View Full Version : Virtumonde Infection :(
hanabishi
2008-12-07, 05:14
Last time i posted thread was close due to inactivity sorry...I was on vacation for a few days. Anyways i've tried to fix this by using spybot s&d(maybe i should download one the suggested anti-virus programs) but it just re-establishes itself after removal here's a fresh log from hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] //~c:\program files\microsoft office\office12\groovemonitor.exe
O4 - HKLM\..\Run: [HP Software Update] //~c:\program files\hp\hp software update\hpwuschd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-515967899-776561741-682003330-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Dad')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: mdviem.dll maqypf.dll zpejec.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8817 bytes
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
No Antivirus
I can see no indication of any Antivirus software.
Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list ( Home users only)
Avira AntiVir (http://www.free-av.com/)
Avast (http://www.avast.com/eng/products.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Antivirus is a MUST
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
hanabishi
2008-12-11, 02:56
hi katana. I didnt see your reply so i purchased a copy of eset's nod32 anti-virus and removed ALOt of stuff. but my computer was still acting slow so i did another scan with nod32 and there are still some infections.
screenshot ScreenShot removed
So should i do another hijackthis scan?
Edit :-
Hi hanabishi,
Please could you not post large image files unless I request them.
Yes, Nod32 did remove a lot but there is still a lot to do.
hanabishi
2008-12-11, 03:13
So i just ran RSIT
and here's the log.txt and the info.txt( in that order)
Logfile of random's system information tool 1.04 (written by random/random)
Run by Virgilio Libo-on at 2008-12-10 20:53:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (5%) free of 133 GB
Total RAM: 446 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:17 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Minefield\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Virgilio Libo-on\My Documents\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Virgilio Libo-on.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {097B95B9-48B5-48BC-8721-1FEF62F2A42B} - (no file)
O2 - BHO: (no name) - {18F5E6AD-346B-4E28-A345-37964478A37C} - (no file)
O2 - BHO: (no name) - {23E9F4CA-EB4F-4987-9B68-90149377CC6A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55100B53-6EB8-4B4B-8553-D8158D1DF639} - (no file)
O2 - BHO: (no name) - {6CAB59B4-55A3-4737-9FD5-B93C6430BF77} - C:\WINDOWS\system32\qgakpdqx.dll
O2 - BHO: (no name) - {6DCB9D41-ECD3-4DFB-9770-F0EDC435323B} - (no file)
O2 - BHO: (no name) - {736C14D9-874E-4DEF-B6AC-E20A84F0A03D} - C:\WINDOWS\system32\opnopPFW.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8D85CD4B-E989-4045-9D51-EF2BA607C9FB} - C:\WINDOWS\system32\cbXNeDut.dll (file missing)
O2 - BHO: (no name) - {9c562718-75f7-4347-92a8-85d0cdf692fb} - (no file)
O2 - BHO: (no name) - {ACB77ECB-5A53-4C72-8834-536879388B5B} - (no file)
O2 - BHO: (no name) - {B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - C:\WINDOWS\system32\iifFUnMC.dll
O2 - BHO: (no name) - {B1711142-3E54-41B5-9C4B-C48D99BA00E2} - (no file)
O2 - BHO: (no name) - {BB6886FF-0BE3-4B89-A715-5C67FB9E84EE} - (no file)
O2 - BHO: {f36d739a-f22f-e518-2a14-af62c8b5d63d} - {d36d5b8c-26fa-41a2-815e-f22fa937d63f} - (no file)
O2 - BHO: (no name) - {FCF49B56-B25E-43A8-AA17-D445D87112FF} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] //~c:\program files\microsoft office\office12\groovemonitor.exe
O4 - HKLM\..\Run: [HP Software Update] //~c:\program files\hp\hp software update\hpwuschd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: mdviem.dll maqypf.dll zpejec.dll
O20 - Winlogon Notify: iifFUnMC - C:\WINDOWS\SYSTEM32\iifFUnMC.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11361 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-07-29 148912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{097B95B9-48B5-48BC-8721-1FEF62F2A42B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18F5E6AD-346B-4E28-A345-37964478A37C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23E9F4CA-EB4F-4987-9B68-90149377CC6A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55100B53-6EB8-4B4B-8553-D8158D1DF639}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CAB59B4-55A3-4737-9FD5-B93C6430BF77}]
C:\WINDOWS\system32\qgakpdqx.dll [2008-11-30 116224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DCB9D41-ECD3-4DFB-9770-F0EDC435323B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{736C14D9-874E-4DEF-B6AC-E20A84F0A03D}]
C:\WINDOWS\system32\opnopPFW.dll [2008-12-10 238592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D85CD4B-E989-4045-9D51-EF2BA607C9FB}]
C:\WINDOWS\system32\cbXNeDut.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c562718-75f7-4347-92a8-85d0cdf692fb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACB77ECB-5A53-4C72-8834-536879388B5B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0B3393C-62D1-44D8-ABF5-08E0F067F29E}]
C:\WINDOWS\system32\iifFUnMC.dll [2008-11-08 35328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1711142-3E54-41B5-9C4B-C48D99BA00E2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB6886FF-0BE3-4B89-A715-5C67FB9E84EE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d36d5b8c-26fa-41a2-815e-f22fa937d63f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCF49B56-B25E-43A8-AA17-D445D87112FF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-07-13 267592]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"GrooveMonitor"=//~c:\program files\microsoft office\office12\groovemonitor.exe []
"HP Software Update"=//~c:\program files\hp\hp software update\hpwuschd2.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-08-18 1447168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-03-20 15360]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-08-25 2610608]
"Google Update"=C:\Documents and Settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"nodenable"=C:\Program Files\eset\nodenable.exe [2008-09-23 326823]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe [2004-09-19 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
//~c:\program files\utilities\visualtooltip\visualtooltip.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Virgilio Libo-on\Start Menu\Programs\Startup
Styler.lnk - C:\Documents and Settings\Virgilio Libo-on\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mdviem.dll maqypf.dll zpejec.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifFUnMC]
C:\WINDOWS\system32\iifFUnMC.dll [2008-11-08 35328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-04-07 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{B0B3393C-62D1-44D8-ABF5-08E0F067F29E}"=C:\WINDOWS\system32\iifFUnMC.dll [2008-11-08 35328]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnopPFW
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Minefield\firefox.exe"="C:\Program Files\Minefield\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Virgilio Libo-on\My Documents\Downloads\Compressed\openarena-0.8.1\openarena.exe"="C:\Documents and Settings\Virgilio Libo-on\My Documents\Downloads\Compressed\openarena-0.8.1\openarena.exe:*:Enabled:openarena"
"C:\Documents and Settings\Virgilio Libo-on\My Documents\Downloads\Compressed\Nexuiz\nexuiz.exe"="C:\Documents and Settings\Virgilio Libo-on\My Documents\Downloads\Compressed\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c933602-50cd-11dd-89cf-806d6172696f}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2008-12-10 20:53:41 ----D---- C:\rsit
2008-12-10 20:11:09 ----ASH---- C:\WINDOWS\system32\WFPponpo.ini2
2008-12-10 20:11:06 ----ASH---- C:\WINDOWS\system32\WFPponpo.ini
2008-12-10 20:10:37 ----N---- C:\WINDOWS\system32\opnopPFW.dll
2008-12-09 16:00:21 ----A---- C:\WINDOWS\system32\urqPjKef.dll
2008-12-09 15:00:23 ----A---- C:\WINDOWS\system32\wvUkLEuU.dll
2008-12-09 11:05:32 ----A---- C:\WINDOWS\system32\opnLDUNH.dll
2008-12-09 10:05:32 ----A---- C:\WINDOWS\system32\byXQKDwx.dll
2008-12-09 09:05:34 ----A---- C:\WINDOWS\system32\khfGxYPj.dll
2008-12-08 20:56:15 ----A---- C:\WINDOWS\system32\byXQKdbx.dll
2008-12-08 20:48:26 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\Windows Search
2008-12-08 20:48:10 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\Windows Desktop Search
2008-12-08 20:46:20 ----D---- C:\Program Files\Windows Desktop Search
2008-12-08 20:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-12-08 20:45:23 ----A---- C:\WINDOWS\imsins.BAK
2008-12-08 20:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-12-08 19:56:16 ----A---- C:\WINDOWS\system32\yayxxXPi.dll
2008-12-08 19:46:49 ----D---- C:\Program Files\eBoostr
2008-12-08 18:42:57 ----A---- C:\WINDOWS\system32\wvUnLebX.dll
2008-12-08 17:42:56 ----A---- C:\WINDOWS\system32\hgGvtRLB.dll
2008-12-08 16:42:56 ----A---- C:\WINDOWS\system32\xxyyAQgF.dll
2008-12-08 15:42:54 ----A---- C:\WINDOWS\system32\fccaArrq.dll
2008-12-08 13:56:42 ----A---- C:\WINDOWS\system32\cbXqNHww.dll
2008-12-08 12:56:41 ----A---- C:\WINDOWS\system32\urqOhgDv.dll
2008-12-08 11:21:58 ----A---- C:\WINDOWS\system32\rqRIbxwv.dll
2008-12-08 10:21:56 ----A---- C:\WINDOWS\system32\vtUmJAqo.dll
2008-12-07 20:58:16 ----A---- C:\WINDOWS\system32\ljJdcYQg.dll
2008-12-06 23:41:22 ----D---- C:\Program Files\ESET
2008-12-06 23:41:22 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-06 16:57:28 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-05 20:33:28 ----ASH---- C:\WINDOWS\system32\irjbkamt.ini
2008-12-05 16:29:43 ----ASH---- C:\WINDOWS\system32\xagatljq.ini
2008-12-04 16:27:54 ----ASH---- C:\WINDOWS\system32\iperlnoc.ini
2008-12-03 15:37:06 ----ASH---- C:\WINDOWS\system32\bnhwghvn.ini
2008-12-02 18:07:29 ----ASH---- C:\WINDOWS\system32\mocixqro.ini
2008-12-01 18:05:13 ----ASH---- C:\WINDOWS\system32\uyaqkxdu.ini
2008-11-30 18:37:56 ----A---- C:\WINDOWS\system32\qgakpdqx.dll
2008-11-29 19:44:19 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\Yahoo!
2008-11-29 17:10:29 ----A---- C:\WINDOWS\system32\fnamrinu.dll
2008-11-28 17:07:58 ----ASH---- C:\WINDOWS\system32\msoulcur.ini
2008-11-27 18:53:55 ----D---- C:\Program Files\Efficient Networks
2008-11-27 18:13:27 ----A---- C:\WINDOWS\setdebug.exe
2008-11-27 18:13:26 ----A---- C:\WINDOWS\system32\jit.dll
2008-11-27 18:13:26 ----A---- C:\WINDOWS\system32\javaee.dll
2008-11-27 18:13:26 ----A---- C:\WINDOWS\system32\dx3j.dll
2008-11-27 18:13:12 ----A---- C:\WINDOWS\system32\wjview.exe
2008-11-27 18:13:12 ----A---- C:\WINDOWS\system32\vmhelper.dll
2008-11-27 18:13:12 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2008-11-27 18:13:12 ----A---- C:\WINDOWS\system32\msjava.dll
2008-11-27 18:13:12 ----A---- C:\WINDOWS\system32\msawt.dll
2008-11-27 18:13:12 ----A---- C:\WINDOWS\system32\jview.exe
2008-11-27 18:13:11 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2008-11-27 18:13:11 ----A---- C:\WINDOWS\system32\javart.dll
2008-11-27 18:13:11 ----A---- C:\WINDOWS\system32\javaprxy.dll
2008-11-27 18:13:11 ----A---- C:\WINDOWS\system32\javacypt.dll
2008-11-27 18:13:10 ----A---- C:\WINDOWS\system32\clspack.exe
2008-11-27 18:12:25 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2008-11-27 18:12:23 ----A---- C:\WINDOWS\system32\MCCDevice.dll
2008-11-27 18:12:23 ----A---- C:\WINDOWS\system32\MCC16.dll
2008-11-27 18:11:47 ----D---- C:\Program Files\Common Files\Motive
2008-11-23 18:14:55 ----D---- C:\WINDOWS\nview
2008-11-23 18:14:55 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-23 18:14:30 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-23 15:12:29 ----D---- C:\Program Files\Trend Micro
2008-11-22 18:27:22 ----ASH---- C:\WINDOWS\system32\bwjrugis.ini
2008-11-22 13:36:40 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\OpenArena
2008-11-22 10:57:26 ----ASH---- C:\WINDOWS\system32\tuDeNXbc.ini2
2008-11-22 10:24:51 ----A---- C:\WINDOWS\wininit.ini
2008-11-22 09:46:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 09:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 17:29:37 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-17 22:58:25 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-17 22:58:24 ----D---- C:\Program Files\Yahoo!
2008-11-16 17:54:36 ----D---- C:\Program Files\Minefield
2008-11-12 18:38:30 ----A---- C:\WINDOWS\system32\xwwfrqyx.dll
======List of files/folders modified in the last 1 months======
2008-12-10 20:55:32 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\uTorrent
2008-12-10 20:55:26 ----D---- C:\WINDOWS\Temp
2008-12-10 20:12:29 ----A---- C:\WINDOWS\system32\bbace039-.txt
2008-12-10 20:11:09 ----D---- C:\WINDOWS\system32
2008-12-10 19:45:50 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\FrostWire
2008-12-10 19:08:08 ----D---- C:\Program Files\PeerGuardian2
2008-12-10 19:07:05 ----D---- C:\WINDOWS
2008-12-10 19:06:16 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\IDM
2008-12-10 19:05:43 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\DMCache
2008-12-09 18:50:07 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-09 09:12:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-08 20:47:10 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-08 20:46:53 ----HD---- C:\WINDOWS\inf
2008-12-08 20:46:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-08 20:46:31 ----D---- C:\WINDOWS\system32\en-US
2008-12-08 20:46:20 ----RD---- C:\Program Files
2008-12-08 20:46:18 ----D---- C:\WINDOWS\system32\wbem
2008-12-08 20:45:19 ----D---- C:\WINDOWS\system32\dllcache
2008-12-08 19:47:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 11:42:20 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\U3
2008-12-07 21:00:15 ----A---- C:\WINDOWS\system32\w32apiw.dll
2008-12-07 20:50:49 ----ASH---- C:\WINDOWS\system32\tuDeNXbc.ini
2008-12-06 23:42:34 ----SHD---- C:\WINDOWS\Installer
2008-12-06 23:42:29 ----HD---- C:\Config.Msi
2008-12-03 21:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2008-12-03 21:15:05 ----A---- C:\WINDOWS\system32\prsgrc.dll
2008-12-01 23:20:44 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\Vso
2008-11-29 13:54:40 ----D---- C:\Documents and Settings\Virgilio Libo-on\Application Data\AVI ReComp
2008-11-29 10:31:13 ----D---- C:\Program Files\Internet Download Manager
2008-11-27 18:13:38 ----D---- C:\WINDOWS\Help
2008-11-27 18:13:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-27 18:13:21 ----D---- C:\WINDOWS\java
2008-11-27 18:11:47 ----D---- C:\Program Files\Common Files
2008-11-23 18:28:32 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-22 11:11:35 ----D---- C:\WINDOWS\Debug
2008-11-16 17:50:41 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-05-06 16512]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2008-04-10 71184]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2003-01-31 28005]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-03-20 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-24 47360]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-03-20 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-03-20 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-03-20 17152]
S3 ah7ng34q;ah7ng34q; C:\WINDOWS\system32\drivers\ah7ng34q.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-21 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-20 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-04-16 689416]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-03-20 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-08-18 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-04-16 894216]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-12-10 20:55:44
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adaptec ASPI XP v4.71.1-->C:\PROGRA~1\ADAPTE~1.1\UNWISE.EXE C:\PROGRA~1\ADAPTE~1.1\INSTALL.LOG
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\b9600135c080d752b5142ec8fb46979\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->C:\Program Files\Common Files\Adobe\Installers\b9600135c080d752b5142ec8fb46979\Setup.exe
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 8.02-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
AVI ReComp 1.4.3-->C:\Program Files\AVI ReComp\Uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Art Display 2.0-->"C:\Program Files\CD Art Display\unins000.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
CDRWIN 6.1-->MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}
ConvertXtoDVD 3.1.3.40-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
CopyTrans Suite Remove Only-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
CoreAVC Professional Edition (remove only)-->"C:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)-->rundll32.exe advpack.dll,LaunchINFSection DamnNFO.inf,DefaultUninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0-->"C:\Program Files\DVDFab 5\unins000.exe"
Eazy VCD 1.15a-->C:\PROGRA~1\EAZYVC~1\UNWISE.EXE C:\PROGRA~1\EAZYVC~1\INSTALL.LOG
eBoostr 2-->C:\Program Files\eBoostr\uninstall.exe
Efficient Networks SpeedStream DSL-->C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall
EmoDio-->"C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe" -runfromtemp -l0x0409 -removeonly
EmoDio-->MsiExec.exe /X{C20CE592-B0F8-4D20-BF31-0151CA6331A6}
ESET NOD32 Antivirus-->MsiExec.exe /I{1A3D8A23-3215-46B7-AB97-E304ADABFC18}
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Ipod Video Converter V 2.6-->"C:\Program Files\Ipod Video Converter\unins000.exe"
Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Gadget Installer-->MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IconPackager-->C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
jSVIcoder 0.8.0-->C:\Program Files\jSVIcoder\uninst.exe
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
KGB Archiver 2-->MsiExec.exe /I{FB28E2FA-9D08-4006-A584-6E1273A8E036}
LClock-->C:\Program Files\LClock\Uninstall.exe
Little Fighter 2 1.9c-->C:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
MeGUI modern media encoder (remove only)-->"C:\Program Files\megui\megui-uninstall.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Recent Documents Gadget-->MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.1b1)-->C:\Program Files\Minefield\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
nCleaner second 2.3.4.0-->C:\Program Files\NKProds\nCleaner\uninstall.exe
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rappelz_USA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Resource Hacker 3.4.0-->"C:\WINDOWS\Resource Hacker 3.4.0\uninstall.exe" "/U:C:\Program Files\Resource Hacker 3.4.0\Uninstall\uninstall.xml"
Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Styler-->MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb955433)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vertus Fluid Mask 3 3.0.5-->"C:\Program Files\Vertus Fluid Mask 3\Uninstall.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 4.01-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Sidebar-->RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
Windows Vista Sounds Pack-->MsiExec.exe /I{E1230694-33DA-4E74-82E1-06CC9D545E9B}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: ESET NOD32 Antivirus 3.0
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Alky for Applications\Libraries\;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Information
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
FrostWire 4.17.0
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
I will be removing all traces of it during the cleaning
----------------------------------------------------------- -----------------------------------------------------------
Step 1
Your log shows that TeaTimer is still running , please do the following
Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If required, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Post the log from ComboFix when you've accomplished that.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------- -----------------------------------------------------------
Step 4
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Now download and install Java Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp).
(it comes with a toolbar pre-selected, so make sure you uncheck the box)
----------------------------------------------------------- -----------------------------------------------------------
Step 5
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
MalwareBytes Log
Combofix Log
hanabishi
2008-12-13, 02:30
Malwarebytes log
Malwarebytes' Anti-Malware 1.31
Database version: 1495
Windows 5.1.2600 Service Pack 3
12/12/2008 7:38:48 PM
mbam-log-2008-12-12 (19-38-48).txt
Scan type: Quick Scan
Objects scanned: 61977
Time elapsed: 7 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 19
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 69
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ifatycsk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUlihff.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gmdnsg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifFUnMC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ibtqfylg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ibuzfs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qgakpdqx.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c1e6a54-93f8-4cc3-9beb-6ed0a88e38d5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c1e6a54-93f8-4cc3-9beb-6ed0a88e38d5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0b3393c-62d1-44d8-abf5-08e0f067f29e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iiffunmc (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b0b3393c-62d1-44d8-abf5-08e0f067f29e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cbf41342-7689-411e-a456-46f876e63dad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cbf41342-7689-411e-a456-46f876e63dad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cab59b4-55a3-4737-9fd5-b93c6430bf77} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6cab59b4-55a3-4737-9fd5-b93c6430bf77} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0b3393c-62d1-44d8-abf5-08e0f067f29e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cbf41342-7689-411e-a456-46f876e63dad} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c1e6a54-93f8-4cc3-9beb-6ed0a88e38d5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cab59b4-55a3-4737-9fd5-b93c6430bf77} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b0b3393c-62d1-44d8-abf5-08e0f067f29e} (Trojan.Vundo) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvulihff -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvulihff -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ibuzfs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifFUnMC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUlihff.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ffhilUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ffhilUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\garrufbu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubfurrag.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifatycsk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kscytafi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovngbbng.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gnbbgnvo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgakpdqx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gmdnsg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ibtqfylg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aagwfjws.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvtRLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGxYPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqOhgDv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPjKef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQKdbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQKDwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnamrinu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnjsjuwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkrkfhsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnLDUNH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qxgyctjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIbxwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scimwhib.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utnlmxvd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrclpafc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmJAqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xkxrnheq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaArrq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXqNHww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cemgkxni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkLEuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnLebX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvzwkc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lppnfayt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lypksman.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwfrqyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyyAQgF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxxXPi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwyalsst.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temp\ljqrmfuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temp\yjyuwxyl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temporary Internet Files\Content.IE5\7XUFBEG7\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temporary Internet Files\Content.IE5\7XUFBEG7\mslog[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temporary Internet Files\Content.IE5\7XUFBEG7\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temporary Internet Files\Content.IE5\JJ2FEBLM\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temporary Internet Files\Content.IE5\VR2NY032\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temporary Internet Files\Content.IE5\YZHO6934\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Virgilio Libo-on\Local Settings\Temporary Internet Files\Content.IE5\YZHO6934\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\29D28QI2\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\29D28QI2\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\6KYRYCNP\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\6KYRYCNP\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\6KYRYCNP\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\HL5NL5TL\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\HL5NL5TL\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\HL5NL5TL\mslog[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\XOFFNYJJ\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\XOFFNYJJ\mslog[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\XOFFNYJJ\mslog[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frederick Libo-on\Local Settings\Temporary Internet Files\Content.IE5\XOFFNYJJ\mslog[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Uninstall.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJdcYQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Combofix log
ComboFix 08-12-12.02 - Virgilio Libo-on 2008-12-12 19:56:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.51 [GMT -8:00]
Running from: c:\documents and settings\Virgilio Libo-on\My Documents\Downloads\Programs\ComboFix.exe
Command switches used :: c:\documents and settings\Virgilio Libo-on\My Documents\Downloads\Programs\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Virgilio Libo-on\Application Data\inst.exe
c:\program files\INSTALL.LOG
c:\windows\system32\bnhwghvn.ini
c:\windows\system32\bwjrugis.ini
c:\windows\system32\ffhilUvw.ini
c:\windows\system32\ffhilUvw.ini2
c:\windows\system32\gmdnsg.dll
c:\windows\system32\ibtqfylg.dll
c:\windows\system32\ibuzfs.dll
c:\windows\system32\ifatycsk.dll
c:\windows\system32\iifFUnMC.dll
c:\windows\system32\iperlnoc.ini
c:\windows\system32\irjbkamt.ini
c:\windows\system32\kscytafi.ini
c:\windows\system32\MCC16.dll
c:\windows\system32\mocixqro.ini
c:\windows\system32\msoulcur.ini
c:\windows\system32\prsgrc.dll
c:\windows\system32\qgakpdqx.dll
c:\windows\system32\tuDeNXbc.ini
c:\windows\system32\tuDeNXbc.ini2
c:\windows\system32\uyaqkxdu.ini
c:\windows\system32\w32apiw.dll
c:\windows\system32\WFPponpo.ini
c:\windows\system32\WFPponpo.ini2
c:\windows\system32\wvUlihff.dll
c:\windows\system32\xagatljq.ini
.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.
2008-12-12 20:05 . 2008-12-12 20:05 <DIR> d-------- c:\windows\system32\xircom
2008-12-12 20:05 . 2008-12-12 20:05 <DIR> d-------- c:\program files\microsoft frontpage
2008-12-12 19:48 . 2008-12-12 19:49 <DIR> d-------- C:\32788R22FWJFW
2008-12-12 17:56 . 2008-12-12 17:56 <DIR> d-------- c:\documents and settings\Virgilio Libo-on\Application Data\Malwarebytes
2008-12-12 17:55 . 2008-12-12 19:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-12 17:55 . 2008-12-12 17:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-12 17:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 17:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 20:53 . 2008-12-10 20:55 <DIR> d-------- C:\rsit
2008-12-09 09:01 . 2008-12-09 09:01 <DIR> d-------- c:\documents and settings\Frederick Libo-on\Application Data\Windows Desktop Search
2008-12-08 20:48 . 2008-12-08 20:48 <DIR> d-------- c:\documents and settings\Virgilio Libo-on\Application Data\Windows Search
2008-12-08 20:48 . 2008-12-08 20:48 <DIR> d-------- c:\documents and settings\Virgilio Libo-on\Application Data\Windows Desktop Search
2008-12-08 20:46 . 2008-12-08 20:46 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-08 20:45 . 2008-12-08 20:45 1,374 --a------ c:\windows\imsins.BAK
2008-12-08 20:44 . 2008-03-07 09:02 192,000 --a------ c:\windows\system32\dllcache\offfilt.dll
2008-12-08 20:44 . 2008-03-07 09:02 98,304 --a------ c:\windows\system32\dllcache\nlhtml.dll
2008-12-08 20:44 . 2008-03-07 09:02 29,696 --a------ c:\windows\system32\dllcache\mimefilt.dll
2008-12-08 19:46 . 2008-12-08 19:47 <DIR> d-------- c:\program files\eBoostr
2008-12-06 23:41 . 2008-12-06 23:44 <DIR> d-------- c:\program files\ESET
2008-12-06 23:41 . 2008-12-06 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-06 12:39 . 2008-12-06 12:39 <DIR> d-------- c:\documents and settings\Dad\Application Data\GRETECH
2008-12-05 16:13 . 2008-12-05 16:13 268 --ah----- C:\sqmdata19.sqm
2008-12-05 16:13 . 2008-12-05 16:13 244 --ah----- C:\sqmnoopt19.sqm
2008-12-04 18:26 . 2008-12-04 18:26 268 --ah----- C:\sqmdata18.sqm
2008-12-04 18:26 . 2008-12-04 18:26 244 --ah----- C:\sqmnoopt18.sqm
2008-12-04 16:26 . 2008-12-04 16:26 268 --ah----- C:\sqmdata17.sqm
2008-12-04 16:26 . 2008-12-04 16:26 244 --ah----- C:\sqmnoopt17.sqm
2008-11-29 19:44 . 2008-11-29 19:44 <DIR> d-------- c:\documents and settings\Virgilio Libo-on\Application Data\Yahoo!
2008-11-27 18:53 . 2008-11-27 18:53 <DIR> d-------- c:\program files\Efficient Networks
2008-11-27 18:53 . 2003-01-31 08:08 28,005 --------- c:\windows\system32\drivers\enethusb.sys
2008-11-27 18:12 . 2008-11-27 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Motive
2008-11-27 18:12 . 2003-08-14 14:23 69,632 --a------ c:\windows\system32\MCCDevice.dll
2008-11-27 18:11 . 2008-11-27 18:12 <DIR> d-------- c:\program files\Common Files\Motive
2008-11-27 18:11 . 2002-02-13 15:53 6,345 -ra------ c:\windows\system32\DevMngr.vxd
2008-11-24 19:00 . 2008-11-24 19:00 244 --ah----- C:\sqmnoopt16.sqm
2008-11-24 19:00 . 2008-11-24 19:00 232 --ah----- C:\sqmdata16.sqm
2008-11-23 18:21 . 2008-05-19 18:16 186,407 --a------ c:\windows\system32\nvapps.nvb
2008-11-23 18:14 . 2008-11-23 18:25 <DIR> d-------- c:\windows\nview
2008-11-23 18:14 . 2008-05-16 11:48 446,464 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-23 18:14 . 2008-05-16 14:01 446,464 --a------ c:\windows\system32\nvudisp.exe
2008-11-23 18:14 . 2008-12-12 17:03 181,020 --a------ c:\windows\system32\nvapps.xml
2008-11-23 18:14 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-11-23 15:12 . 2008-11-23 15:12 <DIR> d-------- c:\program files\Trend Micro
2008-11-22 13:36 . 2008-11-22 13:36 <DIR> d-------- c:\documents and settings\Virgilio Libo-on\Application Data\OpenArena
2008-11-22 10:24 . 2008-11-22 10:24 95 --a------ c:\windows\wininit.ini
2008-11-22 09:46 . 2008-11-22 09:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-22 09:46 . 2008-12-12 01:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 16:08 . 2008-11-21 16:08 268 --ah----- C:\sqmdata15.sqm
2008-11-21 16:08 . 2008-11-21 16:08 244 --ah----- C:\sqmnoopt15.sqm
2008-11-21 09:19 . 2008-11-21 09:19 268 --ah----- C:\sqmdata14.sqm
2008-11-21 09:19 . 2008-11-21 09:19 244 --ah----- C:\sqmnoopt14.sqm
2008-11-20 21:24 . 2008-11-20 21:24 268 --ah----- C:\sqmdata13.sqm
2008-11-20 21:24 . 2008-11-20 21:24 244 --ah----- C:\sqmnoopt13.sqm
2008-11-20 18:19 . 2008-11-20 18:19 268 --ah----- C:\sqmdata12.sqm
2008-11-20 18:19 . 2008-11-20 18:19 244 --ah----- C:\sqmnoopt12.sqm
2008-11-20 15:09 . 2008-11-20 15:09 268 --ah----- C:\sqmdata11.sqm
2008-11-20 15:09 . 2008-11-20 15:09 244 --ah----- C:\sqmnoopt11.sqm
2008-11-19 17:48 . 2008-11-19 17:48 268 --ah----- C:\sqmdata10.sqm
2008-11-19 17:48 . 2008-11-19 17:48 244 --ah----- C:\sqmnoopt10.sqm
2008-11-19 17:29 . 2008-11-19 17:29 <DIR> d-------- c:\documents and settings\Frederick Libo-on\Application Data\Yahoo!
2008-11-19 17:29 . 2008-11-19 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-19 16:20 . 2008-11-19 16:20 268 --ah----- C:\sqmdata09.sqm
2008-11-19 16:20 . 2008-11-19 16:20 244 --ah----- C:\sqmnoopt09.sqm
2008-11-17 22:58 . 2008-11-17 23:00 <DIR> d-------- c:\program files\Yahoo!
2008-11-17 22:58 . 2008-11-17 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-16 17:54 . 2008-12-12 19:05 <DIR> d-------- c:\program files\Minefield
2008-11-13 16:31 . 2008-11-13 16:31 <DIR> d--hs---- c:\documents and settings\Frederick Libo-on\PrivacIE
2008-11-13 16:30 . 2008-11-13 16:30 268 --ah----- C:\sqmdata08.sqm
2008-11-13 16:30 . 2008-11-13 16:30 244 --ah----- C:\sqmnoopt08.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 03:57 --------- d-----w c:\documents and settings\Virgilio Libo-on\Application Data\DMCache
2008-12-13 01:04 --------- d-----w c:\program files\PeerGuardian2
2008-12-13 01:04 --------- d-----w c:\documents and settings\Virgilio Libo-on\Application Data\IDM
2008-12-11 05:48 --------- d-----w c:\documents and settings\Virgilio Libo-on\Application Data\uTorrent
2008-12-11 03:45 --------- d-----w c:\documents and settings\Virgilio Libo-on\Application Data\FrostWire
2008-12-08 19:42 --------- d-----w c:\documents and settings\Virgilio Libo-on\Application Data\U3
2008-12-04 05:29 --------- d-----w c:\documents and settings\All Users\Application Data\eboostr
2008-12-02 07:20 --------- d-----w c:\documents and settings\Virgilio Libo-on\Application Data\Vso
2008-11-29 21:54 --------- d-----w c:\documents and settings\Virgilio Libo-on\Application Data\AVI ReComp
2008-11-29 18:31 --------- d-----w c:\program files\Internet Download Manager
2008-11-08 19:38 --------- d-----w c:\program files\Opera
2008-11-06 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-21 23:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-07-25 01:06 47,360 ----a-w c:\documents and settings\Virgilio Libo-on\Application Data\pcouffin.sys
2008-07-13 19:50 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-07-13 19:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-07-13 19:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071320080714\index.dat
2008-07-13 19:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2008-08-14 02:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
2008-08-14 01:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
2008-08-14 02:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
2008-04-04 12:48 2350208 56313f4d281f6770783a918474539594 c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-13 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-20 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-08-25 2610608]
"Google Update"="c:\documents and settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
"nltide_3"="advpack.dll" [2008-08-22 c:\windows\system32\advpack.dll]
c:\documents and settings\Virgilio Libo-on\Start Menu\Programs\Startup\
Styler.lnk - c:\documents and settings\Virgilio Libo-on\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-07-13 15086]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-04-16 398968]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 07:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 16:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-19 11:27 65536 c:\program files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-03-22 21:18 1271808 c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 16:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Minefield\\firefox.exe"=
"c:\\Documents and Settings\\Virgilio Libo-on\\My Documents\\Downloads\\Compressed\\openarena-0.8.1\\openarena.exe"=
"c:\\Documents and Settings\\Virgilio Libo-on\\My Documents\\Downloads\\Compressed\\Nexuiz\\nexuiz.exe"=
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2008-04-16 92280]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-08-18 468224]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-04-16 689416]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-08-27 113896]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-04-16 894216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c933602-50cd-11dd-89cf-806d6172696f}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
2008-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-11-08 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 14:07]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{097B95B9-48B5-48BC-8721-1FEF62F2A42B} - (no file)
BHO-{18F5E6AD-346B-4E28-A345-37964478A37C} - (no file)
BHO-{23E9F4CA-EB4F-4987-9B68-90149377CC6A} - (no file)
BHO-{55100B53-6EB8-4B4B-8553-D8158D1DF639} - (no file)
BHO-{6DCB9D41-ECD3-4DFB-9770-F0EDC435323B} - (no file)
BHO-{736C14D9-874E-4DEF-B6AC-E20A84F0A03D} - c:\windows\system32\opnopPFW.dll
BHO-{8D85CD4B-E989-4045-9D51-EF2BA607C9FB} - c:\windows\system32\cbXNeDut.dll
BHO-{9c562718-75f7-4347-92a8-85d0cdf692fb} - (no file)
BHO-{ACB77ECB-5A53-4C72-8834-536879388B5B} - (no file)
BHO-{B1711142-3E54-41B5-9C4B-C48D99BA00E2} - (no file)
BHO-{BB6886FF-0BE3-4B89-A715-5C67FB9E84EE} - (no file)
BHO-{CBF41342-7689-411E-A456-46F876E63DAD} - c:\windows\system32\wvUlihff.dll
BHO-{d36d5b8c-26fa-41a2-815e-f22fa937d63f} - (no file)
BHO-{FCF49B56-B25E-43A8-AA17-D445D87112FF} - (no file)
HKLM-Run-GrooveMonitor - files\microsoft office\office12\groovemonitor.exe
HKLM-Run-HP Software Update - files\hp\hp software update\hpwuschd2.exe
MSConfigStartUp-VisualTooltip - files\utilities\visualtooltip\visualtooltip.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=1607
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Virgilio Libo-on\Application Data\Mozilla\Firefox\Profiles\hgbpi96e.default\
FF - plugin: c:\documents and settings\Virgilio Libo-on\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Minefield\plugins\npnul32.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM6.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 20:07:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(260)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Styler\StylerHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\rundll32.exe
c:\program files\Styler\Styler.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-12-12 20:17:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-13 04:16:43
Pre-Run: 5,735,538,688 bytes free
Post-Run: 5,655,842,816 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
332 --- E O F --- 2008-11-06 05:47:14
How are things running now ?
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
c:\documents and settings\Virgilio Libo-on\Application Data\uTorrent
c:\documents and settings\Virgilio Libo-on\Application Data\FrostWire
c:\Program Files\uTorrent
c:\Program Files\FrostWire
Registry::
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
hanabishi
2008-12-13, 22:47
Before i begin the kaspersky scan, i would like to know one thing: you stated that "This scan is best done from IE" so does that mean that if i do it from firefox the results will not be as good?
Some people have had trouble doing the scan in Firefox, no obvious reason why but there you go.
It's not a case of the results not being as good, it's more the fact that the scan may not run at all.
If it runs in Firefox for you, that is fine.