View Full Version : Lost C drive, log off, run, search, left click start, etc
DannyDKing
2009-09-09, 01:59
I think I have a virus. My C drive does not show up under my computer. Also lost Run and Search under START. Lost Log Off under Task Manager. And Right Click on Start does not work, along with a bunch of other things. Here is my HIJACK log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:02 PM, on 09/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\FreePOPs\freepopsd.exe
C:\Documents and Settings\Administrator.ADMIN\Start Menu\Programs\Startup\harddrivemonitor.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
E:\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
O4 - HKLM\..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe
O4 - HKLM\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RRT-Auto] E:\Drive_C\[NTFS]\[002A3B]\RRT.exe auto
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [Google Update] "C:\Documents and Settings\DannyKing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash (User 'DannyKing')
O4 - HKUS\S-1-5-21-1757981266-57989841-1417001333-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'DannyKing')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-1757981266-57989841-1417001333-1003 Startup: Tibia Client.exe (User 'DannyKing')
O4 - S-1-5-21-1757981266-57989841-1417001333-1003 User Startup: Tibia Client.exe (User 'DannyKing')
O4 - S-1-5-18 Startup: freepopsd.exe.lnk = C:\Program Files\FreePOPs\freepopsd.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: harddrivemonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: freepopsd.exe.lnk = C:\Program Files\FreePOPs\freepopsd.exe (User 'Default user')
O4 - .DEFAULT Startup: harddrivemonitor.exe (User 'Default user')
O4 - Startup: freepopsd.exe.lnk = C:\Program Files\FreePOPs\freepopsd.exe
O4 - Startup: harddrivemonitor.exe
O4 - Global Startup: 11bg PCI&Cardbus Wireless LAN Utility.lnk = C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://mall.ctcolonies.com
O15 - Trusted Zone: http://www.cybertown.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL acaptuser32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 23217 bytes
Thank you
Danny
Hi Danny,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
DannyDKing
2009-09-14, 03:10
Here is my DDS.TXT file that you requested. Also I have attached my ATTACHED.ZIP file:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 12:24:14.76 on 09/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1217 [GMT -4:00]
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FreePOPs\freepopsd.exe
C:\Documents and Settings\Administrator.ADMIN\Start Menu\Programs\Startup\harddrivemonitor.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Need3Space\Need3Space.exe
C:\Program Files\WinSysClean 2009\WinSysClean.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Administrator.ADMIN\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = www.cybertown.com
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: BHO Class: {8b3868b4-eba8-48fa-a19b-e1dfb99066fa} - c:\program files\flashcapture\fcbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [RoboForm] c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Gadwin PrintScreen Pro] "c:\program files\gadwin systems\printscreenpro\PrintScreenPro.exe" /nosplash
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [SpybotSD TeaTimer] e:\spybot - search & destroy\TeaTimer.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [DIMDownloading your update...1235587639613] "c:\program files\corel\corel paint shop pro photo x2\dim.exe" "c:\documents and settings\all users\application data\corel\downloads\540225279_410012\1235587639613\dim_params.xml" -Launch=3
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [lxdnmon.exe] c:\program files\lexmark 2600 series\lxdnmon.exe
mRun: [lxdnamon] c:\program files\lexmark 2600 series\lxdnamon.exe
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [BDAgent] c:\program files\bitdefender\bitdefender 2009\bdagent.exe
mRun: [BitDefender Antiphishing Helper] c:\program files\bitdefender\bitdefender 2009\IEShow.exe
mRun: [GrooveMonitor] c:\program files\microsoft office\office12\GrooveMonitor.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RemoteControl9] c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe
mRun: [PDVD9LanguageShortcut] c:\program files\cyberlink\powerdvd9\language\Language.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [AceGain LiveUpdate] c:\program files\acegain\liveupdate\LiveUpdate.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SystemTray] SysTray.Exe
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\admini~1.adm\startm~1\programs\startup\freepo~1.lnk - c:\program files\freepops\freepopsd.exe
StartupFolder: c:\documents and settings\administrator.admin\start menu\programs\startup\harddrivemonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\11bgpc~1.lnk - c:\program files\oem\11bg pci&cardbus wireless lan utility\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: StartMenuLogOff = 7 (0x7)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\spybot~1\SDHelper.dll
Trusted Zone: ctcolonies.com\mall
Trusted Zone: cybertown.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-7-13 902592]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-7-10 13696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/15 17:58:24];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-7-10 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-12 55152]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-6-5 98984]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-3-9 38304]
R3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-9-10 24416]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2009-8-8 899884]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-9-9 32290]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-12 138680]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-12 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-12 352920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-14 30192]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-3-3 1122304]
============== File Associations ===============
inffile\shell\install\command=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
=============== Created Last 30 ================
2009-09-13 02:11 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\585Soft
2009-09-13 02:11 <DIR> --d----- c:\program files\Need3Space
2009-09-13 00:41 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\2K Sports
2009-09-13 00:29 <DIR> --d----- c:\program files\Enigma Software Group
2009-09-13 00:01 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D69E1662-EA1D-4B43-B558-40BFCC33E1FE}
2009-09-13 00:01 <DIR> --d----- c:\program files\WinSysClean 2009
2009-09-12 13:57 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-09-12 13:57 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-09-12 13:57 <DIR> --d----- c:\program files\Cheat Engine
2009-09-12 13:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Tacsoftware
2009-09-12 13:21 686,080 a------- c:\windows\is-DK4P4.exe
2009-09-12 13:21 10,498 a------- c:\windows\is-DK4P4.msg
2009-09-12 13:21 1,512 a------- c:\windows\is-DK4P4.lst
2009-09-12 09:44 28,944 a------- c:\windows\system32\psa210.tmp
2009-09-11 23:45 <DIR> --d----- c:\program files\Cheatbook 09.2009
2009-09-11 19:27 62 a------- c:\windows\system32\Partizan.RRI
2009-09-11 19:27 <DIR> --d----- c:\windows\RestoreSafeDeleted
2009-09-11 18:17 3,140 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-09-11 18:17 8 ---shr-- c:\docume~1\alluse~1\applic~1\79AE70B681.sys
2009-09-11 18:14 <DIR> --d----- c:\program files\common files\Protexis
2009-09-11 18:14 <DIR> --d----- c:\program files\common files\Corel
2009-09-11 18:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2009-09-11 18:10 <DIR> --d----- c:\program files\Corel
2009-09-11 00:37 630,784 a------- c:\windows\IS-BLRV5.del
2009-09-11 00:37 1,351 a------- c:\windows\is-BLRV5.lst
2009-09-11 00:36 <DIR> --d----- c:\program files\Multiple Choice Quiz Maker2
2009-09-11 00:30 <DIR> --d----- c:\program files\Multiple Choice Quiz Maker
2009-09-10 20:03 <DIR> --d----- c:\program files\Clone Shareware
2009-09-10 07:24 24,416 a------- c:\windows\system32\drivers\regguard.sys
2009-09-09 20:33 624,640 a------- c:\windows\Chicken Screensaver.scr
2009-09-09 20:33 495,104 a------- c:\windows\Chicken Screensaver FP7.exe
2009-09-09 20:33 161,078 a------- c:\windows\Chicken Screensaver.bmp
2009-09-09 20:33 40,352 a------- c:\windows\Chicken Screensaver.swf
2009-09-09 20:33 23,558 a------- c:\windows\Chicken Screensaver.ico
2009-09-09 20:33 639 a------- c:\windows\Chicken Screensaver FP7.swf
2009-09-09 20:33 582 a------- c:\windows\Chicken Screensaver FP7.c1
2009-09-09 20:33 551 a------- c:\windows\Chicken Screensaver.c1
2009-09-09 20:33 0 a------- c:\windows\Chicken Screensaver.ini
2009-09-09 20:33 <DIR> --d----- c:\windows\Chicken Screensaver Uninstaller
2009-09-09 19:09 32,290 a------- c:\windows\system32\drivers\Partizan.sys
2009-09-09 19:09 25,600 a------- c:\windows\system32\Partizan.exe
2009-09-09 19:09 2 a--shrot c:\windows\winstart.bat
2009-09-09 19:09 12,728 a------- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-09-09 19:08 <DIR> --d----- c:\program files\UnHackMe
2009-09-08 23:19 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-08 18:49 <DIR> --d----- c:\program files\Trend Micro
2009-09-08 17:48 266,360 a------- c:\windows\system32\TweakUI.exe
2009-09-08 17:48 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-09-08 17:43 <DIR> --d----- c:\program files\ESET
2009-09-08 17:12 <DIR> --d----- c:\windows\system32\NtmsData
2009-09-08 01:06 16,244 a------- c:\windows\system32\rrt_is.wav
2009-09-08 01:06 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-09-08 01:06 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-09-08 01:06 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-09-07 22:10 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\Office Genuine Advantage
2009-09-07 20:48 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-09-07 20:48 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-09-07 20:48 136,704 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-07 20:48 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-09-07 20:43 53,760 a------- c:\windows\system32\zlib.dll
2009-09-07 20:43 1,531,904 a------- c:\windows\Spazz3D.scr
2009-09-07 20:43 1,190 a------- c:\windows\Spazz3D.ini
2009-09-07 20:38 <DIR> --d----- c:\documents and settings\administrator.admin\WINDOWS
2009-09-07 10:35 <DIR> --d----- c:\program files\WizFlow
2009-09-07 10:33 <DIR> --d----- c:\program files\EDraw1.6.4
2009-09-03 23:37 111,992 a------- c:\windows\system32\acaptuser32.dll
2009-09-03 19:46 <DIR> --d----- c:\program files\Western Digital
2009-09-02 22:26 442,368 a------- c:\windows\system32\GDS32.DLL
2009-09-02 22:26 458,752 a------- c:\windows\system32\Firebird2Control.cpl
2009-09-02 22:26 548,864 a------- c:\windows\system32\msvcp80.dll
2009-09-02 22:26 626,688 a------- c:\windows\system32\msvcr80.dll
2009-09-02 22:26 <DIR> --d----- c:\program files\Firebird
2009-09-02 00:27 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\eSobi
2009-09-02 00:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eSobi
2009-09-02 00:23 <DIR> --d----- c:\program files\eSobi
2009-08-30 21:26 <DIR> --d----- c:\program files\Microsoft Games
2009-08-30 20:07 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
2009-08-29 14:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-08-29 13:57 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-08-29 12:14 <DIR> --d----- c:\documents and settings\administrator.admin\storage
2009-08-29 11:37 1,100 a------- c:\windows\eReg.dat
2009-08-29 11:36 <DIR> --d----- c:\program files\AceGain
2009-08-29 11:34 <DIR> --d----- c:\program files\BFVCC Server Manager
2009-08-29 10:59 <DIR> --d----- c:\program files\GameSpy Arcade
2009-08-28 17:34 <DIR> --d----- c:\program files\Download Manager
2009-08-23 22:07 <DIR> --d----- c:\program files\Chisel
2009-08-23 22:06 <DIR> --d-h--- c:\program files\Zero G Registry
2009-08-23 15:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-08-23 13:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Uninstall
2009-08-23 13:33 <DIR> --d----- c:\program files\Roxio
2009-08-23 13:29 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-08-23 13:27 <DIR> --d----- c:\program files\Roxio Creator 2009
2009-08-23 13:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2009-08-23 13:26 <DIR> --d----- c:\program files\SmartSound Software
2009-08-22 18:29 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\ThumbsPlus
2009-08-22 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ThumbsPlus
2009-08-22 18:29 <DIR> --d----- c:\program files\Thumbs7
2009-08-22 18:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Printer's Apprentice
2009-08-22 18:11 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\Printer's Apprentice
2009-08-22 18:09 <DIR> --d----- c:\program files\Lose Your Mind Development
2009-08-22 11:16 160,086 a------- c:\windows\FontDoctor for Windows Uninstaller.exe
2009-08-22 11:16 <DIR> --d----- c:\program files\FontDoctor for Windows
2009-08-22 11:14 <DIR> --d----- c:\windows\Font Manager Pro
2009-08-21 23:25 815 a------- C:\rtsr_eml_sr.dat
2009-08-21 23:25 141 a------- C:\dwl.dat
2009-08-21 23:25 132 a------- C:\httpdwl.dat
2009-08-21 22:59 16 a------- C:\asdict.dat
2009-08-20 19:08 <DIR> --d----- c:\program files\High-Logic
2009-08-20 19:08 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\FontCreator
2009-08-20 08:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-19 23:55 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-08-19 23:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-08-19 21:06 <DIR> --d----- c:\program files\WebTV Viewer
2009-08-17 03:04 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 03:04 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-08-17 03:04 81,920 a------- c:\windows\system32\nvwddi.dll
2009-08-17 03:03 2,744,320 a------- c:\windows\system32\nvwss.dll
2009-08-17 03:03 3,796,992 a------- c:\windows\system32\nvvitvs.dll
2009-08-17 03:03 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-08-17 03:03 188,416 a------- c:\windows\system32\nvmccss.dll
2009-08-17 03:03 3,489,792 a------- c:\windows\system32\nvgames.dll
2009-08-17 03:03 4,710,400 a------- c:\windows\system32\nvdisps.dll
2009-08-17 03:03 237,517 a------- c:\windows\system32\NvApps.xml
2009-08-17 03:03 163,908 a------- c:\windows\system32\nvsvc32.exe
2009-08-17 03:03 143,360 a------- c:\windows\system32\nvcolor.exe
2009-08-17 03:03 86,016 a------- c:\windows\system32\nvmctray.dll
2009-08-17 03:03 66,834 a------- c:\windows\system32\NvwsApps.xml
2009-08-17 03:03 13,680,640 -------- c:\windows\system32\nvcpl.dll
2009-08-17 03:02 229,376 a------- c:\windows\system32\nvmccs.dll
2009-08-17 00:57 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-08-16 11:31 <DIR> --d----- c:\program files\KoolMoves
2009-08-15 19:55 <DIR> --d----- C:\YouTubeGet
2009-08-15 16:13 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-15 12:29 <DIR> --d----- c:\program files\Alaris
2009-08-15 12:01 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\Jasc
==================== Find3M ====================
2009-09-10 20:24 81,984 a------- c:\windows\system32\bdod.bin
2009-08-29 11:36 729,088 a------- c:\windows\iun6002.exe
2009-08-21 07:48 104,456 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-12 03:16 8,224 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-11 12:35 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-08-09 01:37 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-09 01:08 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-09 01:08 22,328 a------- c:\docume~1\admini~1.adm\applic~1\PnkBstrK.sys
2009-08-09 01:08 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-08-09 01:07 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-08-08 17:39 66,872 -------- c:\windows\system32\PnkBstrA.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-08-01 13:29 505,128 a------- c:\windows\system32\msvcp71.dll
2009-08-01 13:29 353,576 a------- c:\windows\system32\msvcr71.dll
2009-08-01 13:29 29,480 a------- c:\windows\system32\msxml3a.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 23:01 796,672 a------- c:\windows\GPInstall.exe
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 12:26 166,403 a------- c:\windows\Video Perspective Uninstaller.exe
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-12 17:45 35,322,368 a------- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-07-12 17:45 921,600 a------- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-07-12 17:44 17,114,624 a------- c:\windows\system32\Crystal Fireplace 3D Screensaver.exe
2009-07-12 17:44 850,432 a------- c:\windows\system32\Crystal_Fireplace_3D_Screensaver.scr
2009-07-12 17:14 10,750,464 a------- c:\windows\system32\Lagoon 3D Screensaver.exe
2009-07-12 17:14 833,024 a------- c:\windows\system32\Lagoon_3D_Screensaver.scr
2009-07-12 17:13 10,210,816 a------- c:\windows\system32\Koi Fish 3D Screensaver.exe
2009-07-12 17:13 844,288 a------- c:\windows\system32\Koi_Fish_3D_Screensaver.scr
2009-07-10 20:33 315,392 a------- c:\windows\HideWin.exe
2009-07-10 20:19 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-10 19:39 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 03:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-26 15:11 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-26 15:11 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:41 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:41 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:41 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:41 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:41 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:41 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:41 136,704 a------- c:\windows\system32\msv1_0.dll
2009-06-22 17:44 18,192 a------- c:\windows\system32\psapi.dll
2009-06-22 02:44 726,528 -------- c:\windows\system32\dllcache\jscript.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
============= FINISH: 12:26:59.57 ===============
The GMER.TXT file was too big to show here. I had to zip it and attach it.
Thank you for all your help..
Danny
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
DannyDKing
2009-09-15, 02:53
Here is my ComboFix log file:
ComboFix 09-09-14.02 - Administrator 09/14/2009 19:37.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2270 [GMT -4:00]
Running from: c:\documents and settings\Administrator.ADMIN\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator.ADMIN\Application Data\Microsoft\Installer\{6ECDE046-DB0D-4501-8FD7-1A32DBF29A07}\_FA4D3592_2C65_418B_BAF9_C2B2F4C093F4
c:\documents and settings\Administrator.ADMIN\Application Data\Microsoft\Installer\{6ECDE046-DB0D-4501-8FD7-1A32DBF29A07}\ARPPRODUCTICON.exe
c:\documents and settings\Administrator.ADMIN\Application Data\Microsoft\Installer\{6ECDE046-DB0D-4501-8FD7-1A32DBF29A07}\NewShortcut1_B9770421CF214742953179F77F1C3F06.exe
c:\documents and settings\Administrator.ADMIN\Application Data\Microsoft\Installer\{6ECDE046-DB0D-4501-8FD7-1A32DBF29A07}\NewShortcut2_B9770421CF214742953179F77F1C3F06.exe
c:\documents and settings\Administrator.ADMIN\Application Data\Microsoft\Installer\{78DF11BB-15C5-48A6-A5C2-54F47029E6DF}\_B27CC822BEAA_4283_996A_DAD08652469B.exe
c:\documents and settings\Administrator.ADMIN\Application Data\Microsoft\Installer\{B9770421-CF21-4742-9531-79F77F1C3F06}\_C6984205_4A5F_448E_B1A6_5960A93103A7
c:\documents and settings\Administrator.ADMIN\My Documents\BackupRegistry(20090621).reg
c:\documents and settings\DannyKing\My Documents\BackupRegistry(20090621).reg
c:\progra~1\BITDEF~1\BITDEF~1\ntSVc.ocx
c:\windows\Installer\30b2d6f.msi
c:\windows\Installer\341f23c.msi
c:\windows\system32\lsprst7.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\win.ini
.
((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.
2009-09-14 22:40 . 2009-09-14 22:40 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-14 22:40 . 2009-09-14 22:40 -------- d-----w- c:\windows\system32\xircom
2009-09-14 22:40 . 2009-09-14 22:40 -------- d-----w- c:\program files\microsoft frontpage
2009-09-14 21:21 . 2009-09-14 21:21 -------- d-----w- C:\RootkitNO
2009-09-14 04:19 . 2009-09-14 04:19 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\id Software
2009-09-13 18:47 . 2009-09-13 21:47 -------- d-----w- c:\windows\system32\LogFiles
2009-09-13 06:11 . 2009-09-13 06:11 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\585Soft
2009-09-13 06:11 . 2009-09-13 20:46 -------- d-----w- c:\program files\Need3Space
2009-09-13 04:41 . 2009-09-13 04:41 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\2K Sports
2009-09-13 04:29 . 2009-09-13 04:29 -------- d-----w- c:\program files\Enigma Software Group
2009-09-13 04:01 . 2009-09-13 04:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D69E1662-EA1D-4B43-B558-40BFCC33E1FE}
2009-09-13 04:01 . 2009-09-13 04:02 -------- d-----w- c:\program files\WinSysClean 2009
2009-09-12 17:57 . 2007-12-26 21:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-09-12 17:57 . 2007-12-26 21:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-09-12 17:57 . 2009-09-13 01:56 -------- d-----w- c:\program files\Cheat Engine
2009-09-11 04:30 . 2009-09-12 17:22 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\TAC-Software
2009-09-11 04:30 . 2002-08-21 20:26 102469 ----a-w- c:\windows\system32\VBPrnDlg.dll
2009-09-11 04:30 . 2000-03-18 00:41 53248 ----a-w- c:\windows\system32\vbalIcoM6.dll
2009-09-11 04:30 . 2002-03-05 16:14 20480 ----a-w- c:\windows\system32\LicObj.dll
2009-09-11 04:30 . 2000-06-23 17:16 77824 ----a-w- c:\windows\system32\SkyLt3Lt.dll
2009-09-11 04:30 . 2009-09-11 04:30 -------- d-----w- c:\program files\Multiple Choice Quiz Maker
2009-09-11 00:03 . 2009-09-11 00:03 -------- d-----w- c:\program files\Clone Shareware
2009-09-10 11:24 . 2009-09-11 23:26 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-09-10 00:33 . 2009-09-10 00:34 624640 ----a-w- c:\windows\Chicken Screensaver.scr
2009-09-10 00:33 . 2009-09-10 00:33 -------- d-----w- c:\windows\Chicken Screensaver Uninstaller
2009-09-10 00:33 . 2006-12-08 20:53 495104 ----a-w- c:\windows\Chicken Screensaver FP7.exe
2009-09-09 23:09 . 2009-09-11 23:29 25600 ----a-w- c:\windows\system32\Partizan.exe
2009-09-09 23:09 . 2009-09-09 23:09 32290 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-09-09 23:09 . 2009-09-09 23:09 2 --shatr- c:\windows\winstart.bat
2009-09-09 23:09 . 2009-07-27 23:51 12728 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-09-09 23:08 . 2009-09-11 23:29 -------- d-----w- c:\program files\UnHackMe
2009-09-09 07:25 . 2009-09-09 08:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-09-09 03:19 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 22:49 . 2009-09-08 22:49 -------- d-----w- c:\program files\Trend Micro
2009-09-08 21:48 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-09-08 21:43 . 2009-09-08 21:43 -------- d-----w- c:\program files\ESET
2009-09-08 21:12 . 2009-09-08 21:27 -------- d-----w- c:\windows\system32\NtmsData
2009-09-08 02:10 . 2009-09-08 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-08 02:10 . 2009-09-08 02:10 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Office Genuine Advantage
2009-09-08 00:48 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-09-08 00:48 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-09-08 00:48 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-09-08 00:48 . 2009-06-25 08:41 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-08 00:43 . 1998-07-12 05:13 53760 ----a-w- c:\windows\system32\zlib.dll
2009-09-08 00:43 . 2000-11-02 20:31 1531904 ----a-w- c:\windows\Spazz3D.scr
2009-09-08 00:38 . 2009-09-08 00:38 -------- d-----w- c:\documents and settings\Administrator.ADMIN\WINDOWS
2009-09-07 14:35 . 2009-09-07 14:35 -------- d-----w- c:\program files\WizFlow
2009-09-07 14:33 . 2009-09-07 14:33 -------- d-----w- c:\program files\EDraw1.6.4
2009-09-07 03:10 . 2009-09-07 03:10 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Talkback
2009-09-07 03:10 . 2009-09-07 03:10 0 ----a-w- c:\windows\nsreg.dat
2009-09-07 03:10 . 2009-09-07 03:10 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\Thunderbird
2009-09-07 03:10 . 2009-09-07 03:10 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Thunderbird
2009-09-04 03:37 . 2009-02-27 16:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll
2009-09-03 23:46 . 2009-09-03 23:46 -------- d-----w- c:\program files\Western Digital
2009-09-03 02:26 . 2007-10-16 14:07 442368 ----a-w- c:\windows\system32\GDS32.DLL
2009-09-03 02:26 . 2005-09-23 04:05 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-09-03 02:26 . 2005-09-23 04:05 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-09-03 02:26 . 2009-09-03 02:26 -------- d-----w- c:\program files\Firebird
2009-09-02 04:27 . 2009-09-02 04:28 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\eSobi
2009-09-02 04:23 . 2009-09-02 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\eSobi
2009-09-02 04:23 . 2009-09-02 04:23 -------- d-----w- c:\program files\eSobi
2009-08-31 01:26 . 2009-08-31 01:26 -------- d-----w- c:\program files\Microsoft Games
2009-08-31 00:07 . 2009-08-31 00:07 -------- d-----w- c:\program files\DIFX
2009-08-31 00:07 . 2006-07-02 02:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-08-29 21:06 . 2009-08-29 21:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2009-08-29 21:06 . 2009-08-29 21:11 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\NVIDIA Corporation
2009-08-29 18:04 . 2009-08-29 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-29 17:57 . 2009-08-30 16:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-29 16:14 . 2009-08-29 16:14 -------- d-----w- c:\documents and settings\Administrator.ADMIN\storage
2009-08-29 15:37 . 2009-08-29 23:30 1100 ----a-w- c:\windows\eReg.dat
2009-08-29 15:36 . 2009-08-29 15:36 -------- d-----w- c:\program files\AceGain
2009-08-29 15:34 . 2009-08-29 15:34 -------- d-----w- c:\program files\BFVCC Server Manager
2009-08-29 14:59 . 2009-08-30 02:02 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-28 21:34 . 2009-08-28 21:34 -------- d-----w- c:\program files\Download Manager
2009-08-28 21:25 . 2009-08-29 07:08 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\IGN_DLM
2009-08-24 02:07 . 2009-09-08 00:37 -------- d-----w- c:\program files\Chisel
2009-08-24 02:06 . 2009-08-24 02:07 -------- d--h--w- c:\program files\Zero G Registry
2009-08-23 19:14 . 2009-08-23 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-23 18:48 . 2009-08-23 18:48 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\RoxioCentralFx
2009-08-23 18:39 . 2009-08-23 18:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-23 18:39 . 2009-08-23 19:14 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Roxio
2009-08-23 17:35 . 2009-08-23 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-08-23 17:32 . 2009-08-23 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-23 17:30 . 2009-08-23 17:30 -------- d-----w- c:\program files\Windows Sidebar
2009-08-23 17:29 . 2009-08-23 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-23 17:29 . 2009-08-23 17:33 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-23 17:27 . 2009-09-14 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-23 17:27 . 2009-08-23 17:31 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-23 17:27 . 2009-09-14 21:07 -------- d-----w- c:\program files\Roxio Creator 2009
2009-08-23 17:26 . 2009-08-23 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-08-23 17:26 . 2009-08-23 17:26 -------- d-----w- c:\program files\SmartSound Software
2009-08-22 22:29 . 2009-08-23 09:05 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\ThumbsPlus
2009-08-22 22:29 . 2009-08-25 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbsPlus
2009-08-22 22:29 . 2009-08-22 22:36 -------- d-----w- c:\program files\Thumbs7
2009-08-22 22:11 . 2009-08-22 22:11 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Printer's Apprentice
2009-08-22 22:11 . 2009-08-22 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Printer's Apprentice
2009-08-22 22:09 . 2009-08-22 22:09 -------- d-----w- c:\program files\Lose Your Mind Development
2009-08-22 15:16 . 2009-08-22 15:16 160086 ----a-w- c:\windows\FontDoctor for Windows Uninstaller.exe
2009-08-22 15:16 . 2009-08-22 22:01 -------- d-----w- c:\program files\FontDoctor for Windows
2009-08-22 15:15 . 2009-08-22 15:56 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\CheapShareware
2009-08-22 15:14 . 2009-08-22 15:14 -------- d-----w- c:\windows\Font Manager Pro
2009-08-22 03:25 . 2009-08-22 16:10 815 ----a-w- C:\rtsr_eml_sr.dat
2009-08-22 03:25 . 2009-08-22 16:10 141 ----a-w- C:\dwl.dat
2009-08-22 03:25 . 2009-08-22 16:10 132 ----a-w- C:\httpdwl.dat
2009-08-22 02:59 . 2009-08-22 02:59 16 ----a-w- C:\asdict.dat
2009-08-20 23:08 . 2009-08-20 23:08 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\FontCreator
2009-08-20 23:08 . 2009-08-20 23:08 -------- d-----w- c:\program files\High-Logic
2009-08-20 22:13 . 2009-08-20 22:13 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\Blizzard Entertainment
2009-08-20 12:49 . 2009-08-20 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-20 03:55 . 2009-08-20 04:23 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-20 03:55 . 2009-08-20 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-08-20 01:06 . 2009-08-20 01:07 -------- d-----w- c:\program files\WebTV Viewer
2009-08-17 07:04 . 2009-08-17 07:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 07:04 . 2008-12-25 16:08 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-17 07:03 . 2008-12-25 16:08 2744320 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 07:03 . 2008-12-25 16:08 3796992 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 07:03 . 2008-12-25 16:08 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 07:03 . 2008-12-25 16:08 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 07:03 . 2008-12-25 16:08 3489792 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 07:03 . 2008-12-25 16:08 4710400 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 07:03 . 2009-08-17 07:03 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-17 07:03 . 2008-12-25 16:08 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 07:03 . 2008-12-25 16:08 163908 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-17 07:03 . 2008-12-25 16:08 13680640 ------w- c:\windows\system32\nvcpl.dll
2009-08-17 07:02 . 2008-12-25 16:08 229376 ----a-w- c:\windows\system32\nvmccs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 22:00 . 2009-07-13 00:30 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-14 04:15 . 2009-07-11 00:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-13 22:09 . 2009-07-11 00:28 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-12 17:21 . 2009-09-12 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Tacsoftware
2009-09-12 17:21 . 2009-09-12 17:21 686080 ----a-w- c:\windows\is-DK4P4.exe
2009-09-12 17:21 . 2009-09-11 04:36 -------- d-----w- c:\program files\Multiple Choice Quiz Maker2
2009-09-12 13:44 . 2009-09-12 13:44 -------- d-----w- c:\program files\Alwil Software
2009-09-12 03:46 . 2009-09-12 03:45 -------- d-----w- c:\program files\Cheatbook 09.2009
2009-09-12 01:03 . 2009-09-11 22:17 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-09-11 22:28 . 2009-07-12 02:28 -------- d-----w- c:\program files\CtrlView 3.30
2009-09-11 22:17 . 2009-09-11 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-09-11 22:17 . 2009-09-11 22:17 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Corel
2009-09-11 22:17 . 2009-09-11 22:17 8 --sh--r- c:\documents and settings\All Users\Application Data\79AE70B681.sys
2009-09-11 22:14 . 2009-09-11 22:14 -------- d-----w- c:\program files\Common Files\Corel
2009-09-11 22:14 . 2009-09-11 22:14 -------- d-----w- c:\program files\Common Files\Protexis
2009-09-11 22:14 . 2009-09-11 22:10 -------- d-----w- c:\program files\Corel
2009-09-11 22:10 . 2009-09-11 22:10 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\InstallShield
2009-09-09 07:17 . 2009-07-10 23:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 07:02 . 2009-07-12 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 23:44 . 2009-07-18 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-08 22:30 . 2009-07-12 02:32 -------- d-----w- c:\program files\MSConfig CleanUp
2009-09-08 21:13 . 2009-07-12 02:43 -------- d-----w- c:\program files\Winamp Remote
2009-09-08 01:12 . 2009-07-15 11:29 458448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-07 22:03 . 2009-07-25 05:43 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Hoyle
2009-09-06 20:01 . 2009-07-12 02:29 -------- d-----w- c:\program files\JDownloader
2009-08-29 18:05 . 2009-08-05 22:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-29 15:36 . 2009-07-19 16:13 729088 ----a-w- c:\windows\iun6002.exe
2009-08-27 23:52 . 2009-07-14 23:38 -------- d-----w- c:\program files\Google
2009-08-25 11:13 . 2009-07-15 11:34 105536 ----a-w- c:\documents and settings\Administrator.ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 17:29 . 2009-07-11 00:28 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-23 01:40 . 2009-07-18 04:01 -------- d-----w- c:\program files\blaxxun Contact
2009-08-21 11:48 . 2009-02-12 20:52 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-08-21 04:03 . 2009-07-16 01:22 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\blaxxun interactive
2009-08-20 20:52 . 2009-07-18 16:31 -------- d-----w- c:\program files\Safari
2009-08-17 21:11 . 2009-07-11 01:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-17 04:57 . 2009-07-11 00:28 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 14:01 . 2009-08-05 02:21 -------- d-----w- c:\program files\Matroska Pack
2009-08-16 08:37 . 2009-07-12 02:28 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-08-15 20:13 . 2009-08-15 20:13 -------- d-----w- c:\program files\MSXML 6.0
2009-08-15 16:29 . 2009-08-15 16:29 -------- d-----w- c:\program files\Alaris
2009-08-15 16:24 . 2009-08-15 16:24 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Media Player Classic
2009-08-15 16:01 . 2009-08-15 16:01 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Jasc
2009-08-14 04:51 . 2009-08-14 04:51 -------- d-----w- c:\program files\Intel
2009-08-13 23:46 . 2009-07-12 01:38 -------- d-----w- c:\program files\Jasc Software Inc
2009-08-13 20:50 . 2009-07-19 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2009-08-12 07:16 . 2009-07-18 17:55 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-12 02:38 . 2009-07-11 01:07 -------- d-----w- c:\program files\Zortam Mp3 Media Studio
2009-08-11 16:35 . 2009-07-11 00:27 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-11 03:36 . 2009-08-11 03:19 -------- d-----w- c:\program files\Barcode Maker 5
2009-08-10 02:31 . 2009-08-10 02:31 -------- d-----w- c:\program files\Common Files\EasyInfo
2009-08-10 01:32 . 2009-08-10 01:31 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\DAEMON Tools Lite
2009-08-09 05:37 . 2009-07-25 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-09 05:37 . 2009-08-09 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-08-09 05:08 . 2009-08-08 21:39 22328 ----a-w- c:\documents and settings\Administrator.ADMIN\Application Data\PnkBstrK.sys
2009-08-09 00:33 . 2009-08-09 00:33 -------- d-----w- c:\program files\IBM PC Camera
2009-08-09 00:14 . 2009-08-08 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-08 04:55 . 2009-08-08 04:55 -------- d-----w- c:\program files\DivX
2009-08-08 04:55 . 2009-08-08 04:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-08 04:39 . 2009-08-08 04:38 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\SecondLife
2009-08-08 04:38 . 2009-08-08 04:37 -------- d-----w- c:\program files\SecondLife
2009-08-08 02:01 . 2009-07-14 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-08 01:55 . 2009-07-12 00:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-07 03:32 . 2009-08-07 03:32 -------- d-----w- c:\program files\Media Machines
2009-08-07 00:06 . 2009-08-07 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-06 02:14 . 2009-08-06 02:14 -------- d-----w- c:\program files\gs
2009-08-05 23:57 . 2009-08-05 23:57 -------- d-----w- c:\program files\Ubisoft
2009-08-05 22:11 . 2009-07-12 02:23 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2009-07-11 01:04 -------- d-----w- c:\program files\Java
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-03 04:35 . 2009-07-10 23:38 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-03 03:19 . 2009-07-15 11:32 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Windows Desktop Search
2009-08-02 06:24 . 2009-08-02 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-01 17:44 . 2009-07-12 02:30 -------- d-----w- c:\program files\Lexmark Tools for Office
2009-08-01 17:44 . 2009-07-12 02:30 -------- d-----w- c:\program files\Lexmark Toolbar
2009-08-01 17:41 . 2009-07-12 02:28 -------- d-----w- c:\program files\CyberLink
2009-08-01 17:29 . 2009-07-13 03:42 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-08-01 17:29 . 2003-03-19 00:14 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-01 17:29 . 2003-02-21 08:42 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-01 00:47 . 2009-07-27 01:07 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\DMCache
2009-07-31 21:30 . 2009-07-12 02:32 -------- d-----w- c:\program files\MyDVDs
2009-07-31 11:15 . 2009-07-12 02:43 -------- d-----w- c:\program files\Yahoo!
2009-07-30 20:52 . 2009-07-12 02:42 -------- d-----w- c:\program files\SoftwareClub.ws
2009-07-27 22:26 . 2009-07-27 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-07-26 22:36 . 2009-07-12 02:28 -------- d-----w- c:\program files\Crazy Browser
2009-07-26 06:40 . 2009-07-26 06:40 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-07-26 04:48 . 2009-07-26 04:46 -------- d-----w- c:\program files\PIMOne
2009-07-26 01:14 . 2009-07-26 01:14 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Red Alert 3 Uprising
2009-07-25 22:47 . 2009-07-20 22:35 -------- d-----w- c:\program files\Add-Remove Master 6.0
2009-07-25 15:33 . 2009-07-25 15:33 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Command & Conquer 3 Tiberium Wars
2009-07-25 09:23 . 2009-07-11 01:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 05:43 . 2009-07-25 05:43 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Hoyle FaceCreator
2009-07-25 05:27 . 2009-07-25 05:27 -------- d-----w- c:\program files\Zip Password Recovery Magic
2009-07-25 04:30 . 2009-07-25 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Activision
2009-07-25 04:30 . 2009-07-25 04:30 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Activision
2009-07-25 02:37 . 2009-07-25 02:37 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\Avant Profiles
2009-07-20 22:38 . 2009-07-20 22:38 -------- d-----w- c:\program files\MKVTOAVI
2009-07-20 22:22 . 2009-07-20 22:22 -------- d-----w- c:\documents and settings\Administrator.ADMIN\Application Data\BinarySense
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-11 160592]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2009-04-23 488808]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
"Gadwin PrintScreen Pro"="c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-07-26 516096]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"SpybotSD TeaTimer"="e:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-07-27 236744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-08-21 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-31 30192]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"AceGain LiveUpdate"="c:\program files\AceGain\LiveUpdate\LiveUpdate.exe" [2004-01-01 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"Spyhunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
c:\documents and settings\Administrator.ADMIN\Start Menu\Programs\Startup\
freepopsd.exe.lnk - c:\program files\FreePOPs\freepopsd.exe [2008-12-27 49152]
harddrivemonitor.exe [2009-5-5 694784]
c:\documents and settings\All Users\My applications\
Tibia Client.exe [2009-7-10 96269]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
11bg PCI&Cardbus Wireless LAN Utility.lnk - c:\program files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe [2009-7-10 843776]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=e:\spybot - search & destroy\TeaTimer.exe
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\River Past\\Video Perspective\\VideoPerspective.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"d:\\Downloads\\EndWar\\Tom Clancy's EndWar+Rus\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"=
"c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\LayOut\\LayOut.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"e:\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"56925:TCP"= 56925:TCP:Pando P2P TCP Listening Port
"56925:UDP"= 56925:UDP:Pando P2P UDP Listening Port
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [07/13/2009 9:58 PM 902592]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [07/10/2009 8:27 PM 13696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/15 17:58];c:\program files\CyberLink\PowerDVD9\000.fcl [02/28/2009 7:40 PM 87536]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/06/2008 6:16 PM 82696]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [07/10/2009 8:09 PM 38144]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [07/12/2009 9:03 PM 55152]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [06/05/2009 10:26 PM 98984]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [09/18/2008 12:09 PM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [02/12/2009 4:52 PM 104456]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [03/09/2009 12:25 PM 38304]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [08/08/2009 8:33 PM 899884]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [09/09/2009 7:09 PM 32290]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [?]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [08/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [08/14/2008 12:24 AM 170480]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [03/30/2009 4:28 PM 1533808]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [08/15/2008 5:46 AM 284016]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [01/20/2009 7:16 PM 172032]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [02/06/2009 6:08 PM 533360]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/14/2009 7:38 PM 30192]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [09/10/2009 7:24 AM 24416]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [03/03/2009 10:58 PM 1122304]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-57989841-1417001333-1003Core.job
- c:\documents and settings\DannyKing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-14 01:16]
2009-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-57989841-1417001333-1003UA.job
- c:\documents and settings\DannyKing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-14 01:16]
2009-09-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 16:02]
2009-09-14 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 16:02]
2009-09-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 16:02]
2009-09-13 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-09-10 21:16]
2009-09-14 c:\windows\Tasks\User_Feed_Synchronization-{E4862628-EB5E-4800-89F5-C769D99856EC}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.cybertown.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\fciext.dll/FCIEXT.htm
Trusted Zone: ctcolonies.com\mall
Trusted Zone: cybertown.com\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
.
------- File Associations -------
.
inffile\shell\install\command=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.
- - - - ORPHANS REMOVED - - - -
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-WS_FTP Pro - c:\windows\ISUNINST.EXE -fc:\progra~1\WS_FTP~1\uninst.isu
AddRemove-Yahoo! Software Update - c:\progra~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
AddRemove-{18AE8ACB-0419-45F6-9CF6-155E128A4BCE}_is1 - c:\program files\Godlike Developers\WinTools.net
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 19:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1757981266-57989841-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,87,dc,d1,2c,09,9d,41,b6,a7,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,87,dc,d1,2c,09,9d,41,b6,a7,a5,\
[HKEY_USERS\S-1-5-21-1757981266-57989841-1417001333-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1757981266-57989841-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{662138C3-FBE3-92B5-926D-2856C1257020}*]
"bbbhbklpmlimbmdajmcpcddbhmhhchpogfkj"=hex:61,62,67,66,70,6d,63,6e,6d,6f,67,70,
65,64,65,69,70,70,6a,63,6e,61,67,6c,68,6b,63,67,64,6a,70,6f,64,69,00,61
"abbhbklpmlimbmdajmfpfdbjclhpiapgnp"=hex:65,62,62,68,63,69,6c,68,61,69,64,66,
67,6d,69,6a,6a,6d,62,67,65,70,67,61,66,6c,67,70,63,6d,61,65,68,6a,6d,61,69,\
[HKEY_USERS\S-1-5-21-1757981266-57989841-1417001333-500\Software\SecuROM\License information*]
"datasecu"=hex:a3,6a,6b,7e,74,cb,07,8d,dd,85,54,ac,34,d3,b9,64,d6,2b,79,30,ed,
4f,d1,1f,c7,cc,94,07,1e,1f,1f,ae,74,5e,a7,b8,1e,69,d6,46,67,1c,d1,d5,32,3e,\
"rkeysecu"=hex:4f,fe,a2,90,65,7c,21,6a,18,df,c6,50,23,c2,4f,5a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:69,6b,99,27,30,ff,5b,41,ad,fc,5d,fb,e3,bc,7d,e6,c3,33,cf,80,61,
4e,a0,16,11,cd,de,68,76,8a,21,2a,81,73,8c,15,f8,9a,dc,dd,ea,11,8e,22,c4,00,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1312)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
- - - - - - - > 'lsass.exe'(1368)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
- - - - - - - > 'explorer.exe'(7208)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\11.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\11.0\DLLShared\roxippEMC11.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
.
Completion time: 2009-09-14 19:46
ComboFix-quarantined-files.txt 2009-09-14 23:46
Pre-Run: 405,950,971,904 bytes free
Post-Run: 405,916,340,224 bytes free
547 --- E O F --- 2009-09-09 07:11
My DDS.TXT file is attached as it was too long to include here.
Thanks for your help again
Danny
Hi,
Do you still have issues described in your topic opener? Do you recall if something made them occur?
DannyDKing
2009-09-16, 00:01
Well I got my C: Drive back... run now works and I have my Search function back. Now I can't get the Folder view to stick and Windows Installer keeps wanting to configure Roxio Creator 2009 (I even went and uninstalled it now).
This pops up all the time now: "The feature you are trying to use is on a CD-ROM or other removable disk that is not available. Insert the 'Roxio Creator 2009' disk and click OK."
When I try to play music it pops up, when a website has a flash file, it pops up, when I right click on an ICON, it pops up.
When I right click on Start, it tries to burn audio disks.
I can't think of anything else at the moment.
Thank you so very much for your time and patience.
Danny
Hi,
Have you tried to reinstall Roxio to see if it fixes the problem?
DannyDKing
2009-09-16, 14:22
Ni, I really don't want Roxio back on here... unless I have to.
Danny
Hi,
The plan is to reinstall it to see if problem still exists. It's possible that old uninstallation process wasn't completely successful.
DannyDKing
2009-09-17, 02:40
OK I re-installed it.... same problem
Uninstalled it.. no more problem.
BUT my folder view is still messed up. But now it opens new windows for every folder. :( and it still doesn't hold the standard toolbar nor address bar in the view.
Danny
Hi,
But now it opens new windows for every folder
See this (http://windowsxp.mvps.org/samewindow.htm) for the issue.
Screenshot of the other issue might help me understand it better.
DannyDKing
2009-09-18, 00:50
I will try to describe what it is doing:
When I open a folder, I get picture 77.
I want whats in pic 82. So I do all the steps to get it.
Then when I close and re-open the folder, I get pic 77 again.
Hope that makes sense.
Danny
Hi,
Download the ZIP file below and extract the contents to your hard disk. Double click the XP_ToolbarFix.exe file you extracted. Choose which toolbars to repair and click the Repair button.
http://www.dougknox.com/xp/utils/XP_ToolbarFix.zip
DannyDKing
2009-09-18, 14:35
Didn't work.
Toolbars arent staying.
Anything else?
Danny
Hi,
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
SWREG QUERY "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer" /s >c:\logit.txt
SWREG QUERY "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer" /s >>c:\logit.txt
del %0
Double-click on fixes.bat file to execute it. Attach c:\logit.txt file to your reply.
DannyDKing
2009-09-19, 00:03
Here is my logit.txt log file:
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
NoRecentDocsNetHood REG_DWORD 0 (0x0)
NoDriveAutoRun REG_BINARY 00f8ff03
NoDriveTypeAutoRun REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)
NoDesktop REG_DWORD 0 (0x0)
NoActiveDesktop REG_DWORD 0 (0x0)
NoNetHood REG_DWORD 0 (0x0)
HideClock REG_DWORD 0 (0x0)
NoManageMyComputerVerb REG_DWORD 0 (0x0)
NoLowDiskSpaceChecks REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoStartMenuPinnedList REG_DWORD 0 (0x0)
NoStartMenuMFUprogramsList REG_DWORD 0 (0x0)
NoUserNameInStartMenu REG_DWORD 0 (0x0)
StartmenuLogoff REG_DWORD 0 (0x0)
NoStartMenuSubFolders REG_DWORD 0 (0x0)
NoCommonGroups REG_DWORD 0 (0x0)
NoRecentDocsMenu REG_DWORD 0 (0x0)
ClearRecentDocsOnExit REG_DWORD 0 (0x0)
NoPrinterTabs REG_DWORD 0 (0x0)
NoDeletePrinter REG_DWORD 0 (0x0)
NoAddPrinter REG_DWORD 0 (0x0)
NoPrinters REG_DWORD 0 (0x0)
NoNetworkConnections REG_DWORD 0 (0x0)
NoFavoritesMenu REG_DWORD 0 (0x0)
NoRun REG_DWORD 0 (0x0)
NoFind REG_DWORD 0 (0x0)
NoClose REG_DWORD 0 (0x0)
NoSetFolders REG_DWORD 0 (0x0)
NoSMHelp REG_DWORD 0 (0x0)
NoChangeStartMenu REG_DWORD 0 (0x0)
NoViewContextMenu REG_DWORD 0 (0x0)
NoFileMenu REG_DWORD 0 (0x0)
NoControlPanel REG_DWORD 0 (0x0)
NoShellSearchButton REG_DWORD 0 (0x0)
NoToolbarCustomize REG_DWORD 0 (0x0)
NoChangeAnimation REG_DWORD 0 (0x0)
NoChangeKeyboardNavigationIndicators REG_DWORD 0 (0x0)
NoThemesTab REG_DWORD 0 (0x0)
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
Danny
That looks ok. Do you recall when things begin to occur like that (after installing some program for example)?
DannyDKing
2009-09-19, 03:14
It started when I lost my C Drive and everything else. Don't recall installing any new programs..
Danny
Hi,
Set the address bar like you want. After that, click view> toolbars> lock toolbars.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.