21:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 21:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 21:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 21:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 21:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 21:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 21:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 21:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 21:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 21:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 21:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 21:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 21:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 21:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 21:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 21:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 21:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 21:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 21:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 21:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 21:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 21:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 21:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 21:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 21:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 21:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 21:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 21:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 21:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 21:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 21:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 21:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 21:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 21:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 21:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 21:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 21:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 21:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 21:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 21:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 21:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 21:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 21:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 21:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 21:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 21:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 21:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 21:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 21:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 21:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 21:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2006-12-02 01:28 108 --sha-r C:\WINDOWS\neoqaz2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21480760-CF88-40F7-8A2E-AC6DB2CFA952}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F9D938-20AB-4F02-9407-26D00E73E23D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0993514-BEE7-4A61-A033-34E34E2709C4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 16:08 136136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 11:10 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 11:10 131072]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20 91432]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BM3b1d1851"="C:\WINDOWS\system32\kxbpixpo.dll" [2008-05-15 07:42 126464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\Mayor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2003-11-14 03:55:40 3581680]

C:\Documents and Settings\Mayor.CEREBRO\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\Mayorofarta\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-13 23:50:09 546816]

C:\Documents and Settings\Mayorofarta.CEREBRO\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2003-11-14 03:55:40 3581680]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
cfosspeed.exe.lnk - C:\Program Files\cFosSpeed\cfosspeed.exe [2008-04-07 01:53:09 863448]
Intelliremote.exe.lnk - C:\Program Files\Melloware\Intelliremote\Intelliremote.exe [2008-02-15 04:31:43 849408]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-04-09 05:28:37 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\DC++0.699\\DCPlusPlus.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Sea War The Battles 2\\SeaWar.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SEGA\\THE HOUSE OF THE DEAD 2\\Hod2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service []
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-02-28 10:44]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2007-05-01 15:48]
R3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2007-05-01 15:48]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-08-23 14:00]
S2 WMOptimizer;Windows Media Optimizer;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:42]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-09 05:08]
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-02-29 14:08]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-04-09 22:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wmosvr REG_MULTI_SZ WMOptimizer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ca9562-0add-11dd-9dcd-001a4d4bf915}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{461c4ebe-08f7-11dd-9dc8-001a4d4bf915}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{469a48ba-0a7e-11dd-9dca-001a4d4bf915}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 07:39:59 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-15 00:01:59 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 10:41:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\WINDOWS\system32\kxbpixpo.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-15 10:46:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 07:46:26

Pre-Run: 692,305,920 bytes free
Post-Run: 613,679,104 bytes free

425 --- E O F --- 2008-05-13 21:59:05
mayorofarta
2008-05-15, 12:25
I fixed it myself reading from other posts. Thank you very much for your help even if it was not direct. Consider this thread closed.
pskelley
2008-05-16, 17:31
I fixed it myself reading from other posts. Thank you very much for your help even if it was not direct. Consider this thread closed.

Closed at the request of the member.
Thanks for letting us know.