I have this malware in my machine, I have Avira antivirus running up to date... I do have system restore turned off as well as UAC. I followed the instruction in this link:
http://forums.majorgeeks.com/showthread.php?t=187883
but didn't work for me. Upon restart, the thing was still running and avira kept showing all kinds of warning messages about:
"Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\Windows\System32\xomkqnla.jg.
Action performed: Delete file"


combofix report:


ComboFix 09-07-05.04 - R^ 07/06/2009 17:44.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.966.1033.18.3070.1686 [GMT 3:00]
Running from: c:\users\R^\Desktop\ComboFix.exe
Command switches used :: c:\users\R^\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\ovfsthrwrtnqrxppaovwkmptpqiqgebtwxxmqc.sys"
"c:\windows\system32\ovfsthenlfisxoetbwcrfaiypqfdsyvckxercg.dat"
"c:\windows\system32\ovfsthepslptaltpkvuwptymibbesqkcuhwbve.dll"
"c:\windows\system32\ovfsthiochopjvdiwebsvhjkcestarftedfinw.dll"
"c:\windows\system32\ovfsthlqqqqctrpuysevdkwduyfjvpiquramqp.dll"
"c:\windows\system32\ovfsthmrxfnrvcnyririvvdvfnbovhisjcdyqk.dat"
"c:\windows\system32\ovfsthnwkecbpeipwxpmaylbvgyqhjepjdwpih.dll"
"c:\windows\system32\ovfsthnwxmteeoimfuqptdljpxdeqjhxlinwxq.dll"
"c:\windows\system32\ovfsthonoanhjkutvxrxgmporqehwnobrirkup.dll"
"c:\windows\system32\ovfsthqiyldcykdbmwuvemifhrvthomkvqfqjr.dat"
"c:\windows\system32\ovfsthuxvwpdctyogtexotprmahxqqglcaadgf.dll"
"c:\windows\system32\ovfsthvcdqxiesqyvyobutbnobaieyevtyuodc.dll"
"c:\windows\system32\ovfsthwnqrxtvrpqhdsowbskbbiqfkmhnexvwm.dat"
"c:\windows\Tasks\ParetoLogic Registration.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BReWErS.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 14:46 . 2009-07-06 14:49 -------- d-----w- c:\users\R^\AppData\Local\temp
2009-07-06 14:30 . 2009-07-06 14:30 1343190 ----a-w- C:\MGtools.exe
2009-07-06 14:30 . 2009-07-06 14:42 209243 ----a-w- C:\MGlogs.zip
2009-07-06 14:30 . 2009-07-06 14:42 -------- d-----w- C:\MGtools
2009-07-04 07:44 . 2009-07-04 07:44 -------- d-----w- c:\programdata\MumboJumbo
2009-07-04 07:43 . 2009-07-04 07:43 -------- d-----w- c:\program files\Games
2009-07-01 14:28 . 2009-07-01 14:29 -------- d-----w- C:\xampp
2009-06-30 11:37 . 2009-06-30 11:37 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-30 11:37 . 2009-06-30 11:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-30 11:37 . 2009-06-30 11:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-30 11:33 . 2009-06-30 11:37 -------- d-----w- c:\users\R^\AppData\Roaming\DAEMON Tools Lite
2009-06-27 13:40 . 2009-06-27 13:40 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-25 19:33 . 2009-06-25 19:33 17488 ----a-w- c:\windows\etdrv.sys
2009-06-25 19:31 . 2009-06-25 19:31 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-06-25 19:30 . 2009-06-25 19:31 17488 ----a-w- c:\windows\gdrv.sys
2009-06-25 09:17 . 2009-06-25 09:18 -------- d-----w- c:\program files\TVersity Codec Pack
2009-06-25 09:11 . 2009-06-25 09:11 -------- d-----w- c:\program files\TVersity
2009-06-22 12:23 . 2009-06-22 12:23 239088 ----a-w- c:\users\R^\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-06-14 10:37 . 2009-06-14 10:37 -------- d-----w- C:\Hotspot Shield
2009-06-12 14:59 . 2009-06-12 14:59 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-12 14:58 . 2008-09-25 12:40 20888640 ----a-w- c:\windows\system32\AppSetup.exe
2009-06-09 23:44 . 2009-06-09 23:44 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-06-07 16:05 . 2009-06-07 16:05 -------- d-----w- c:\program files\Empire Interactive
2009-06-07 15:52 . 2009-06-07 15:52 -------- d-----w- c:\users\R^\AppData\Roaming\Logitech
2009-06-07 15:51 . 2009-02-18 21:26 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-06-07 15:51 . 2009-02-18 21:27 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-06-07 15:51 . 2009-02-18 21:27 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-06-07 15:51 . 2009-02-18 21:27 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-06-07 15:51 . 2009-02-18 21:27 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-06-07 15:51 . 2009-06-07 15:52 -------- d-----w- c:\programdata\Logitech
2009-06-07 15:49 . 2009-06-07 15:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-07 15:49 . 2009-06-07 15:49 -------- d-----w- c:\windows\system32\AGEIA
2009-06-07 15:49 . 2009-06-07 15:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 15:47 . 2009-04-26 21:42 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 14:48 . 2009-06-07 16:02 55762 ----a-w- c:\programdata\nvModes.dat
2009-07-06 14:46 . 2008-08-24 02:09 4956 ----a-w- c:\windows\bthservsdp.dat
2009-07-06 14:34 . 2008-11-15 17:31 -------- d-----w- c:\users\R^\AppData\Roaming\uTorrent
2009-07-05 20:01 . 2009-01-16 03:26 -------- d-----w- c:\program files\BitComet
2009-07-04 16:55 . 2009-01-20 16:30 -------- d-----w- c:\users\R^\AppData\Roaming\Image Zone Express
2009-07-04 16:02 . 2008-08-23 21:38 -------- d-----w- c:\program files\FlashGet
2009-07-04 07:28 . 2008-08-23 19:31 79152 ----a-w- c:\windows\system32\perfc001.dat
2009-07-04 07:28 . 2008-08-23 19:31 441774 ----a-w- c:\windows\system32\perfh001.dat
2009-06-30 11:37 . 2008-08-23 20:24 -------- d-----w- c:\users\R^\AppData\Roaming\DAEMON Tools
2009-06-30 11:33 . 2008-08-23 20:24 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-25 19:30 . 2008-08-23 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 19:30 . 2008-11-19 05:30 -------- d-----w- c:\program files\GIGABYTE
2009-06-24 12:33 . 2008-01-02 20:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-21 00:43 . 2009-02-23 01:54 -------- d-----w- c:\users\R^\AppData\Roaming\MxBoost
2009-06-12 15:25 . 2008-08-29 17:31 -------- d-----w- c:\programdata\Creative
2009-06-12 15:15 . 2008-08-31 19:30 -------- d-----w- c:\program files\Creative
2009-06-12 15:00 . 2008-08-29 17:31 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-12 15:00 . 2008-08-29 17:31 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-07 16:02 . 2008-08-23 16:39 -------- d-----w- c:\programdata\NVIDIA
2009-06-07 16:00 . 2008-08-23 20:25 -------- d-----w- c:\program files\Foxit Software
2009-06-07 15:51 . 2008-08-26 09:46 -------- d-----w- c:\program files\Common Files\Logishrd
2009-06-07 15:51 . 2008-08-26 09:46 -------- d-----w- c:\program files\Logitech
2009-06-07 15:45 . 2008-08-23 06:16 1356 ----a-w- c:\users\R^\AppData\Local\d3d9caps.dat
2009-06-07 15:39 . 2009-03-30 14:04 -------- d-----w- c:\program files\MediaMonkey
2009-06-07 14:51 . 2008-08-30 00:42 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-05 12:10 . 2009-06-05 12:10 0 ----a-w- c:\windows\system32\cid_store.dat
2009-06-05 11:32 . 2009-06-04 12:05 -------- d-----w- c:\program files\Opera 10 Beta
2009-06-05 07:43 . 2009-06-05 07:43 -------- d-----w- c:\program files\City Interactive
2009-06-04 16:15 . 2009-06-04 16:15 390664 ----a-w- c:\users\R^\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-04 16:09 . 2009-06-04 16:09 -------- d-----w- c:\program files\Common Files\Real
2009-06-04 16:09 . 2009-06-04 16:09 -------- d-----w- c:\program files\Real
2009-06-03 00:44 . 2008-08-23 21:47 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-02 13:12 . 2008-08-23 20:22 -------- d-----w- c:\users\R^\AppData\Roaming\HP
2009-06-01 18:13 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-29 21:37 . 2008-01-02 20:29 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2008-01-02 20:29 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-21 12:00 . 2009-06-05 11:51 448100 ----a-w- c:\users\R^\AppData\Roaming\Maxthon2\Plugin\AdHunterEnhancer\AdHunterEnhancer.exe
2009-05-20 09:05 . 2009-06-05 11:51 287232 ----a-w- c:\users\R^\AppData\Roaming\Maxthon2\Plugin\AdHunterEnhancer\curl.exe
2009-05-18 10:40 . 2009-06-05 11:51 505873 ------w- c:\users\R^\AppData\Roaming\Maxthon2\Plugin\AdHunterEnhancer\sqlite3.dll
2009-05-17 03:40 . 2009-05-17 02:35 -------- d-----w- c:\users\R^\AppData\Roaming\Azureus
2009-05-17 03:40 . 2009-05-17 03:40 -------- d-----w- c:\users\R^\AppData\Roaming\Samsung
2009-05-17 03:40 . 2009-05-17 03:40 -------- d-----w- c:\program files\MarkAny
2009-05-17 03:39 . 2009-05-17 03:39 -------- d-----w- c:\program files\Samsung
2009-05-17 02:35 . 2009-05-17 02:35 -------- d-----w- c:\programdata\Azureus
2009-05-15 22:43 . 2009-05-15 22:43 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-10 19:30 . 2009-01-14 08:02 -------- d-----w- c:\users\R^\AppData\Roaming\Download Manager
2009-05-03 21:57 . 2008-08-23 06:16 115576 ----a-w- c:\users\R^\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 21:02 . 2008-01-02 20:29 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2008-01-02 20:29 685056 ----a-w- c:\windows\system32\divx.dll
2009-04-30 21:08 . 2009-04-30 21:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 21:08 . 2009-04-30 21:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll
2009-04-30 21:07 . 2009-04-30 21:07 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-04-30 21:07 . 2009-04-30 21:07 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-04-30 21:07 . 2009-04-30 21:07 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-04-30 21:07 . 2009-04-30 21:07 4020768 ----a-w- c:\windows\system32\nvdisps.dll
2009-04-30 21:07 . 2009-04-30 21:07 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-04-30 21:07 . 2009-04-30 21:07 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-04-30 21:07 . 2009-04-30 21:07 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-04-30 21:07 . 2009-04-30 21:07 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-04-30 21:07 . 2009-04-30 21:07 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-04-30 21:07 . 2009-04-30 21:07 13781536 ----a-w- c:\windows\system32\nvcpl.dll
2009-04-30 21:07 . 2009-04-30 21:07 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-04-30 19:02 . 2009-04-30 19:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-04-30 19:02 . 2009-04-30 19:02 983552 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 19:02 . 2009-04-30 19:02 7593472 ----a-w- c:\windows\system32\nvd3dum.dll
2009-04-30 19:02 . 2009-04-30 19:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 19:02 . 2009-04-30 19:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-30 19:02 . 2009-04-30 19:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-04-30 19:02 . 2009-04-30 19:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 19:02 . 2009-04-30 19:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-04-30 19:02 . 2009-04-30 19:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-30 19:02 . 2009-04-30 19:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 19:02 . 2009-04-30 19:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll
2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-01-05 16:35 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\R^\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552]

c:\users\R^\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2008-8-31 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-7 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^R^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiRes.lnk]
path=c:\users\R^\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
backup=c:\windows\pss\MultiRes.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^R^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\R^\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-904457140-3643991407-2903533113-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B84790F7-5014-4FD5-9987-AE73BC3D9854}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{9954C2BF-843E-4930-8D89-5037AE1DC682}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C0F8C1BD-46B0-46EB-86D7-F6A28E4FAB20}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DAF7C1F1-FEA5-4815-88C3-189E4555FBF4}"= UDP:26581:BitComet 26581 TCP
"{4943DB9A-7DAF-4871-8ADB-8AA60CD55334}"= TCP:26581:BitComet 26581 UDP
"TCP Query User{22DD8D47-E2FD-4E0F-9361-1083AB1F1AAB}x:\\r^s apps\\bitcomet\\bitcomet.exe"= UDP:x:\r^s apps\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{30C4C6E3-EE1D-48D0-A268-B7F356EC245E}x:\\r^s apps\\bitcomet\\bitcomet.exe"= TCP:x:\r^s apps\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{A0BA9A55-300B-4E72-9224-EA73F849C7E9}"= UDP:26581:BitComet 26581 TCP
"{7C518A80-36DE-4660-B7CA-60995C5E192B}"= TCP:26581:BitComet 26581 UDP
"{CF32F3D3-DA4B-4FA0-BBDA-F0A38745684B}"= UDP:x:\cod4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0BDEB05C-2A49-4F8E-84E5-14A0D520F441}"= TCP:x:\cod4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{FE7D7C60-034F-45E3-BAC4-31380E70C541}"= UDP:22435:BitComet 22435 TCP
"{4507DA2C-8B84-4279-8CF2-B75C6585AE99}"= TCP:22435:BitComet 22435 UDP
"{61BC3709-9A3E-4F34-80D3-6C26FB908276}"= UDP:22435:BitComet 22435 TCP
"{1FB4D3A2-2B27-4E9A-A726-A68C6A0FC87D}"= TCP:22435:BitComet 22435 UDP
"TCP Query User{0C1BE72A-CA87-4A1C-9474-EC58A660BC06}x:\\r^s apps\\bitcomet\\bitcomet.exe"= UDP:x:\r^s apps\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{903D5829-E438-40A2-A270-6DE28EC0D6E8}x:\\r^s apps\\bitcomet\\bitcomet.exe"= TCP:x:\r^s apps\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{BB328BBC-9875-4C8B-9913-9B7E75286F19}c:\\users\\r^\\appdata\\roaming\\maxthon\\maxthon.exe"= UDP:c:\users\r^\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"UDP Query User{C004C881-45B5-48CA-B62B-52D352A8389C}c:\\users\\r^\\appdata\\roaming\\maxthon\\maxthon.exe"= TCP:c:\users\r^\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"{A514221B-2B69-47B5-9B16-86161AE3142C}"= UDP:x:\new folder\FarCry 2\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{7CDF75EE-4789-42C4-BAC4-3AB1FE5B6AB5}"= TCP:x:\new folder\FarCry 2\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{83D5C44B-BA6A-497B-8B35-DB5D6FE460C3}"= UDP:x:\new folder\FarCry 2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{199E4352-B3EE-4F91-B932-0E8427508253}"= TCP:x:\new folder\FarCry 2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{E4A2CA93-E4BE-4668-B0DD-F4CDFD135730}"= UDP:x:\new folder\FarCry 2\Far Cry 2\bin\FC2Editor.exe:Editor
"{13F05B84-E6EA-4799-BD55-BF65D7703386}"= TCP:x:\new folder\FarCry 2\Far Cry 2\bin\FC2Editor.exe:Editor
"{2CCBF931-0BFF-4C8F-BCD3-5B1005BA7E90}"= UDP:15297:BitComet 15297 TCP
"{80B4C843-CE39-4C96-A7BB-228DA56B295B}"= TCP:15297:BitComet 15297 UDP
"{75F4ABE4-E899-4505-BC7E-4079BC4F7014}"= UDP:23186:BitComet 23186 TCP
"{33E43104-2FC1-47CB-A5F8-AFAFE23DE75F}"= TCP:23186:BitComet 23186 UDP
"{B22EC053-4F94-4C27-85C6-03AD415A5D26}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{AB2D00AD-AA14-4E98-A1FE-5E5942582B77}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3C91B14F-EFFC-47C6-BF58-5BED0CFE68B0}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3F5F4CC2-7D14-450F-9CAA-FD6A7546A10E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8E2B64C9-055B-45DF-8C41-4E015ED92D79}"= UDP:x:\new folder\Activision\Call.Of.Duty.World.At.War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{074B004E-B067-476C-A770-4D6CB34DD7A6}"= TCP:x:\new folder\Activision\Call.Of.Duty.World.At.War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{03211D90-A26B-4C39-988C-1238C58A8689}"= UDP:x:\new folder\Activision\Call.Of.Duty.World.At.War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{9AD073D4-BEAD-41F3-AB33-63853640E7B2}"= TCP:x:\new folder\Activision\Call.Of.Duty.World.At.War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{868BB7DE-199E-4CBD-9321-65225FD5C26B}"= UDP:c:\users\R^\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{8DEA53B0-68B7-4A9D-8F8B-BAF2BAAB5341}"= TCP:c:\users\R^\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{BACC73C5-FEDF-479A-9C61-0B78CB1541E2}"= UDP:c:\users\R^\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{CBCBF5D3-5B5A-4DA2-8DA6-C350644FF62C}"= TCP:c:\users\R^\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{D27F915B-476E-4F22-9618-E3B30A2C9D38}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{97FBA655-4193-4927-A5A6-42E18D2AFBFB}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{29FD151A-6106-4481-8DBF-46331E0DABC1}"= UDP:x:\new folder\Deer Hunter Tournament\Deer Hunter Tournament\DHT.exe:Deer Hunter Tournament
"{2D083C31-D5D9-46E9-A914-3402DC33E3E5}"= TCP:x:\new folder\Deer Hunter Tournament\Deer Hunter Tournament\DHT.exe:Deer Hunter Tournament
"{C11B0237-45D6-48BD-89AA-FEA47A5A3AE1}"= UDP:x:\new folder\Deer Hunter Tournament\Deer Hunter Tournament\Updater.exe:Deer Hunter Tournament Current Updater
"{26EEDEB2-68ED-478F-9D9B-90588C5B6F4A}"= TCP:x:\new folder\Deer Hunter Tournament\Deer Hunter Tournament\Updater.exe:Deer Hunter Tournament Current Updater
"{F300CD6E-7525-45EC-A19B-BFD87F7B34C4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{CDBE90E9-3FCD-4753-A30B-7832BE028184}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{BA1DC956-260F-4347-B0BC-131D4FCCE791}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{57EA87BF-4813-417A-9687-305E0EBC079C}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{B4B0AB3D-F0BC-4768-8D22-67A1C5B4531D}"= UDP:x:\new folder\Grand_Theft_Auto_IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{B3160C14-A90F-43F5-9110-58E10D83F7F5}"= TCP:x:\new folder\Grand_Theft_Auto_IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{D1A38811-C3D8-4D80-95EB-FE0FAD11D2A4}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{C7D135FF-E73D-43F8-8927-15B5F4E61EFA}"= UDP:23186:BitComet 23186 TCP
"{4940E2C5-185C-420F-881F-BA28BABE98AC}"= TCP:23186:BitComet 23186 UDP
"{9F4FFD83-968F-4F9E-B7DF-D026A81BDEC1}"= UDP:7999:BitComet 7999 TCP
"{30EE72E4-1FD9-4EFB-BC84-FF506B6BE766}"= TCP:7999:BitComet 7999 UDP
"{2EDC1F29-1DD7-4EEB-BD93-EACB2C5B1712}"= UDP:24049:BitComet 24049 TCP
"{1DE79EB3-82B8-4F39-A016-E75C496AB026}"= TCP:24049:BitComet 24049 UDP
"{80D98784-5B3D-48FA-A5DD-8A5A06CAF397}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2C9BC0DB-F228-4910-BB6A-1BD12DA8CC3E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{48E90AEF-3A72-4395-8885-0E9C14C427E0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2D622316-10B9-4F74-AC0F-F8883198C3EA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA56EBFE-7C48-489C-BAE3-6698DE259C00}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2E97265-C286-4A01-B444-61A4CF1CA855}"= UDP:19544:BitComet 19544 TCP
"{3E83B263-61E5-49EF-830D-C04F30AD6AD7}"= TCP:19544:BitComet 19544 UDP
"{57A58BF7-9EF6-40CD-9DB9-214D4A9808E2}"= UDP:27312:BitComet 27312 TCP
"{E2FBBC8E-68B6-4166-8176-71B841DC7C1C}"= TCP:27312:BitComet 27312 UDP
"{5B898FCC-9E81-4AA6-A8D4-0EF84A1C1E11}"= UDP:22718:BitComet 22718 TCP
"{D4A03BB8-BDC8-4F39-82C5-0DD3CCB8080E}"= TCP:22718:BitComet 22718 UDP
"{7ED4EB24-421B-443E-A2A4-4EEF7F96001B}"= UDP:43186:BitComet 43186 TCP
"{E6EA1822-FB40-4A3C-8D63-A30A26250167}"= TCP:43186:BitComet 43186 UDP
"{F724270D-9DAF-4EE9-8FB8-2513D5AE869F}"= UDP:12944:BitComet 12944 TCP
"{D5C4EB70-9E96-4131-8B05-587863A3871C}"= TCP:12944:BitComet 12944 UDP
"{BAA0A842-5057-476D-A70B-4666ACEED38B}"= UDP:27149:BitComet 27149 TCP
"{E0FF89CD-6C72-4EA4-977D-43B1AF544197}"= TCP:27149:BitComet 27149 UDP
"{6CBE632E-FF8F-4A1B-B1F0-4C8B58A656B3}"= UDP:27149:BitComet 27149 TCP
"{F91DA4E7-BB11-4E4B-882E-226D1C6E66F5}"= TCP:27149:BitComet 27149 UDP
"{6AF40616-7B19-473D-AB46-80BDADA7E472}"= UDP:x:\new folder\Burnout.Paradise.The.Ultimate.Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{D152E9C5-4149-4F46-A4D9-53DC332403EA}"= TCP:x:\new folder\Burnout.Paradise.The.Ultimate.Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{D04C0C92-53E7-4CEA-BC05-CD6AC03EE59D}"= UDP:x:\new folder\Burnout.Paradise.The.Ultimate.Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{334544E5-8788-4E85-8EA2-F0EC0FAB25E1}"= TCP:x:\new folder\Burnout.Paradise.The.Ultimate.Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{8C49CAA5-532A-49D5-82A6-DF5094136E3D}"= UDP:x:\new folder\Burnout.Paradise.The.Ultimate.Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{6A5B64FF-A5AD-4CE0-852D-FC9E816620E5}"= TCP:x:\new folder\Burnout.Paradise.The.Ultimate.Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{7D63BC1B-33B3-4D6E-AAE2-62D2961C43DF}"= UDP:x:\new folder\Grand_Theft_Auto_IV\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{96CA9F63-0B9F-4BFB-AD08-A84B7970597E}"= TCP:x:\new folder\Grand_Theft_Auto_IV\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{9AA0DA2E-A223-4A55-AEAA-3B5D98F95572}"= UDP:12355:BitComet 12355 TCP
"{F9C158B4-5A3C-45E0-A47E-F7D7690B4D53}"= TCP:12355:BitComet 12355 UDP
"{ACF6A07A-38FC-4A39-9888-629E841B1264}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{EABD3D52-B73B-4BD1-A718-F689A0670866}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{D53A62AE-9612-4D1C-B288-B0EF1B015D0F}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{ABDBA3E2-9D56-42BF-9891-1AB75E8F77D3}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{B58106A3-D11B-4595-B6AF-F4FD6CA9AE3C}"= UDP:6881:BitComet 6881 TCP
"{BC764D26-DD49-4B40-AC5E-AB16A11A6158}"= TCP:6881:BitComet 6881 UDP
"{F4D00041-EB4F-417B-90F2-012B68DE866E}"= UDP:21853:BitComet 21853 TCP
"{FE06AC5E-2BC5-4EA8-AC66-1CEC0F2ABB2A}"= TCP:21853:BitComet 21853 UDP
"{59670CB2-878B-486B-9FE4-C31951715498}"= Disabled:UDP:x:\new folder\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{43555050-239E-461E-A67E-463EBD80DDE4}"= Disabled:TCP:x:\new folder\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{0AA489CD-25D1-4377-86F7-5E1274FD53C5}"= Disabled:UDP:x:\shortcuts\Games\PES2008.exe:Pro Evolution Soccer 2008
"{75D61F58-24A1-4153-A743-84DC8AF93422}"= Disabled:TCP:x:\shortcuts\Games\PES2008.exe:Pro Evolution Soccer 2008
"{B5093641-90E1-467F-AD5C-E69F516C4F74}"= Disabled:UDP:c:\users\R^\Desktop\PES2008.exe:Pro Evolution Soccer 2008
"{93F3115F-EFD0-4380-84E8-12A525EA42F9}"= Disabled:TCP:c:\users\R^\Desktop\PES2008.exe:Pro Evolution Soccer 2008
"{89F09D61-7094-4DF5-B359-3D8B1C8EE2EB}"= Disabled:UDP:x:\new folder\pes09\pes2009.exe:Pro Evolution Soccer 2009
"{7239270A-C11B-4AF6-B622-39038BCE9901}"= Disabled:TCP:x:\new folder\pes09\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{49498AC6-60FC-4FA1-ABAB-C81C01F39D7A}c:\\users\\r^\\desktop\\new folder\\setup.exe"= Disabled:UDP:c:\users\r^\desktop\new folder\setup.exe:setup.exe
"UDP Query User{3654DE7D-FDE6-453D-8726-17A5D8D9A360}c:\\users\\r^\\desktop\\new folder\\setup.exe"= Disabled:TCP:c:\users\r^\desktop\new folder\setup.exe:setup.exe
"{06DB4A30-212F-4E62-A01F-A6000B2A6058}"= UDP:c:\program files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{C9A26821-E433-4727-BC41-FE51404A38B6}"= TCP:c:\program files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{887C9E82-1F4E-435C-A980-8F33E613E51F}"= UDP:x:\new folder\Prototype\prototypef.exe:Prototype(TM)
"{D5E69C5E-4D9A-4A71-ACD5-B02E74C14C3E}"= TCP:x:\new folder\Prototype\prototypef.exe:Prototype(TM)
"{55437AC5-DF56-4403-A11D-561F14AA645F}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{3914E79D-AD3D-49C1-8FDD-E7E8B01D2D31}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {7BC1CB97-D92E-4123-A451-F8391DAD07E8},{DB80880D-A38B-443C-B4A3-CE335E6D1081},{13B3E5CF-A8E4-4890-8276-3847DA50FCDB},{269F646A-23A1-4526-BED3-185EACDA1487}

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/1/2008 03:51 AM 108289]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [5/17/2009 06:40 AM 233472]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 09:13 PM 331312]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [10/8/2008 01:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [10/8/2008 01:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [10/8/2008 01:21 AM 72728]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [5/17/2009 06:40 AM 36608]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\System32\drivers\HssDrv.sys [6/1/2009 09:13 PM 33840]
R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr61.sys [11/26/2008 01:51 PM 333824]
S2 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 09:58 PM 34352]
S3 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/10/2008 02:10 AM 24636]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/12/2009 05:59 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [10/8/2008 01:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [10/8/2008 01:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [10/8/2008 01:21 AM 72728]
S3 etdrv;etdrv;c:\windows\etdrv.sys [6/25/2009 10:33 PM 17488]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [11/9/2008 12:47 PM 13352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904457140-3643991407-2903533113-1000Core.job
- c:\users\R^\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 01:07]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904457140-3643991407-2903533113-1000UA.job
- c:\users\R^\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 01:07]

2009-07-06 c:\windows\Tasks\User_Feed_Synchronization-{F92A358E-8E60-47BF-AAB6-AA33464EADD8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:23]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NPSStartup - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: download.com
FF - ProfilePath - c:\users\R^\AppData\Roaming\Mozilla\Firefox\Profiles\nagnoczi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\R^\AppData\Roaming\Mozilla\Firefox\Profiles\nagnoczi.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\users\R^\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\R^\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 17:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-904457140-3643991407-2903533113-1000\Software\SecuROM\License information*]
"datasecu"=hex:bf,8d,68,82,f0,a8,13,d6,f7,05,a0,f6,3d,09,8e,bf,63,57,59,e1,93,
de,37,3f,7a,95,54,91,b9,f9,28,e3,e2,0d,4a,9d,df,15,bc,22,35,82,67,c3,18,08,\
"rkeysecu"=hex:53,c7,12,ee,10,b4,1d,97,fb,87,30,fa,37,df,3c,d9

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4372)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
SystemRoot\System32\smss.exe [476]
c:\windows\system32\csrss.exe [544]
c:\windows\system32\wininit.exe [576]
c:\windows\system32\csrss.exe [596]
c:\windows\system32\services.exe [632]
c:\windows\system32\lsass.exe [648]
c:\windows\system32\lsm.exe [656]
c:\windows\system32\svchost.exe [808]
c:\windows\system32\winlogon.exe [840]
c:\windows\system32\nvvsvc.exe [908]
c:\windows\system32\svchost.exe [936]
c:\windows\System32\svchost.exe [1032]
c:\windows\System32\svchost.exe [1060]
c:\windows\system32\svchost.exe [1072]
c:\program files\Creative\Shared Files\CTAudSvc.exe [1188]
c:\windows\system32\svchost.exe [1204]
c:\windows\system32\SLsvc.exe [1244]
c:\windows\system32\svchost.exe [1300]
c:\windows\system32\svchost.exe [1400]
c:\windows\System32\spoolsv.exe [1700]
c:\program files\Avira\AntiVir Desktop\sched.exe [1736]
c:\windows\system32\nvvsvc.exe [1756]
c:\windows\system32\svchost.exe [1784]
c:\windows\system32\Dwm.exe [524]
c:\windows\system32\taskeng.exe [800]
c:\program files\Avira\AntiVir Desktop\avguard.exe [1292]
c:\windows\system32\svchost.exe [1416]
c:\windows\system32\FsUsbExService.Exe [344]
c:\program files\Hotspot Shield\bin\openvpnas.exe [416]
c:\windows\system32\svchost.exe [2104]
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2120]
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2256]
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2284]
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2356]
c:\windows\System32\svchost.exe [2368]
c:\windows\system32\conime.exe [2392]
c:\program files\CDBurnerXP\NMSAccessU.exe [2468]
c:\windows\System32\svchost.exe [2488]
c:\windows\system32\svchost.exe [2508]
c:\windows\system32\svchost.exe [2540]
c:\windows\System32\svchost.exe [2576]
c:\windows\system32\taskeng.exe [2620]
c:\program files\Internet Explorer\iexplore.exe [2700]
c:\windows\system32\WUDFHost.exe [3256]
c:\windows\system32\CF5266.exe [4068]
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [2068]
c:\windows\System32\Ctxfihlp.exe [1792]
c:\program files\Avira\AntiVir Desktop\avgnt.exe [3920]
c:\windows\ehome\ehtray.exe [4024]
c:\program files\Logitech\SetPoint\SetPoint.exe [700]
c:\windows\system32\wbem\unsecapp.exe [2328]
c:\windows\ehome\ehmsas.exe [3160]
c:\windows\system32\wbem\wmiprvse.exe [3884]
c:\windows\SYSTEM32\CTXFISPI.EXE [4304]
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE [5744]
c:\windows\Explorer.exe [4372]
c:\?\c:\windows\system32\wbem\WMIADAP.EXE [11724]
c:\combofix\catchme.cfexe [2912]
.
**************************************************************************
.
Completion time: 2009-07-06 17:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 14:53

Pre-Run: 8,578,756,608 bytes free
Post-Run: 8,408,739,840 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
486 --- E O F --- 2009-05-03 20:02

Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:36:15 PM, on 7/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\NOTEPAD.EXE
C:\MGtools.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\MGTools\analyse.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\R^\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.download.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 9909 bytes


"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------


WARNING
Ok, there are a things that I feel need to be mentioned here ....

1) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

2) You should NEVER UNDER ANY CIRCUMSTANCE use a combofix script that has been created for another user
This is extremely dangerous !!!!!!!!!!!!!!!!

3) REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall all P2P programs ) NOW.


----------------------------------------------------------------------------------------
Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.


Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

Thank you katana,
I ran RSIT, it showed both txt files, I didn't save them and left them open, I ran gmer. It ran fine, then showed a rootkit message and suggested a full scan. I pressed YES like you said, but a BSOD showed up with this message:

STOP: 0X0000008e (0Xc0000005, 0X830A1842, 0X8AD89A54, 0X00000000)

I restarted the system, ran RSIT; but it only shows log.txt, no info.txt shows up after scan. I tried to run gmer 4 times, but keep on getting BSOD's with the same message!


log.txt report:
Logfile of random's system information tool 1.06 (written by random/random)
Run by R^ at 2009-07-07 21:16:15
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 8 GB (17%) free of 48 GB
Total RAM: 3070 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:16:16 PM, on 7/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Users\R^\Desktop\RSIT.exe
C:\Program Files\trend micro\R^.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\R^\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.download.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

--
End of file - 7511 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-904457140-3643991407-2903533113-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-904457140-3643991407-2903533113-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{F92A358E-8E60-47BF-AAB6-AA33464EADD8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-04 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [2009-01-16 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-06-20 2296832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2009-01-30 2133056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-07 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-01-05 218160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-06-20 2296832]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2009-01-30 2133056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-05-01 13781536]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-12-18 76304]
"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-10-07 23552]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-07 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\R^\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360desktop]
C:\Program Files\360desktop\360desktop.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\Windows\system32\CTXFIHLP.EXE [2008-10-07 23552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\R^\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2008-12-18 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-03-14 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe /NoDialog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2009-05-01 13781536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2009-05-01 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
X:\New Folder\Grand_Theft_Auto_IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-22 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-04 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\Windows\UpdReg.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-02-19 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^R^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiRes.lnk]
C:\Program Files\MultiRes\MultiRes.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^R^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\R^\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote Table Of Contents.onetoc2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-07-07 20:34:58 ----D---- C:\rsit
2009-07-07 20:34:58 ----D---- C:\Program Files\trend micro
2009-07-07 15:15:43 ----A---- C:\Windows\system32\javaws.exe
2009-07-07 15:15:43 ----A---- C:\Windows\system32\javaw.exe
2009-07-07 15:15:43 ----A---- C:\Windows\system32\java.exe
2009-07-07 15:15:43 ----A---- C:\Windows\system32\deploytk.dll
2009-07-07 00:35:16 ----D---- C:\Program Files\CPUID
2009-07-06 17:53:52 ----A---- C:\ComboFix.txt
2009-07-06 17:48:14 ----SHD---- C:\$RECYCLE.BIN
2009-07-06 17:46:25 ----D---- C:\Windows\temp
2009-07-06 17:42:30 ----A---- C:\Windows\zip.exe
2009-07-06 17:42:30 ----A---- C:\Windows\SWXCACLS.exe
2009-07-06 17:42:30 ----A---- C:\Windows\SWSC.exe
2009-07-06 17:42:30 ----A---- C:\Windows\SWREG.exe
2009-07-06 17:42:30 ----A---- C:\Windows\sed.exe
2009-07-06 17:42:30 ----A---- C:\Windows\PEV.exe
2009-07-06 17:42:30 ----A---- C:\Windows\NIRCMD.exe
2009-07-06 17:42:30 ----A---- C:\Windows\grep.exe
2009-07-06 17:42:20 ----D---- C:\Windows\ERDNT
2009-07-06 17:42:19 ----A---- C:\Windows\ntbtlog.txt
2009-07-06 17:42:17 ----D---- C:\Qoobox
2009-07-06 17:30:55 ----A---- C:\MGtools.exe
2009-07-06 17:30:24 ----D---- C:\MGtools
2009-07-04 10:44:37 ----D---- C:\ProgramData\MumboJumbo
2009-07-04 10:43:27 ----D---- C:\Program Files\Games
2009-07-01 17:28:28 ----D---- C:\xampp
2009-06-30 14:37:04 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-06-30 14:37:02 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-06-30 14:37:01 ----D---- C:\Program Files\DAEMON Tools Lite
2009-06-30 14:33:13 ----D---- C:\Users\R^\AppData\Roaming\DAEMON Tools Lite
2009-06-25 12:17:12 ----D---- C:\Program Files\TVersity Codec Pack
2009-06-25 12:11:17 ----D---- C:\Program Files\TVersity
2009-06-14 13:37:41 ----D---- C:\Hotspot Shield
2009-06-12 17:59:23 ----D---- C:\Program Files\Common Files\Creative Labs Shared
2009-06-12 17:58:18 ----A---- C:\Windows\system32\AppSetup.exe
2009-06-10 02:44:23 ----D---- C:\Program Files\Free Offers from Freeze.com

======List of files/folders modified in the last 1 months======

2009-07-07 21:15:16 ----D---- C:\Windows\Prefetch
2009-07-07 21:12:32 ----D---- C:\Windows\Minidump
2009-07-07 21:12:32 ----D---- C:\Windows
2009-07-07 20:58:15 ----D---- C:\Windows\System32
2009-07-07 20:58:15 ----D---- C:\Windows\inf
2009-07-07 20:58:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-07 20:47:36 ----D---- C:\Users\R^\AppData\Roaming\uTorrent
2009-07-07 20:34:58 ----RD---- C:\Program Files
2009-07-07 15:15:47 ----SHD---- C:\Windows\Installer
2009-07-07 15:15:47 ----HD---- C:\Config.Msi
2009-07-07 15:15:32 ----D---- C:\Program Files\Java
2009-07-07 15:15:30 ----SHD---- C:\System Volume Information
2009-07-07 00:47:15 ----D---- C:\Windows\Tasks
2009-07-07 00:47:15 ----D---- C:\Windows\system32\Tasks
2009-07-07 00:35:16 ----D---- C:\Windows\system32\drivers
2009-07-06 17:54:20 ----D---- C:\Windows\system32\en-US
2009-07-06 17:48:33 ----N---- C:\Windows\system.ini
2009-07-06 17:45:27 ----D---- C:\Windows\AppPatch
2009-07-06 17:45:26 ----D---- C:\Program Files\Common Files
2009-07-05 23:01:07 ----D---- C:\Program Files\BitComet
2009-07-05 14:54:02 ----D---- C:\Program Files\Mozilla Firefox
2009-07-04 19:55:59 ----D---- C:\Users\R^\AppData\Roaming\Image Zone Express
2009-07-04 19:02:10 ----D---- C:\Program Files\FlashGet
2009-07-04 10:51:38 ----A---- C:\Windows\NeroDigital.ini
2009-07-04 10:44:37 ----HD---- C:\ProgramData
2009-07-02 07:51:39 ----D---- C:\Users\R^\AppData\Roaming\Mozilla
2009-06-30 14:37:52 ----D---- C:\Users\R^\AppData\Roaming\DAEMON Tools
2009-06-29 13:19:19 ----D---- C:\Windows\system32\WDI
2009-06-25 22:30:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 22:30:16 ----D---- C:\Program Files\GIGABYTE
2009-06-25 11:51:06 ----RD---- C:\Users
2009-06-25 11:50:41 ----HD---- C:\Windows\system32\GroupPolicy
2009-06-24 15:41:17 ----SD---- C:\Windows\Downloaded Program Files
2009-06-24 15:33:15 ----D---- C:\Program Files\K-Lite Codec Pack
2009-06-21 03:43:22 ----D---- C:\Users\R^\AppData\Roaming\MxBoost
2009-06-14 16:13:13 ----RSD---- C:\Windows\assembly
2009-06-12 18:25:55 ----D---- C:\ProgramData\Creative
2009-06-12 18:15:51 ----D---- C:\Program Files\Creative
2009-06-12 18:00:45 ----A---- C:\Windows\system32\wrap_oal.dll
2009-06-12 18:00:45 ----A---- C:\Windows\system32\OpenAL32.dll
2009-06-12 18:00:28 ----D---- C:\Windows\system32\Data

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-10-08 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-10-08 526232]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-10-08 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-10-08 158744]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-10-08 95768]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-12-13 36608]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2008-10-08 1177624]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-06-01 33840]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-04-30 9850016]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-10-08 130072]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 rt61x86;RT61 Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-06 140800]
R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 catchme;catchme; \??\C:\Users\R^\AppData\Local\Temp\catchme.sys []
S3 cpuz129;cpuz129; \??\C:\Users\R^\AppData\Local\Temp\cpuz_x32.sys []
S3 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL []
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-10-08 347080]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL []
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL []
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2009-06-25 17488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-06-25 17488]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2008-11-09 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2008-11-09 21672]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-01-06 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2008-12-18 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2008-12-18 79248]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-21 7680]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-21 28160]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R4 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-12-29 307200]
R4 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2008-12-13 233472]
R4 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-01 94256]
R4 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-06-01 331312]
R4 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-01 211488]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apache2.2;Apache2.2; c:\xampp\apache\bin\httpd.exe [2008-12-10 24636]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-12 79360]
S4 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-04-04 1123608]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-23 138168]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-06-01 34352]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S4 mysql;mysql; c:\xampp\mysql\bin\mysqld.exe [2009-03-16 6562432]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-07 66872]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]

-----------------EOF-----------------

BLACKLIGHT

Please download F-Secure Blacklight (fsbl.exe) from here (ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe)
Save into C:\ with a name of fsbl.exe
Open an Elevated Command Prompt
Open the Start Menu.
In the white line (Start Search) area, type cmd
Press CTRL+SHIFT+ENTER.
Click on Continue in the UAC prompt

Type the follwing line onto the command prompt

C:\fsbl.exe /expert
Hit Enter
This will launch BlackLight
Select I accept the agreement
Click Next
Click Scan
Wait for the scan to finish
Click on Next>
Click Exit
A logfile will have been created in the C:\ drive
It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
Use notepad to open that log
Post the contents of that log as a reply to this topic, along with a new HijackThis log


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Blacklight Log
Contents of C:\RSIT\Info.txt

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.