PDA

View Full Version : No Virus Program Will Load!



Wizit
2009-04-07, 02:24
Im trying to run Malware Bytes, Spybot, and HiJackThis and NONE of them work! I got an email from spybot telling me try this patch they sent me and it didnt work. I think a virus is the cause of this. I need serious help.

Sorry, cant post a HiJackThis log, it will scan to 015- and then it will stop responding so im not sure if you can help me.:sad:

katana
2009-04-10, 16:34
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Welcome back Wizit :)


Download and Run ComboFix
----------------------------------------------------------------------------------------

Download Combofix from the link below. Save it to your desktop.

>Link Removed<

--------------------------------------------------------------------

Double click on CleanMe.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Wizit
2009-04-12, 02:11
Hey katana nice to see you again. Sorry about making you help me again. :(

Here is the log:

ComboFix 09-04-04.01 - Administrator 04/11/2009 17:38:01.4 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.127.19 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Desktop\CleanMe.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 1
'PV' is not recognized as an internal or external command


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\NCTTAudioFile.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 17:32 . 06-03-02 23:42 73,728 --a------ C:\pv.exe
2009-04-09 21:37 . 09-04-09 21:37 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\AVGTOOLBAR
2009-04-09 20:37 . 09-04-09 20:37 0 --a------ C:\WINNT\system32\commonpriv.log.lock
2009-04-09 20:18 . 09-04-09 20:18 108,552 --a------ C:\WINNT\system32\drivers\avgtdix.sys
2009-04-09 20:17 . 09-04-09 20:17 325,640 --a------ C:\WINNT\system32\drivers\avgldx86.sys
2009-04-09 20:16 . 09-04-09 20:16 <DIR> d-------- C:\WINNT\system32\drivers\Avg
2009-04-09 20:16 . 09-04-09 20:16 <DIR> d-------- C:\Program Files\AVG
2009-04-09 20:16 . 09-04-09 20:16 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\avg8
2009-04-09 20:15 . 09-04-09 20:15 <DIR> d-------- C:\WINNT\winsxs
2009-04-09 20:12 . 09-04-10 06:06 8,192 --a------ C:\Documents and Settings\Josh
2009-04-06 18:01 . 09-04-06 18:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-06 18:01 . 09-03-26 16:49 38,496 --a------ C:\WINNT\system32\drivers\mbamswissarmy.sys
2009-04-06 18:01 . 09-03-26 16:49 15,504 --a------ C:\WINNT\system32\drivers\mbam.sys
2009-04-06 17:48 . 09-04-06 17:48 <DIR> d--h----- C:\Documents and Settings\All Users.WINNT\Application Data\CanonBJ
2009-04-06 17:48 . 05-05-06 21:00 140,288 --a------ C:\WINNT\system32\CNMLM7K.DLL
2009-04-06 17:48 . 05-05-06 21:00 8,704 --a------ C:\WINNT\system32\CNMVS7K.DLL
2009-04-06 17:47 . 03-06-19 13:05 12,592 --a------ C:\WINNT\system32\drivers\usbscan.sys
2009-04-06 17:47 . 03-06-19 13:05 12,592 --a------ C:\WINNT\system32\dllcache\usbscan.sys
2009-04-05 18:55 . 03-02-28 16:34 313,856 --a------ C:\WINNT\system32\dx3j.dll
2009-04-05 18:55 . 03-02-28 18:26 171,280 --a------ C:\WINNT\system32\jit.dll
2009-04-05 18:55 . 03-02-28 18:26 139,536 --a------ C:\WINNT\system32\javaee.dll
2009-04-05 18:55 . 03-02-28 18:26 46,352 --a------ C:\WINNT\setdebug.exe
2009-04-05 18:55 . 03-02-28 16:54 7,315 --a------ C:\WINNT\system32\javasup.vxd
2009-04-05 18:55 . 03-02-28 16:35 6,550 --a------ C:\WINNT\jautoexp.dat
2009-04-05 16:19 . 09-04-05 16:19 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\NCH Software
2009-04-05 14:01 . 09-04-05 14:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2009-04-05 13:30 . 09-04-05 13:30 <DIR> d-------- C:\Program Files\Panda Security
2009-04-04 17:04 . 09-04-04 17:04 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\WinPatrol
2009-04-04 17:03 . 09-04-04 17:03 <DIR> d-------- C:\Program Files\BillP Studios
2009-04-04 10:44 . 09-04-04 10:44 <DIR> d-------- C:\Program Files\FrostWire
2009-04-04 10:42 . 09-04-04 10:42 <DIR> d-------- C:\Program Files\AskBarDis
2009-03-29 14:34 . 09-03-29 14:34 <DIR> d--h----- C:\WINNT\system32\CanonMP Uninstaller Information
2009-03-29 14:34 . 05-05-30 11:45 139,264 --a------ C:\WINNT\system32\CNCL150.DLL
2009-03-29 14:34 . 05-08-04 05:12 94,208 --a------ C:\WINNT\system32\CNCU150.DLL
2009-03-29 14:33 . 09-03-29 14:33 <DIR> d--h----- C:\CanonMP
2009-03-29 14:33 . 01-07-21 10:30 22,048 --a------ C:\WINNT\system32\cocpyinf.dll
2009-03-28 00:39 . 09-03-28 00:39 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\NCH Software
2009-03-27 23:44 . 09-03-27 23:44 <DIR> d-------- C:\Program Files\NCH Software
2009-03-25 07:57 . 09-03-25 07:57 <DIR> d--h----- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2009-03-24 15:46 . 09-03-24 15:47 <DIR> d-------- C:\Program Files\Adaptec
2009-03-23 07:25 . 09-03-23 07:25 <DIR> d-------- C:\Program Files\Common Files\Hypnotizer
2009-03-23 07:21 . 09-03-23 07:21 <DIR> d-------- C:\Documents and Settings\ADMINI~1~Q-9\LOCALS~1
2009-03-23 07:21 . 09-03-23 07:21 <DIR> d-------- C:\Documents and Settings\ADMINI~1~Q-9
2009-03-23 05:49 . 02-12-11 15:08 192,512 --a------ C:\WINNT\system32\dllcache\unregmp2.exe
2009-03-23 05:48 . 02-12-11 18:50 301,712 --a------ C:\WINNT\system32\drmclien.dll
2009-03-23 05:48 . 02-12-11 18:50 301,712 --a------ C:\WINNT\system32\dllcache\drmclien.dll
2009-03-23 05:48 . 02-12-11 17:34 82,432 --a------ C:\WINNT\system32\drmstor.dll
2009-03-23 05:48 . 02-12-11 17:34 82,432 --a------ C:\WINNT\system32\dllcache\drmstor.dll
2009-03-23 05:48 . 02-12-11 17:34 9,728 --a------ C:\WINNT\system32\dllcache\npwmsdrm.dll
2009-03-23 04:22 . 03-03-30 20:08 372,736 --a------ C:\WINNT\system32\xvid.ax
2009-03-23 03:10 . 09-03-23 03:10 <DIR> d-------- C:\FOUND.000
2009-03-22 20:28 . 09-03-22 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\vlc
2009-03-22 19:40 . 09-03-22 19:40 <DIR> d-------- C:\Program Files\VideoLAN
2009-03-22 19:27 . 03-06-19 20:45 7,952 --a------ C:\WINNT\system32\snprfdll.dll
2009-03-22 19:26 . 03-06-19 20:45 44,816 --a------ C:\WINNT\system32\fcachdll.dll
2009-03-22 19:26 . 03-06-19 20:45 24,336 --a------ C:\WINNT\system32\regtrace.exe
2009-03-22 19:26 . 99-10-01 15:50 21,789 --a------ C:\WINNT\system32\smtpctrs.ini
2009-03-22 19:26 . 03-06-19 20:44 15,632 --a------ C:\WINNT\system32\dt_ctrl.dll
2009-03-22 19:26 . 03-06-19 20:45 13,584 --a------ C:\WINNT\system32\smtpctrs.dll
2009-03-22 19:26 . 03-06-19 20:45 11,024 --a------ C:\WINNT\system32\smtpapi.dll
2009-03-22 19:26 . 03-06-19 20:45 11,024 --a------ C:\WINNT\system32\rwnh.dll
2009-03-22 19:26 . 99-04-05 20:07 8,002 --a------ C:\WINNT\system32\smtpctrs.h
2009-03-22 19:26 . 03-06-19 20:44 6,416 --a------ C:\WINNT\system32\adsiisex.dll
2009-03-22 19:26 . 99-02-26 19:30 1,037 --a------ C:\WINNT\system32\ntfsdrct.ini
2009-03-22 19:26 . 99-02-26 19:30 773 --a------ C:\WINNT\system32\ntfsdrct.h
2009-03-22 19:25 . 09-03-22 19:25 <DIR> d-------- C:\WINNT\system32\msmq
2009-03-22 18:33 . 09-03-22 18:33 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2009-03-22 18:33 . 09-03-22 18:33 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Malwarebytes
2009-03-22 15:20 . 03-06-19 13:05 1,015,859 --a------ C:\WINNT\system32\mfc42.dll
2009-03-22 15:20 . 03-06-19 13:05 1,015,859 --a------ C:\WINNT\system32\dllcache\mfc42.dll
2009-03-22 15:20 . 04-02-17 11:26 401,462 --a------ C:\WINNT\system32\msvcp60.dll
2009-03-22 15:20 . 04-02-16 20:24 74,810 --a------ C:\WINNT\system32\atl.dll
2009-03-22 15:18 . 99-12-02 15:31 10,000 --a------ C:\WINNT\system32\ksvpintf.ax
2009-03-22 15:18 . 99-12-02 15:31 10,000 --a------ C:\WINNT\system32\dllcache\ksvpintf.ax
2009-03-22 15:18 . 99-12-02 15:30 7,952 --a------ C:\WINNT\system32\ksinterf.ax
2009-03-22 15:18 . 99-12-02 15:30 7,952 --a------ C:\WINNT\system32\dllcache\ksinterf.ax
2009-03-22 15:17 . 04-11-12 19:27 1,386,496 --------- C:\WINNT\system32\MSVBVM60.DLL
2009-03-22 14:29 . 09-03-22 14:29 <DIR> d-------- C:\Documents and Settings\Default User.WINNT\Application Data\Xfire
2009-03-22 14:28 . 09-04-07 21:20 768 --a------ C:\WINNT\system32\d3d8caps.dat
2009-03-22 14:28 . 09-04-07 21:20 664 --a------ C:\WINNT\system32\d3d9caps.dat
2009-03-22 14:27 . 09-03-22 14:27 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Xfire
2009-03-22 14:25 . 09-03-22 14:26 <DIR> d-------- C:\Program Files\Xfire
2009-03-22 14:20 . 08-10-09 10:39 19,840 --a------ C:\WINNT\system32\drivers\StMp3Rec.sys
2009-03-22 14:07 . 09-03-22 14:07 <DIR> d-------- C:\Program Files\Philips
2009-03-22 14:01 . 09-03-22 14:01 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\WinZip
2009-03-22 10:08 . 08-06-19 06:28 247,326 --a------ C:\WINNT\system32\dllcache\strmdll.dll
2009-03-21 14:02 . 09-03-21 14:02 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\AdobeUM
2009-03-21 12:48 . 09-03-21 12:48 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\FrostWire
2009-03-21 12:18 . 09-03-21 12:18 <DIR> d-------- C:\Program Files\uTorrent
2009-03-21 12:17 . 09-03-21 12:17 <DIR> d-------- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\uTorrent
2009-03-20 17:25 . 09-03-20 17:25 41,808 --a------ C:\WINNT\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 23:56 155,995 ----a-w C:\WINNT\java\Packages\UDJNB9BT.ZIP
2009-03-27 22:35 34 ----a-w C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\jagex_runescape_preferences.dat
2009-02-08 15:16 1,644,784 ----a-w C:\WINNT\system32\WIN32K.SYS
2009-02-08 15:16 1,644,784 ------w C:\WINNT\system32\dllcache\win32k.sys
2007-08-11 18:41 271 ---h--w C:\Program Files\desktop.ini
2007-08-11 18:41 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
1998-12-09 06:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 06:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 06:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 06:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 06:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 06:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
08-09-08 22:08 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar1.dll" [08-09-08 22:08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar1.dll" [08-09-08 22:08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [09-01-26 15:31 2144088]

katana
2009-04-12, 02:31
You didn't mention it was W2K !!

Can you install MalwareBytes yet ?


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.

Wizit
2009-04-12, 05:16
info.txt logfile of random's system information tool 1.06 2009-04-11 20:05:21

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\WINNT\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINNT\System32\Macromed\Flash\uninstall_activeX.exe
Ask Toolbar-->"C:\Program Files\AskBarDis\unins001.exe"
Canon MP150-->"C:\WINNT\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Panda ActiveScan-->C:\WINNT\System32\ASUninst.exe Panda ActiveScan
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
SA30xx Device Manager-->C:\Program Files\InstallShield Installation Information\{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}\setup.exe -runfromtemp -l0x0009 -removeonly
SA30xx Media Converter-->C:\Program Files\InstallShield Installation Information\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for DirectX 9 (KB951698)-->"C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM71$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB954600)-->"C:\WINNT\$NtUninstallKB954600_WM41$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update Rollup 1 for Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows 2000 Hotfix - KB842773-->C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB893756-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917537-->"C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922582-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923810-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926122-->"C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926247-->"C:\WINNT\$NtUninstallKB926247$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB927891-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933729-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935839-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935840-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937894-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938464-->"C:\WINNT\$NtUninstallKB938464-IE6SP1-20080429.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938827-->"C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943055-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943485-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944338-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB945553-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948590-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950749-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950974-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951066-->"C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951071-->"C:\WINNT\$NtUninstallKB951071$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951698-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951748-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952954-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB954211-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB955069-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956390-->"C:\WINNT\$NtUninstallKB956390-IE6SP1-20080820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956391-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956802-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957095-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957097-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958215-->"C:\WINNT\$NtUninstallKB958215-IE6SP1-20081016.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958644-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958687-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958690-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960225-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960714-->"C:\WINNT\$NtUninstallKB960714-IE6SP1-20081211.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960715-->"C:\WINNT\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB967715-->"C:\WINNT\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows 2000 Service Pack 4-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======System event log======

Computer Name: Q-97FBMBPER9UG0
Event Code: 7
Message: The device, \Device\Harddisk0\DR0, has a bad block.

Record Number: 2713
Source Name: Disk
Time Written: 20081109190934.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 7
Message: The device, \Device\Harddisk0\DR0, has a bad block.

Record Number: 2712
Source Name: Disk
Time Written: 20081109190927.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 7
Message: The device, \Device\Harddisk0\DR0, has a bad block.

Record Number: 2711
Source Name: Disk
Time Written: 20081109190920.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 7
Message: The device, \Device\Harddisk0\DR0, has a bad block.

Record Number: 2710
Source Name: Disk
Time Written: 20081109190914.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 7
Message: The device, \Device\Harddisk0\DR0, has a bad block.

Record Number: 2709
Source Name: Disk
Time Written: 20081109190907.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: Q-97FBMBPER9UG0
Event Code: 3101
Message: Unable to read IO control information from NBT device.

Record Number: 106
Source Name: perfctrs
Time Written: 20080219220123.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 3101
Message: Unable to read IO control information from NBT device.

Record Number: 103
Source Name: perfctrs
Time Written: 20080216201550.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 3101
Message: Unable to read IO control information from NBT device.

Record Number: 101
Source Name: perfctrs
Time Written: 20080215141219.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 3101
Message: Unable to read IO control information from NBT device.

Record Number: 99
Source Name: perfctrs
Time Written: 20080214230317.000000-360
Event Type: error
User:

Computer Name: Q-97FBMBPER9UG0
Event Code: 1000
Message:
Record Number: 26
Source Name: Microsoft Windows Media Player
Time Written: 20070909003920.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=5
"PROCESSOR_IDENTIFIER"=x86 Family 5 Model 8 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-04-11 20:03:01
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 8 GB (67%) free of 11 GB
Total RAM: 127 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04, on 2009-04-11
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
C:\WINNT\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?gcht=HC&o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator.Q-97FBMBPER9UG0/Desktop/Wallpapers/Gears%20Of%20War/GearsEmblem.jpg

--
End of file - 4277 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-09-08 279944]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-17 337216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Performance Center"=C:\Program Files\Ascentive\Performance Center\APCMain.exe -m []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-04-11 20:03:01 ----D---- C:\rsit
2009-04-11 17:45:26 ----A---- C:\WINNT\PSEXESVC.EXE
2009-04-11 17:45:03 ----D---- C:\WINNT\temp
2009-04-11 17:33:59 ----A---- C:\WINNT\zip.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\VFIND.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\SWSC.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\SWREG.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\sed.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\grep.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\fdsv.exe
2009-04-11 17:33:58 ----A---- C:\WINNT\SWXCACLS.exe
2009-04-11 17:33:39 ----D---- C:\WINNT\ERDNT
2009-04-11 17:33:36 ----D---- C:\CleanMe
2009-04-11 17:33:31 ----A---- C:\WINNT\system32\CF15570.exe
2009-04-11 17:32:30 ----D---- C:\Qoobox
2009-04-11 17:32:15 ----A---- C:\pv.exe
2009-04-09 21:37:16 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\AVGTOOLBAR
2009-04-09 20:16:09 ----D---- C:\Program Files\AVG
2009-04-09 20:16:08 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\avg8
2009-04-09 20:15:53 ----D---- C:\WINNT\winsxs
2009-04-06 18:01:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-06 17:48:56 ----HD---- C:\Documents and Settings\All Users.WINNT\Application Data\CanonBJ
2009-04-06 17:48:16 ----A---- C:\WINNT\system32\CNMVS7K.DLL
2009-04-06 17:48:13 ----A---- C:\WINNT\system32\CNMLM7K.DLL
2009-04-05 18:56:36 ----A---- C:\WINNT\system32\MRT.exe
2009-04-05 18:55:50 ----A---- C:\WINNT\system32\jit.dll
2009-04-05 18:55:50 ----A---- C:\WINNT\setdebug.exe
2009-04-05 18:55:49 ----A---- C:\WINNT\system32\javaee.dll
2009-04-05 18:55:48 ----A---- C:\WINNT\system32\dx3j.dll
2009-04-05 18:54:53 ----A---- C:\WINNT\system32\wjview.exe
2009-04-05 18:54:50 ----A---- C:\WINNT\system32\vmhelper.dll
2009-04-05 18:54:49 ----A---- C:\WINNT\system32\msjdbc10.dll
2009-04-05 18:54:45 ----A---- C:\WINNT\system32\msjava.dll
2009-04-05 18:54:44 ----A---- C:\WINNT\system32\msawt.dll
2009-04-05 18:54:43 ----A---- C:\WINNT\system32\jview.exe
2009-04-05 18:54:43 ----A---- C:\WINNT\system32\jdbgmgr.exe
2009-04-05 18:54:40 ----A---- C:\WINNT\system32\javart.dll
2009-04-05 18:54:40 ----A---- C:\WINNT\system32\javaprxy.dll
2009-04-05 18:54:39 ----A---- C:\WINNT\system32\javacypt.dll
2009-04-05 18:54:30 ----A---- C:\WINNT\system32\clspack.exe
2009-04-05 16:19:51 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\NCH Software
2009-04-05 14:01:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-05 13:30:55 ----D---- C:\Program Files\Panda Security
2009-04-05 12:56:13 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Help
2009-04-04 17:04:21 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\WinPatrol
2009-04-04 17:03:50 ----D---- C:\Program Files\BillP Studios
2009-04-04 10:44:27 ----D---- C:\Program Files\FrostWire
2009-04-04 10:42:55 ----D---- C:\Program Files\AskBarDis
2009-03-29 14:34:32 ----HD---- C:\WINNT\system32\CanonMP Uninstaller Information
2009-03-29 14:34:20 ----A---- C:\WINNT\system32\CNCU150.DLL
2009-03-29 14:34:20 ----A---- C:\WINNT\system32\CNCL150.DLL
2009-03-29 14:33:44 ----A---- C:\WINNT\system32\cocpyinf.dll
2009-03-29 14:33:43 ----HD---- C:\CanonMP
2009-03-28 00:39:28 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\NCH Software
2009-03-27 23:44:06 ----D---- C:\Program Files\NCH Software
2009-03-25 07:57:29 ----HD---- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2009-03-25 07:56:06 ----HD---- C:\WINNT\$NtUninstallKB936782_WMP9$
2009-03-25 07:54:31 ----HD---- C:\WINNT\$NtUninstallKB952069_WM71$
2009-03-25 07:54:00 ----HD---- C:\WINNT\$NtUninstallKB925398_WMP64$
2009-03-25 07:53:28 ----HD---- C:\WINNT\$NtUninstallKB911564$
2009-03-25 07:52:53 ----HD---- C:\WINNT\$NtUninstallKB954600_WM41$
2009-03-24 15:46:58 ----D---- C:\Program Files\Adaptec
2009-03-24 08:13:03 ----HD---- C:\WINNT\$NtUninstallKB917537$
2009-03-24 08:10:51 ----HD---- C:\WINNT\$NtUninstallKB951071$
2009-03-24 08:09:40 ----HD---- C:\WINNT\$NtUninstallKB926247$
2009-03-24 08:08:07 ----HD---- C:\WINNT\$NtUninstallKB951698_DX9$
2009-03-23 07:25:05 ----D---- C:\Program Files\Common Files\Hypnotizer
2009-03-23 05:48:47 ----A---- C:\WINNT\system32\drmstor.dll
2009-03-23 05:48:47 ----A---- C:\WINNT\system32\drmclien.dll
2009-03-23 03:10:22 ----D---- C:\FOUND.000
2009-03-22 20:51:50 ----A---- C:\Cucu_Video_log.txt
2009-03-22 20:28:58 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\vlc
2009-03-22 19:40:57 ----D---- C:\Program Files\VideoLAN
2009-03-22 19:27:03 ----A---- C:\WINNT\system32\snprfdll.dll
2009-03-22 19:26:59 ----A---- C:\WINNT\system32\smtpctrs.ini
2009-03-22 19:26:59 ----A---- C:\WINNT\system32\smtpctrs.dll
2009-03-22 19:26:59 ----A---- C:\WINNT\system32\smtpapi.dll
2009-03-22 19:26:58 ----A---- C:\WINNT\system32\rwnh.dll
2009-03-22 19:26:57 ----A---- C:\WINNT\system32\regtrace.exe
2009-03-22 19:26:57 ----A---- C:\WINNT\system32\ntfsdrct.ini
2009-03-22 19:26:56 ----A---- C:\WINNT\system32\fcachdll.dll
2009-03-22 19:26:56 ----A---- C:\WINNT\system32\dt_ctrl.dll
2009-03-22 19:26:55 ----A---- C:\WINNT\system32\adsiisex.dll
2009-03-22 19:25:34 ----D---- C:\WINNT\system32\msmq
2009-03-22 18:33:36 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Malwarebytes
2009-03-22 18:33:05 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2009-03-22 15:20:24 ----A---- C:\WINNT\system32\msvcp60.dll
2009-03-22 15:20:23 ----A---- C:\WINNT\system32\mfc42.dll
2009-03-22 15:20:23 ----A---- C:\WINNT\system32\atl.dll
2009-03-22 15:17:01 ----N---- C:\WINNT\system32\MSVBVM60.DLL
2009-03-22 14:27:20 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Xfire
2009-03-22 14:25:58 ----D---- C:\Program Files\Xfire
2009-03-22 14:08:47 ----A---- C:\WINNT\system32\msvidctl.dll
2009-03-22 14:08:46 ----A---- C:\WINNT\system32\psisdecd.dll
2009-03-22 14:08:45 ----A---- C:\WINNT\system32\wstdecod.dll
2009-03-22 14:08:45 ----A---- C:\WINNT\system32\msyuv.dll
2009-03-22 14:08:44 ----A---- C:\WINNT\system32\ksuser.dll
2009-03-22 14:08:40 ----A---- C:\WINNT\system32\qedwipes.dll
2009-03-22 14:08:39 ----A---- C:\WINNT\system32\qedit.dll
2009-03-22 14:08:39 ----A---- C:\WINNT\system32\mswebdvd.dll
2009-03-22 14:08:39 ----A---- C:\WINNT\system32\msdmo.dll
2009-03-22 14:08:36 ----A---- C:\WINNT\system32\qdvd.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\qdv.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\qcap.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\mciqtz32.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\encapi.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\devenum.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\amstream.dll
2009-03-22 14:08:34 ----A---- C:\WINNT\system32\d3dxof.dll
2009-03-22 14:08:34 ----A---- C:\WINNT\system32\d3drm.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dswave.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmusic.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmsynth.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmstyle.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmscript.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmloader.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmime.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmcompos.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmband.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\d3dramp.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\d3dpmesh.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\d3dim.dll
2009-03-22 14:08:32 ----A---- C:\WINNT\system32\dinput8.dll
2009-03-22 14:08:30 ----A---- C:\WINNT\system32\d3d9.dll
2009-03-22 14:08:30 ----A---- C:\WINNT\system32\d3d8.dll
2009-03-22 14:08:28 ----A---- C:\WINNT\system32\dxdiagn.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dxdllreg.exe
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dxdiag.exe
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dsdmoprp.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dsdmo.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dpvvox.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dpvsetup.exe
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpvoice.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpvacm.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpnsvr.exe
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpnlobby.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dimap.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\diactfrm.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\pid.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dx8vb.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnhupnp.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnhpast.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnet.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnaddr.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\d3d8thk.dll
2009-03-22 14:08:24 ----A---- C:\WINNT\system32\gcdef.dll
2009-03-22 14:08:24 ----A---- C:\WINNT\system32\dx7vb.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dsound3d.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dsound.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dpwsockx.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dpmodemx.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dplayx.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dplaysvr.exe
2009-03-22 14:08:22 ----A---- C:\WINNT\system32\dinput.dll
2009-03-22 14:08:22 ----A---- C:\WINNT\system32\ddraw.dll
2009-03-22 14:08:22 ----A---- C:\WINNT\system32\d3dim700.dll
2009-03-22 14:08:07 ----D---- C:\WINNT\system32\DirectX
2009-03-22 14:07:25 ----D---- C:\Program Files\Philips
2009-03-22 14:01:53 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\WinZip
2009-03-22 10:10:19 ----HD---- C:\WINNT\$NtUninstallKB960715$
2009-03-22 10:09:52 ----HD---- C:\WINNT\$NtUninstallKB960714-IE6SP1-20081211.120000$
2009-03-22 10:09:31 ----HD---- C:\WINNT\$NtUninstallKB967715$
2009-03-22 10:08:30 ----HD---- C:\WINNT\$NtUninstallKB960225$
2009-03-22 10:07:58 ----HD---- C:\WINNT\$NtUninstallKB958215-IE6SP1-20081016.120000$
2009-03-22 10:07:36 ----HD---- C:\WINNT\$NtUninstallKB958687$
2009-03-22 10:07:17 ----HD---- C:\WINNT\$NtUninstallKB956802$
2009-03-22 10:06:44 ----HD---- C:\WINNT\$NtUninstallKB958690$
2009-03-21 14:02:49 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\AdobeUM
2009-03-21 12:48:24 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\FrostWire
2009-03-21 12:18:03 ----D---- C:\Program Files\uTorrent
2009-03-21 12:17:53 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\uTorrent
2009-03-20 17:25:02 ----A---- C:\WINNT\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2009-04-11 17:51:32 ----A---- C:\WINNT\system.ini
2009-03-25 08:00:40 ----A---- C:\WINNT\updcustom.dll.log
2009-03-25 07:57:10 ----A---- C:\WINNT\imsins.BAK
2009-03-21 15:19:06 ----A---- C:\WINNT\system32\dfrg.msc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-04-09 108552]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.Q-9\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\System32\DRIVERS\CmBatt.sys [2003-06-19 9904]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver; C:\WINNT\system32\drivers\cwbwdm.sys [1999-11-01 79264]
R3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINNT\System32\DRIVERS\el575nd5.sys [1999-10-19 77072]
R3 neo20xx;neo20xx; C:\WINNT\System32\DRIVERS\neo20xx.sys [1999-10-18 39888]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 USB_RNDIS;TI AR7 DSL Modem Device Driver; C:\WINNT\System32\DRIVERS\usb8023k.sys [2005-07-20 11136]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-04-09 27656]
S1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2007-12-11 9336]
S1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2007-12-11 9464]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 SDTHOOK;SDTHOOK; C:\WINNT\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 dmload;dmload; C:\WINNT\System32\drivers\dmload.sys [2003-06-19 7312]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------

Wizit
2009-04-12, 17:24
oh and no none of my virus programs are working at all still......

katana
2009-04-12, 21:30
I'm quite sure that you know the rules regarding P2P programs by now, but since they are showing in your log I will post them anyway.


REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

FrostWire
uTorrent

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


Please delete C:\RSIT (entire folder) and then run the RSIT program again.

Wizit
2009-04-15, 00:10
sorry it took so long,

info.txt logfile of random's system information tool 1.06 2009-04-13 22:28:10

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\WINNT\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINNT\System32\Macromed\Flash\uninstall_activeX.exe
Ask Toolbar-->"C:\Program Files\AskBarDis\unins001.exe"
AssaultCube v1.0-->"C:\Program Files\AssaultCube_v1.0\uninstall.exe"
Canon MP150-->"C:\WINNT\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
Free eXPert PDF Reader-->MsiExec.exe /X{487C2D48-A9E3-4F34-92BD-B6A847025C16}
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Panda ActiveScan-->C:\WINNT\System32\ASUninst.exe Panda ActiveScan
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
SA30xx Device Manager-->C:\Program Files\InstallShield Installation Information\{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}\setup.exe -runfromtemp -l0x0009 -removeonly
SA30xx Media Converter-->C:\Program Files\InstallShield Installation Information\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for DirectX 9 (KB951698)-->"C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM71$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB954600)-->"C:\WINNT\$NtUninstallKB954600_WM41$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update Rollup 1 for Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows 2000 Hotfix - KB842773-->C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB893756-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917537-->"C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922582-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923810-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926122-->"C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926247-->"C:\WINNT\$NtUninstallKB926247$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB927891-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933729-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935839-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935840-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937894-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938464-->"C:\WINNT\$NtUninstallKB938464-IE6SP1-20080429.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938827-->"C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943055-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943485-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944338-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB945553-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948590-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950749-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950974-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951066-->"C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951071-->"C:\WINNT\$NtUninstallKB951071$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951698-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951748-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe


Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-04-13 22:24:47
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 7 GB (63%) free of 11 GB
Total RAM: 127 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27, on 2009-04-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Xfire\xfiremusic.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Desktop\Virus Protection\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?gcht=HC&o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator.Q-97FBMBPER9UG0/Desktop/Wallpapers/Gears%20Of%20War/GearsEmblem.jpg

--
End of file - 4471 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-09-08 279944]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-17 337216]
"Xfire Music"=C:\Program Files\Xfire\xfiremusic.exe [2006-11-20 253650]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Performance Center"=C:\Program Files\Ascentive\Performance Center\APCMain.exe -m []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-04-13 22:24:47 ----D---- C:\rsit
2009-04-13 20:27:19 ----D---- C:\Program Files\Visagesoft
2009-04-13 18:41:32 ----A---- C:\WINNT\system32\xfcodec.dll
2009-04-13 11:07:54 ----D---- C:\Program Files\Microsoft Office
2009-04-13 11:07:15 ----RHD---- C:\MSOCache
2009-04-13 11:06:52 ----D---- C:\Program Files\InstallShield Installation Information
2009-04-13 10:58:03 ----D---- C:\Program Files\Avery Dennison
2009-04-13 10:58:03 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\Avery
2009-04-13 10:57:31 ----A---- C:\WINNT\ODBC.INI
2009-04-13 10:57:28 ----A---- C:\WINNT\system32\sqlsrv32.dll
2009-04-13 10:57:28 ----A---- C:\WINNT\system32\odbcbcp.dll
2009-04-13 10:57:21 ----A---- C:\WINNT\system32\sqlunirl.dll
2009-04-13 10:57:21 ----A---- C:\WINNT\system32\dbmsvinn.dll
2009-04-13 10:57:21 ----A---- C:\WINNT\system32\dbmsrpcn.dll
2009-04-13 10:57:21 ----A---- C:\WINNT\system32\dbmsgnet.dll
2009-04-13 10:57:21 ----A---- C:\WINNT\system32\dbmsadsn.dll
2009-04-13 10:57:20 ----A---- C:\WINNT\system32\dbnmpntw.dll
2009-04-13 10:57:20 ----A---- C:\WINNT\system32\dbnetlib.dll
2009-04-13 10:57:19 ----A---- C:\WINNT\system32\cliconfg.exe
2009-04-13 10:57:19 ----A---- C:\WINNT\system32\cliconfg.dll
2009-04-13 10:57:03 ----A---- C:\WINNT\system32\msxml3r.dll
2009-04-13 10:57:00 ----A---- C:\WINNT\system32\msxml3.dll
2009-04-13 10:56:33 ----A---- C:\WINNT\system32\msorc32r.dll
2009-04-13 10:56:33 ----A---- C:\WINNT\system32\mscpxl32.dll
2009-04-13 10:56:33 ----A---- C:\WINNT\system32\ds16gt.dll
2009-04-13 10:56:27 ----A---- C:\WINNT\system32\odbc16gt.dll
2009-04-13 10:56:26 ----A---- C:\WINNT\system32\msorcl32.dll
2009-04-13 10:56:23 ----A---- C:\WINNT\system32\odbccu32.dll
2009-04-13 10:56:22 ----A---- C:\WINNT\system32\odbccr32.dll
2009-04-13 10:56:22 ----A---- C:\WINNT\system32\odbccp32.dll
2009-04-13 10:56:21 ----A---- C:\WINNT\system32\odbcad32.exe
2009-04-13 10:56:21 ----A---- C:\WINNT\system32\odbc32gt.dll
2009-04-13 10:56:21 ----A---- C:\WINNT\system32\odbc32.dll
2009-04-13 10:56:19 ----A---- C:\WINNT\system32\odbctrac.dll
2009-04-13 10:56:18 ----A---- C:\WINNT\system32\msdart.dll
2009-04-13 10:56:16 ----A---- C:\WINNT\system32\odbcint.dll
2009-04-13 10:56:13 ----A---- C:\WINNT\system32\ds32gt.dll
2009-04-13 10:50:57 ----D---- C:\WINNT\Downloaded Installations
2009-04-13 10:29:05 ----D---- C:\Program Files\OpenAL
2009-04-13 10:29:05 ----A---- C:\WINNT\system32\wrap_oal.dll
2009-04-13 10:29:04 ----A---- C:\WINNT\system32\OpenAL32.dll
2009-04-13 10:25:48 ----D---- C:\Program Files\AssaultCube_v1.0
2009-04-12 20:52:39 ----A---- C:\WINNT\IE4 Error Log.txt
2009-04-12 19:45:06 ----A---- C:\WINNT\system32\wmpshell.dll
2009-04-12 19:45:06 ----A---- C:\WINNT\system32\wmpdxm.dll
2009-04-12 19:45:05 ----A---- C:\WINNT\system32\wmploc.dll
2009-04-12 19:45:05 ----A---- C:\WINNT\system32\wmpcore.dll
2009-04-12 19:45:05 ----A---- C:\WINNT\system32\wmpcd.dll
2009-04-12 19:45:04 ----A---- C:\WINNT\system32\wmpui.dll
2009-04-12 18:54:16 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Xfire Plus
2009-04-12 18:53:39 ----D---- C:\Program Files\Xfire Plus
2009-04-11 17:45:26 ----A---- C:\WINNT\PSEXESVC.EXE
2009-04-11 17:45:03 ----D---- C:\WINNT\temp
2009-04-11 17:33:59 ----A---- C:\WINNT\zip.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\VFIND.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\SWSC.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\SWREG.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\sed.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\grep.exe
2009-04-11 17:33:59 ----A---- C:\WINNT\fdsv.exe
2009-04-11 17:33:58 ----A---- C:\WINNT\SWXCACLS.exe
2009-04-11 17:33:39 ----D---- C:\WINNT\ERDNT
2009-04-11 17:33:36 ----D---- C:\CleanMe
2009-04-11 17:33:31 ----A---- C:\WINNT\system32\CF15570.exe
2009-04-11 17:32:30 ----D---- C:\Qoobox
2009-04-11 17:32:15 ----A---- C:\pv.exe
2009-04-09 21:37:16 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\AVGTOOLBAR
2009-04-09 20:16:09 ----D---- C:\Program Files\AVG
2009-04-09 20:16:08 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\avg8
2009-04-09 20:15:53 ----D---- C:\WINNT\winsxs
2009-04-06 18:01:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-06 17:48:56 ----HD---- C:\Documents and Settings\All Users.WINNT\Application Data\CanonBJ
2009-04-06 17:48:16 ----A---- C:\WINNT\system32\CNMVS7K.DLL
2009-04-06 17:48:13 ----A---- C:\WINNT\system32\CNMLM7K.DLL
2009-04-05 18:56:36 ----A---- C:\WINNT\system32\MRT.exe
2009-04-05 18:55:50 ----A---- C:\WINNT\system32\jit.dll
2009-04-05 18:55:50 ----A---- C:\WINNT\setdebug.exe
2009-04-05 18:55:49 ----A---- C:\WINNT\system32\javaee.dll
2009-04-05 18:55:48 ----A---- C:\WINNT\system32\dx3j.dll
2009-04-05 18:54:53 ----A---- C:\WINNT\system32\wjview.exe
2009-04-05 18:54:50 ----A---- C:\WINNT\system32\vmhelper.dll
2009-04-05 18:54:49 ----A---- C:\WINNT\system32\msjdbc10.dll
2009-04-05 18:54:45 ----A---- C:\WINNT\system32\msjava.dll
2009-04-05 18:54:44 ----A---- C:\WINNT\system32\msawt.dll
2009-04-05 18:54:43 ----A---- C:\WINNT\system32\jview.exe
2009-04-05 18:54:43 ----A---- C:\WINNT\system32\jdbgmgr.exe
2009-04-05 18:54:40 ----A---- C:\WINNT\system32\javart.dll
2009-04-05 18:54:40 ----A---- C:\WINNT\system32\javaprxy.dll
2009-04-05 18:54:39 ----A---- C:\WINNT\system32\javacypt.dll
2009-04-05 18:54:30 ----A---- C:\WINNT\system32\clspack.exe
2009-04-05 16:19:51 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\NCH Software
2009-04-05 14:01:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-05 13:30:55 ----D---- C:\Program Files\Panda Security
2009-04-05 12:56:13 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Help
2009-04-04 17:04:21 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\WinPatrol
2009-04-04 17:03:50 ----D---- C:\Program Files\BillP Studios
2009-04-04 10:42:55 ----D---- C:\Program Files\AskBarDis
2009-03-29 14:34:32 ----HD---- C:\WINNT\system32\CanonMP Uninstaller Information
2009-03-29 14:34:20 ----A---- C:\WINNT\system32\CNCU150.DLL
2009-03-29 14:34:20 ----A---- C:\WINNT\system32\CNCL150.DLL
2009-03-29 14:33:44 ----A---- C:\WINNT\system32\cocpyinf.dll
2009-03-29 14:33:43 ----HD---- C:\CanonMP
2009-03-28 00:39:28 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\NCH Software
2009-03-27 23:44:06 ----D---- C:\Program Files\NCH Software
2009-03-25 07:57:29 ----HD---- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2009-03-25 07:56:06 ----HD---- C:\WINNT\$NtUninstallKB936782_WMP9$
2009-03-25 07:54:31 ----HD---- C:\WINNT\$NtUninstallKB952069_WM71$
2009-03-25 07:54:00 ----HD---- C:\WINNT\$NtUninstallKB925398_WMP64$
2009-03-25 07:53:28 ----HD---- C:\WINNT\$NtUninstallKB911564$
2009-03-25 07:52:53 ----HD---- C:\WINNT\$NtUninstallKB954600_WM41$
2009-03-24 15:46:58 ----D---- C:\Program Files\Adaptec
2009-03-24 08:13:03 ----HD---- C:\WINNT\$NtUninstallKB917537$
2009-03-24 08:10:51 ----HD---- C:\WINNT\$NtUninstallKB951071$
2009-03-24 08:09:40 ----HD---- C:\WINNT\$NtUninstallKB926247$
2009-03-24 08:08:07 ----HD---- C:\WINNT\$NtUninstallKB951698_DX9$
2009-03-23 07:25:05 ----D---- C:\Program Files\Common Files\Hypnotizer
2009-03-23 05:48:47 ----A---- C:\WINNT\system32\drmstor.dll
2009-03-23 05:48:47 ----A---- C:\WINNT\system32\drmclien.dll
2009-03-23 03:10:22 ----D---- C:\FOUND.000
2009-03-22 20:51:50 ----A---- C:\Cucu_Video_log.txt
2009-03-22 20:28:58 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\vlc
2009-03-22 19:40:57 ----D---- C:\Program Files\VideoLAN
2009-03-22 19:27:03 ----A---- C:\WINNT\system32\snprfdll.dll
2009-03-22 19:26:59 ----A---- C:\WINNT\system32\smtpctrs.ini
2009-03-22 19:26:59 ----A---- C:\WINNT\system32\smtpctrs.dll
2009-03-22 19:26:59 ----A---- C:\WINNT\system32\smtpapi.dll
2009-03-22 19:26:58 ----A---- C:\WINNT\system32\rwnh.dll
2009-03-22 19:26:57 ----A---- C:\WINNT\system32\regtrace.exe
2009-03-22 19:26:57 ----A---- C:\WINNT\system32\ntfsdrct.ini
2009-03-22 19:26:56 ----A---- C:\WINNT\system32\fcachdll.dll
2009-03-22 19:26:56 ----A---- C:\WINNT\system32\dt_ctrl.dll
2009-03-22 19:26:55 ----A---- C:\WINNT\system32\adsiisex.dll
2009-03-22 19:25:34 ----D---- C:\WINNT\system32\msmq
2009-03-22 18:33:36 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Malwarebytes
2009-03-22 18:33:05 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2009-03-22 15:20:24 ----A---- C:\WINNT\system32\msvcp60.dll
2009-03-22 15:20:23 ----A---- C:\WINNT\system32\mfc42.dll
2009-03-22 15:20:23 ----A---- C:\WINNT\system32\atl.dll
2009-03-22 15:17:01 ----N---- C:\WINNT\system32\MSVBVM60.DLL
2009-03-22 14:27:20 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\Xfire
2009-03-22 14:25:58 ----D---- C:\Program Files\Xfire
2009-03-22 14:08:47 ----A---- C:\WINNT\system32\msvidctl.dll
2009-03-22 14:08:46 ----A---- C:\WINNT\system32\psisdecd.dll
2009-03-22 14:08:45 ----A---- C:\WINNT\system32\wstdecod.dll
2009-03-22 14:08:45 ----A---- C:\WINNT\system32\msyuv.dll
2009-03-22 14:08:44 ----A---- C:\WINNT\system32\ksuser.dll
2009-03-22 14:08:40 ----A---- C:\WINNT\system32\qedwipes.dll
2009-03-22 14:08:39 ----A---- C:\WINNT\system32\qedit.dll
2009-03-22 14:08:39 ----A---- C:\WINNT\system32\mswebdvd.dll
2009-03-22 14:08:39 ----A---- C:\WINNT\system32\msdmo.dll
2009-03-22 14:08:36 ----A---- C:\WINNT\system32\qdvd.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\qdv.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\qcap.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\mciqtz32.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\encapi.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\devenum.dll
2009-03-22 14:08:35 ----A---- C:\WINNT\system32\amstream.dll
2009-03-22 14:08:34 ----A---- C:\WINNT\system32\d3dxof.dll
2009-03-22 14:08:34 ----A---- C:\WINNT\system32\d3drm.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dswave.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmusic.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmsynth.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmstyle.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmscript.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmloader.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmime.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmcompos.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\dmband.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\d3dramp.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\d3dpmesh.dll
2009-03-22 14:08:33 ----A---- C:\WINNT\system32\d3dim.dll
2009-03-22 14:08:32 ----A---- C:\WINNT\system32\dinput8.dll
2009-03-22 14:08:30 ----A---- C:\WINNT\system32\d3d9.dll
2009-03-22 14:08:30 ----A---- C:\WINNT\system32\d3d8.dll
2009-03-22 14:08:28 ----A---- C:\WINNT\system32\dxdiagn.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dxdllreg.exe
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dxdiag.exe
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dsdmoprp.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dsdmo.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dpvvox.dll
2009-03-22 14:08:27 ----A---- C:\WINNT\system32\dpvsetup.exe
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpvoice.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpvacm.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpnsvr.exe
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dpnlobby.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\dimap.dll
2009-03-22 14:08:26 ----A---- C:\WINNT\system32\diactfrm.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\pid.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dx8vb.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnhupnp.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnhpast.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnet.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\dpnaddr.dll
2009-03-22 14:08:25 ----A---- C:\WINNT\system32\d3d8thk.dll
2009-03-22 14:08:24 ----A---- C:\WINNT\system32\gcdef.dll
2009-03-22 14:08:24 ----A---- C:\WINNT\system32\dx7vb.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dsound3d.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dsound.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dpwsockx.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dpmodemx.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dplayx.dll
2009-03-22 14:08:23 ----A---- C:\WINNT\system32\dplaysvr.exe
2009-03-22 14:08:22 ----A---- C:\WINNT\system32\dinput.dll
2009-03-22 14:08:22 ----A---- C:\WINNT\system32\ddraw.dll
2009-03-22 14:08:22 ----A---- C:\WINNT\system32\d3dim700.dll
2009-03-22 14:08:07 ----D---- C:\WINNT\system32\DirectX
2009-03-22 14:07:25 ----D---- C:\Program Files\Philips
2009-03-22 14:01:53 ----D---- C:\Documents and Settings\All Users.WINNT\Application Data\WinZip
2009-03-22 10:10:19 ----HD---- C:\WINNT\$NtUninstallKB960715$
2009-03-22 10:09:52 ----HD---- C:\WINNT\$NtUninstallKB960714-IE6SP1-20081211.120000$
2009-03-22 10:09:31 ----HD---- C:\WINNT\$NtUninstallKB967715$
2009-03-22 10:08:30 ----HD---- C:\WINNT\$NtUninstallKB960225$
2009-03-22 10:07:58 ----HD---- C:\WINNT\$NtUninstallKB958215-IE6SP1-20081016.120000$
2009-03-22 10:07:36 ----HD---- C:\WINNT\$NtUninstallKB958687$
2009-03-22 10:07:17 ----HD---- C:\WINNT\$NtUninstallKB956802$
2009-03-22 10:06:44 ----HD---- C:\WINNT\$NtUninstallKB958690$
2009-03-21 14:02:49 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\AdobeUM
2009-03-21 12:48:24 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\FrostWire
2009-03-21 12:17:53 ----D---- C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\Application Data\uTorrent

======List of files/folders modified in the last 1 months======

2009-04-13 11:21:12 ----A---- C:\WINNT\updcustom.dll.log
2009-04-13 10:57:32 ----A---- C:\WINNT\ODBCINST.INI
2009-04-11 17:51:32 ----A---- C:\WINNT\system.ini
2009-03-25 07:57:10 ----A---- C:\WINNT\imsins.BAK
2009-03-21 15:19:06 ----A---- C:\WINNT\system32\dfrg.msc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-04-09 108552]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\System32\DRIVERS\CmBatt.sys [2003-06-19 9904]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver; C:\WINNT\system32\drivers\cwbwdm.sys [1999-11-01 79264]
R3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINNT\System32\DRIVERS\el575nd5.sys [1999-10-19 77072]
R3 neo20xx;neo20xx; C:\WINNT\System32\DRIVERS\neo20xx.sys [1999-10-18 39888]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 USB_RNDIS;TI AR7 DSL Modem Device Driver; C:\WINNT\System32\DRIVERS\usb8023k.sys [2005-07-20 11136]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-04-09 27656]
S1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2007-12-11 9336]
S1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2007-12-11 9464]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.Q-9\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 SDTHOOK;SDTHOOK; C:\WINNT\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 dmload;dmload; C:\WINNT\System32\drivers\dmload.sys [2003-06-19 7312]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------

katana
2009-04-15, 11:45
Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.

First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Click Link >>> HERE <<< Link (http://www.neoshine.co.uk/mina/Downloads/TTWipe.bat) and select "save as" and save it to your desktop
Double click TTWipe.bat
Reboot your machine for the changes to take effect.


===========================================

Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

===========================================

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Wizit
2009-04-29, 00:59
im sorry i havent posted anything yet, i have been having severe complications that have hindered me from being able. to do anything. i will try to get you that kaspersky log.

Wizit
2009-05-01, 01:23
Wednesday, April 29, 2009
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 29, 2009 23:15:23
Records in database: 2101635
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 22873
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 08:16:56

File name Threat name Threats count
C:\Documents and Settings\Administrator.Q-97FBMBPER9UG0\My Documents\FrostWire\Incomplete\T-3437481-partyboy song.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1
The selected area was scanned.




ComboFix 09-04-30.02 - Administrator 04/30/2009 4:26.5 - FAT32x86 NETWORK
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.127.82 [GMT -5:00]
Running from: c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Desktop\New Folder\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\IE4 Error Log.txt
.
---- Previous Run -------
.
c:\winnt\system32\NCTTAudioFile.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IAS
-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2009-03-28 to 2009-04-30 )))))))))))))))))))))))))))))))
.

2009-04-29 11:49 . 2009-04-29 11:49 -------- d-----w c:\program files\FrostWire
2009-04-29 11:31 . 2009-04-29 11:31 -------- d-----w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Application Data\Jarte
2009-04-29 11:30 . 2009-04-29 11:30 -------- d-----w c:\program files\Jarte
2009-04-16 01:21 . 2009-04-16 01:21 58352 ----a-w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 01:21 . 2009-04-16 01:21 -------- d-----w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Application Data\AVS4YOU
2009-04-16 01:15 . 2009-04-16 01:15 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-16 01:14 . 2002-01-05 19:48 974848 ----a-w c:\winnt\system32\mfc70.dll
2009-04-16 01:14 . 2002-01-05 18:40 487424 ----a-w c:\winnt\system32\msvcp70.dll
2009-04-16 01:14 . 2003-05-22 04:50 344064 ----a-w c:\winnt\system32\msvcr70.dll
2009-04-16 01:14 . 2009-04-16 01:14 -------- d-----w c:\program files\AVS4YOU
2009-04-15 08:11 . 2009-04-15 08:11 -------- d--h--w c:\winnt\$SQLUninstallMDAC27SP1-KB927779-x86-ENU$
2009-04-15 08:01 . 2009-04-15 08:01 -------- d-----w c:\program files\MSXML 4.0
2009-04-15 00:38 . 2009-04-15 00:38 -------- d-----w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Application Data\U3
2009-04-14 03:24 . 2009-04-14 03:24 -------- d-----w C:\rsit
2009-04-14 01:27 . 2009-04-14 01:27 -------- d-----w c:\program files\Visagesoft
2009-04-13 23:41 . 2009-04-13 23:41 41808 ----a-w c:\winnt\system32\xfcodec.dll
2009-04-13 16:20 . 2008-09-08 07:14 1121280 ----a-w c:\winnt\system32\msxml3.dll
2009-04-13 16:07 . 2009-04-13 16:07 -------- d--h--r C:\MSOCache
2009-04-13 16:06 . 2009-04-13 16:06 -------- d-----w c:\program files\InstallShield Installation Information
2009-04-13 15:58 . 2009-04-13 15:58 -------- d-----w c:\program files\Avery Dennison
2009-04-13 15:58 . 2009-04-13 15:58 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Avery
2009-04-13 15:57 . 2002-07-10 15:33 24576 ----a-w c:\winnt\system32\dbmsvinn.dll
2009-04-13 15:57 . 2002-07-10 15:33 24576 ----a-w c:\winnt\system32\dbmsrpcn.dll
2009-04-13 15:57 . 2002-07-10 15:33 20480 ----a-w c:\winnt\system32\dbmsadsn.dll
2009-04-13 15:57 . 2002-07-10 15:33 24576 ----a-w c:\winnt\system32\dbmsgnet.dll
2009-04-13 15:57 . 2002-07-10 15:20 180800 ----a-w c:\winnt\system32\sqlunirl.dll
2009-04-13 15:57 . 2002-07-10 15:33 28672 ----a-w c:\winnt\system32\dbnmpntw.dll
2009-04-13 15:57 . 2002-07-10 15:20 45632 ----a-w c:\winnt\system32\cliconfg.exe
2009-04-13 15:57 . 2002-07-10 15:20 127552 ----a-w c:\winnt\system32\cliconfg.dll
2009-04-13 15:57 . 2002-08-11 18:27 44032 ----a-w c:\winnt\system32\msxml3r.dll
2009-04-13 15:50 . 2009-04-13 15:50 -------- d-----w c:\winnt\Downloaded Installations
2009-04-13 15:29 . 2009-04-13 15:29 -------- d-----w c:\program files\OpenAL
2009-04-13 15:29 . 2009-04-13 15:29 413696 ----a-w c:\winnt\system32\wrap_oal.dll
2009-04-13 15:29 . 2009-04-13 15:29 110592 ----a-w c:\winnt\system32\OpenAL32.dll
2009-04-13 00:45 . 2002-12-11 20:08 192512 ----a-w c:\winnt\system32\dllcache\unregmp2.exe
2009-04-13 00:45 . 2002-12-11 22:34 225280 ----a-w c:\winnt\system32\wmpdxm.dll
2009-04-13 00:45 . 2002-12-11 22:34 98304 ----a-w c:\winnt\system32\wmpshell.dll
2009-04-13 00:45 . 2002-12-11 22:34 2940928 ----a-w c:\winnt\system32\wmploc.dll
2009-04-13 00:45 . 2002-12-11 20:09 20480 ----a-w c:\winnt\system32\wmpcore.dll
2009-04-13 00:45 . 2002-12-11 20:09 20480 ----a-w c:\winnt\system32\wmpcd.dll
2009-04-13 00:45 . 2002-12-11 20:09 20480 ----a-w c:\winnt\system32\wmpui.dll
2009-04-12 23:54 . 2009-04-12 23:54 -------- d-----w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Application Data\Xfire Plus
2009-04-12 23:53 . 2009-04-12 23:53 -------- d-----w c:\program files\Xfire Plus
2009-04-10 02:37 . 2009-04-10 02:37 -------- d-----w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Application Data\AVGTOOLBAR
2009-04-10 01:18 . 2009-04-10 01:18 108552 ----a-w c:\winnt\system32\drivers\avgtdix.sys
2009-04-10 01:17 . 2009-04-10 01:17 325640 ----a-w c:\winnt\system32\drivers\avgldx86.sys
2009-04-10 01:16 . 2009-04-10 01:16 -------- d-----w c:\winnt\system32\drivers\Avg
2009-04-10 01:16 . 2009-04-10 01:16 -------- d-----w c:\program files\AVG
2009-04-10 01:16 . 2009-04-10 01:16 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\avg8
2009-04-10 01:15 . 2009-04-10 01:15 -------- d-----w c:\winnt\winsxs
2009-04-06 23:01 . 2009-03-26 21:49 15504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-04-06 23:01 . 2009-03-26 21:49 38496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-04-06 23:01 . 2009-04-06 23:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 22:48 . 2009-04-06 22:48 -------- d--h--w c:\documents and settings\All Users.WINNT\Application Data\CanonBJ
2009-04-06 22:48 . 2005-05-07 02:00 8704 ----a-w c:\winnt\system32\CNMVS7K.DLL
2009-04-06 22:48 . 2005-05-07 02:00 140288 ----a-w c:\winnt\system32\CNMLM7K.DLL
2009-04-06 22:47 . 2003-06-19 18:05 12592 ----a-w c:\winnt\system32\dllcache\usbscan.sys
2009-04-06 22:47 . 2003-06-19 18:05 12592 ----a-w c:\winnt\system32\drivers\usbscan.sys
2009-04-05 23:55 . 2003-02-28 23:26 46352 ----a-w c:\winnt\setdebug.exe
2009-04-05 23:55 . 2003-02-28 23:26 171280 ----a-w c:\winnt\system32\jit.dll
2009-04-05 23:55 . 2003-02-28 23:26 139536 ----a-w c:\winnt\system32\javaee.dll
2009-04-05 23:55 . 2003-02-28 21:35 6550 ----a-w c:\winnt\jautoexp.dat
2009-04-05 23:55 . 2003-02-28 21:34 313856 ----a-w c:\winnt\system32\dx3j.dll
2009-04-05 21:19 . 2009-04-05 21:19 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\NCH Software
2009-04-05 19:01 . 2009-04-05 19:01 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-05 18:30 . 2009-04-05 18:30 -------- d-----w c:\program files\Panda Security
2009-04-05 17:56 . 2009-04-05 17:56 -------- d-----w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Local Settings\Application Data\Help
2009-04-04 22:04 . 2009-04-04 22:04 -------- d-----w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Application Data\WinPatrol
2009-04-04 22:03 . 2009-04-04 22:03 -------- d-----w c:\program files\BillP Studios
2009-04-04 15:42 . 2009-04-04 15:42 -------- d-----w c:\program files\AskBarDis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 14:03 . 2009-03-22 19:28 664 ----a-w c:\winnt\system32\d3d9caps.dat
2009-04-18 14:03 . 2009-03-22 19:28 768 ----a-w c:\winnt\system32\d3d8caps.dat
2009-04-05 23:56 . 2009-04-05 23:56 2232 ----a-w c:\winnt\java\Packages\Data\BDBLJ7PN.DAT
2009-04-05 23:56 . 2009-04-05 23:56 155995 ----a-w c:\winnt\java\Packages\UDJNB9BT.ZIP
2009-04-05 23:56 . 2009-04-05 23:56 2678 ----a-w c:\winnt\java\Packages\Data\804WBNXZ.DAT
2009-04-05 23:55 . 2009-04-05 23:55 2678 ----a-w c:\winnt\java\Packages\Data\W8UXJLVF.DAT
2009-04-05 23:55 . 2009-04-05 23:55 2678 ----a-w c:\winnt\java\Packages\Data\R3Z9ZJX7.DAT
2009-04-05 23:55 . 2009-04-05 23:55 2678 ----a-w c:\winnt\java\Packages\Data\D3Z3JBP7.DAT
2009-04-05 23:55 . 2009-04-05 23:55 2678 ----a-w c:\winnt\java\Packages\Data\H39BP7B1.DAT
2009-03-28 04:44 . 2009-03-28 04:44 -------- d-----w c:\program files\NCH Software
2009-03-27 22:35 . 2008-11-10 03:45 34 ----a-w c:\documents and settings\Administrator.Q-97FBMBPER9UG0\jagex_runescape_preferences.dat
2009-03-24 20:47 . 2009-03-24 20:46 -------- d-----w c:\program files\Adaptec
2009-03-23 12:25 . 2009-03-23 12:25 -------- d-----w c:\program files\Common Files\Hypnotizer
2009-03-23 00:40 . 2009-03-23 00:40 -------- d-----w c:\program files\VideoLAN
2009-03-22 19:26 . 2009-03-22 19:25 -------- d-----w c:\program files\Xfire
2009-03-22 19:07 . 2009-03-22 19:07 -------- d-----w c:\program files\Philips
2009-02-19 22:33 . 2009-02-19 22:33 576512 ----a-w c:\winnt\system32\WININET.DLL
2009-02-19 07:36 . 2009-02-19 07:36 1223168 ----a-w c:\winnt\system32\quartz.dll
2009-02-08 15:16 . 1999-12-07 17:00 1644784 ----a-w c:\winnt\system32\WIN32K.SYS
2009-02-04 04:20 . 2009-02-04 04:20 47376 ----a-w c:\winnt\system32\secur32.dll
2007-08-11 18:41 . 2002-03-02 22:35 271 ---h--w c:\program files\desktop.ini
2007-08-11 18:41 . 2002-03-02 22:35 21952 ---h--w c:\program files\folder.htt
1998-12-09 06:53 . 1998-12-09 06:53 99840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 06:53 . 1998-12-09 06:53 70144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 06:53 . 1998-12-09 06:53 48640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 06:53 . 1998-12-09 06:53 31744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 06:53 . 1998-12-09 06:53 186368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 06:53 . 1998-12-09 06:53 17920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 03:08 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Performance Center"="c:\program files\Ascentive\Performance Center\APCMain.exe" [BU]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-03-17 337216]
"Xfire Music"="c:\program files\Xfire\xfiremusic.exe" [2006-11-21 253650]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"=
"wave2"=
"wave3"=
"wave4"=
"wave5"=
"wave6"=
"wave7"=
"wave8"=
"wave9"=
"midi1"=
"midi2"=
"midi3"=
"midi4"=
"midi5"=
"midi6"=
"midi7"=
"midi8"=
"midi9"=
"aux1"=
"aux2"=
"aux3"=
"aux4"=
"aux5"=
"aux6"=
"aux7"=
"aux8"=
"aux9"=
"mixer1"=
"mixer2"=
"mixer3"=
"mixer4"=
"mixer5"=
"mixer6"=
"mixer7"=
"mixer8"=
"mixer9"=

R3 SDTHOOK;SDTHOOK;c:\winnt\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\System32\Drivers\avgldx86.sys [2009-04-10 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]
S3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\winnt\system32\drivers\cwbwdm.sys [1999-11-02 79264]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\winnt\system32\DRIVERS\el575nd5.sys [1999-10-19 77072]
S3 neo20xx;neo20xx;c:\winnt\system32\DRIVERS\neo20xx.sys [1999-10-18 39888]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - audstub
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgTdiX
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - Dhcp
*Deregistered* - Diskperf
*Deregistered* - dmio
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - IpNat
*Deregistered* - IPSEC
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Messenger
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Npfs
*Deregistered* - NtmsSvc
*Deregistered* - Null
*Deregistered* - Parallel
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - RasAcd
*Deregistered* - RasAuto
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - Spooler
*Deregistered* - Srv
*Deregistered* - StiSvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - Wanarp
*Deregistered* - WinMgmt
*Deregistered* - Wmi
*Deregistered* - wuauserv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?gcht=HC&o=101676&l=dis
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator.Q-97FBMBPER9UG0\Application Data\Mozilla\Firefox\Profiles\ypncqb9x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 04:57
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(160)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1036)
c:\winnt\AppPatch\AcLayers.DLL
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\winnt\system32\SHDOCVW.DLL
.
Completion time: 2009-04-30 5:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 10:10

Pre-Run: 7,411,097,600 bytes free
Post-Run: 7,444,275,200 bytes free

301 --- E O F --- 2009-04-15 08:13

katana
2009-05-02, 00:01
Right, enough is enough,

You have posted here many times now Wizit.
Each time you have been asked to remove P2P as it is prone to spreading infections.
In this thread, you posted your log showing that P2P was installed.
I asked that you remove it, and your next log showed that it was still installed.

Finally, you post a Kaspersky log showing this

C:\~\FrostWire\Incomplete\T-3437481-partyboy song.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa

There are many people that try to keep their machines clean, and then get infected through no fault of their own.
I will go and help them rather than wasting my time cleaning your machine.

I recommend that you reformat your machine each time you have trouble with it in the future.


Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.