Infected no regedit (Resolved)

[fast1.5]

hi i did something and next thing i know my internet is killer slow. My programs are slow also and i cant get into the registry to fix it. I downloaded the vbs script to get me into regedit but it only works once in a blue moon. Even when i delete the reg entries in safe mode as soon as a reboot they come back. Someone suggested norton antivirus but i know that slows the internet pretty bad. Someone please help i am affraid to pay my bills online with trojans.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:16 AM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Chris Diaz\meqsq.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\vs7xj.exe
C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\system.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\njce96ic1s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\login.exe
C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\mdm.exe
C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\csrss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\Chris Diaz\meqsq.exe \s
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vxbik] C:\WINDOWS\system32\vxbik.exe \u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [mswindows restore service] C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\vs7xj.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\csrss.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O10 - Unknown file in Winsock LSP: c:\windows\system32\228390.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\228390.dll
O21 - SSODL: ydUtoDHdepMTG - {94977F5A-3E3D-D5F0-5C01-2BD493E1C27F} - C:\WINDOWS\system32\fq.dll
O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 3956 bytes


Spybot S&D

Smitfraud-C.: [SBI $699198D9] Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-790525478-1844237615-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\Windows System Recover!

Smitfraud-C.: [SBI $50922C3E] Executable (File, nothing done)
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\taskmgr.exe
Properties.size=22532
Properties.md5=E61839AEC866FB2707635C0C86EEC819
Properties.filedate=1249164533
Properties.filedatetext=2009-08-01 18:08:53

Microsoft.Windows.Explorer: [SBI $DA080EA7] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-790525478-1844237615-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions

Microsoft.Windows.disableSystemRestore: [SBI $6296EC95] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-790525478-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

PWS.LDPinchIE: [SBI $32D83D62] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-790525478-1844237615-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\idstrf

Win32.Agent.icb: [SBI $A0EF69BD] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\mid

Right Media: Tracking cookie (Internet Explorer: Chris Diaz) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-31 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-07-28 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-07-28 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-28 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-07-14 Includes\Malware.sbi (*)
2009-07-28 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-28 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-28 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-28 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-22 Includes\Trojans.sbi (*)
2009-07-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[katana]

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Failure to reply within 5 days will result in the topic being closed.
5. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



No Antivirus

I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.

Paid AV list
Kaspersky
ESET NOD32

Free AV list ( Home users only)
Avast
Avira AntiVir


Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST



Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.
  ( They can also be found in the C:\RSIT folder )

[fast1.5]

thank you for the help

info.txt logfile of random's system information tool 1.06 2009-08-03 17:26:52

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sniper Elite Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-29]
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [2009-07-29]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-07-29]
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM) [2009-07-29]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-07-29]
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) [2009-07-29]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-29]
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-07-29]
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) [2009-07-29]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Chris Diaz\wafayoh.exe \s,C:\Documents and Settings\Chris Diaz\rrwk.exe \s [2009-07-29]
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) [2009-07-29]
O4 - HKLM\..\Run: [rgclowj0ee0a] C:\WINDOWS\system32\qgcjowj0ee0a.exe [2009-07-29]
O15 - Trusted Zone: http://*.mcafee.com (HKLM) [2009-07-29]
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM) [2009-07-29]
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) [2009-07-29]
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) [2009-07-29]
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-07-29]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 [2009-07-29]
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\lsass.exe [2009-07-29]
O4 - HKCU\..\Run: [mswindows restore service] C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\ri9jlhoi.exe [2009-07-29]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [2009-07-29]
O21 - SSODL: ydUtoDHdepMTG - {94977F5A-3E3D-D5F0-5C01-2BD493E1C27F} - C:\WINDOWS\system32\fq.dll [2009-07-29]
O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-07-29]
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirements...eqlab_srlx.cab [2009-07-29]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab [2009-07-29]
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-07-29]
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install [2009-07-29]
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-07-29]
O4 - HKLM\..\Run: [aev] C:\WINDOWS\system32\aev.exe \u [2009-07-29]
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-07-29]
O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-08-01]
O4 - HKLM\..\Run: [fpu] C:\WINDOWS\system32\fpu.exe \u [2009-08-01]
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-08-01]
O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-08-01]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-01]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-08-01]
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\Chris Diaz\nukqkt.exe \s [2009-08-01]
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-08-01]
O21 - SSODL: ydUtoDHdepMTG - {94977F5A-3E3D-D5F0-5C01-2BD493E1C27F} - C:\WINDOWS\system32\fq.dll [2009-08-01]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-01]
O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll [2009-08-01]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: CHRIS-15BC29F3B
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 596
Source Name: Tcpip
Time Written: 20090712205106.000000-240
Event Type: warning
User:

Computer Name: CHRIS-15BC29F3B
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 589
Source Name: Tcpip
Time Written: 20090712132142.000000-240
Event Type: warning
User:

Computer Name: CHRIS-15BC29F3B
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 588
Source Name: Tcpip
Time Written: 20090712121424.000000-240
Event Type: warning
User:

Computer Name: CHRIS-15BC29F3B
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 587
Source Name: Tcpip
Time Written: 20090712103444.000000-240
Event Type: warning
User:

Computer Name: CHRIS-15BC29F3B
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 586
Source Name: Tcpip
Time Written: 20090712101036.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: CHRIS-15BC29F3B
Event Code: 1000
Message: Faulting application qgcjowj0ee0a.exe, version 0.0.0.0, faulting module urlmon.dll, version 8.0.6001.18806, fault address 0x00029bb7.

Record Number: 159
Source Name: Application Error
Time Written: 20090729172321.000000-240
Event Type: error
User:

Computer Name: CHRIS-15BC29F3B
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.1.3462, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 71
Source Name: Application Hang
Time Written: 20090710000443.000000-240
Event Type: error
User:

Computer Name: CHRIS-15BC29F3B
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 42
Source Name: WinMgmt
Time Written: 20090709114806.000000-240
Event Type: warning
User: CHRIS-15BC29F3B\Chris Diaz

Computer Name: CHRIS-15BC29F3B
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


Record Number: 28
Source Name: Windows Product Activation
Time Written: 20090709102832.000000-240
Event Type: warning
User:

Computer Name: CHRIS-15BC29F3B
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20090709131404.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris Diaz at 2009-08-03 17:26:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 668 GB (93%) free of 715 GB
Total RAM: 2047 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:51 PM, on 8/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\vxbik.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris Diaz\My Documents\Downloads\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Chris Diaz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vxbik] C:\WINDOWS\system32\vxbik.exe \u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 2930 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-12 136600]
"vxbik"=C:\WINDOWS\system32\vxbik.exe [2009-08-02 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\WINDOWS\system32\aev.exe"="C:\WINDOWS\system32\aev.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Chris Diaz\wafayoh.exe"="C:\Documents and Settings\Chris Diaz\wafayoh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\fpu.exe"="C:\WINDOWS\system32\fpu.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Chris Diaz\nukqkt.exe"="C:\Documents and Settings\Chris Diaz\nukqkt.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Chris Diaz\meqsq.exe"="C:\Documents and Settings\Chris Diaz\meqsq.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\vxbik.exe"="C:\WINDOWS\system32\vxbik.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-08-03 17:26:45 ----D---- C:\rsit
2009-08-03 17:04:00 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\Malwarebytes
2009-08-03 17:03:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 17:03:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-02 07:24:36 ----A---- C:\WINDOWS\system32\vxbik.exe
2009-07-31 06:16:17 ----A---- C:\WINDOWS\wininit.ini
2009-07-31 06:01:06 ----A---- C:\WINDOWS\system32\fpu.exe
2009-07-29 17:17:09 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\AVG8
2009-07-28 20:17:43 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-07-28 20:17:40 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-07-28 20:17:38 ----D---- C:\Program Files\DAEMON Tools Lite
2009-07-28 20:17:16 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\DAEMON Tools Lite
2009-07-28 17:14:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-28 17:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-28 17:11:33 ----D---- C:\Program Files\Trend Micro
2009-07-28 16:57:49 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-07-28 16:53:39 ----A---- C:\WINDOWS\system32\aev.exe
2009-07-17 17:13:24 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-17 17:13:17 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-16 21:22:50 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\WinRAR
2009-07-16 19:16:44 ----D---- C:\Program Files\WinRAR
2009-07-16 19:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2009-07-16 19:13:11 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\DAEMON Tools Pro
2009-07-16 18:33:22 ----D---- C:\Program Files\EA GAMES
2009-07-16 18:27:14 ----D---- C:\Program Files\Steam
2009-07-16 16:38:36 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\dvdcss
2009-07-15 21:30:25 ----D---- C:\Program Files\VideoLAN
2009-07-15 19:18:33 ----D---- C:\WINDOWS\Minidump
2009-07-15 19:01:48 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-14 23:52:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 23:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 23:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-13 03:01:49 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\LimeWire
2009-07-12 15:36:45 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\DivX
2009-07-12 13:50:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 13:50:49 ----D---- C:\Program Files\MC2
2009-07-12 13:50:31 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-07-12 13:45:02 ----N---- C:\WINDOWS\system32\px.dll
2009-07-12 13:44:49 ----D---- C:\Program Files\DivX
2009-07-12 13:44:49 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-12 10:03:23 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\BitTorrent
2009-07-12 10:01:11 ----D---- C:\Program Files\BitTorrent
2009-07-12 10:00:25 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-12 10:00:25 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-12 10:00:25 ----A---- C:\WINDOWS\system32\java.exe
2009-07-12 10:00:25 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-12 10:00:16 ----D---- C:\Program Files\Java
2009-07-12 09:59:58 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\Sun
2009-07-12 09:59:57 ----D---- C:\Program Files\LimeWire
2009-07-11 22:12:42 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-07-11 22:12:31 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-07-11 22:12:24 ----D---- C:\NVIDIA
2009-07-11 16:39:51 ----A---- C:\WINDOWS\myClean.bat
2009-07-09 16:57:15 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\Mozilla
2009-07-09 16:49:27 ----D---- C:\Program Files\mIRC
2009-07-09 16:49:27 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\mIRC
2009-07-09 13:19:34 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-09 13:19:33 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-09 13:19:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-09 13:16:46 ----D---- C:\WINDOWS\system32\xircom
2009-07-09 13:16:46 ----D---- C:\Program Files\xerox
2009-07-09 13:16:46 ----D---- C:\Program Files\microsoft frontpage
2009-07-09 13:16:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-09 13:16:40 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-07-09 13:16:31 ----A---- C:\WINDOWS\control.ini
2009-07-09 13:16:31 ----A---- C:\AUTOEXEC.BAT
2009-07-09 13:16:20 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-09 13:16:17 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-07-09 13:15:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-09 13:15:44 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-09 13:15:44 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-09 13:15:40 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-09 13:15:36 ----HD---- C:\Program Files\WindowsUpdate
2009-07-09 13:15:22 ----D---- C:\WINDOWS\system32\DirectX
2009-07-09 13:15:07 ----A---- C:\WINDOWS\system32\atrace.dll
2009-07-09 13:15:05 ----A---- C:\WINDOWS\system32\desktop.ini
2009-07-09 13:15:05 ----A---- C:\WINDOWS\desktop.ini
2009-07-09 13:15:00 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-07-09 13:14:59 ----D---- C:\Program Files\Common Files\Services
2009-07-09 13:14:59 ----A---- C:\WINDOWS\system32\acctres.dll
2009-07-09 13:14:57 ----SD---- C:\WINDOWS\Tasks
2009-07-09 13:14:57 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-07-09 13:14:56 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-09 13:14:53 ----D---- C:\WINDOWS\srchasst
2009-07-09 13:14:52 ----D---- C:\WINDOWS\system32\Macromed
2009-07-09 13:14:50 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-07-09 13:14:50 ----A---- C:\WINDOWS\system32\wups.dll
2009-07-09 13:14:50 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-07-09 13:14:50 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-09 13:14:50 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-09 13:14:50 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-07-09 13:14:50 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-09 13:14:49 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-07-09 13:14:49 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-07-09 13:14:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-09 13:14:49 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-09 13:14:49 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-09 13:14:49 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-09 13:14:46 ----D---- C:\Program Files\Movie Maker
2009-07-09 13:14:43 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-09 13:14:43 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-09 13:14:43 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-09 13:14:43 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-09 13:14:40 ----D---- C:\WINDOWS\system32\Restore
2009-07-09 13:14:40 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-09 13:14:40 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-09 13:14:40 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-09 13:14:40 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-07-09 13:14:40 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-07-09 13:14:39 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-09 13:14:39 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-09 13:14:39 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-09 13:14:39 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-09 13:14:39 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-09 13:14:39 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-09 13:14:37 ----D---- C:\Program Files\NetMeeting
2009-07-09 13:14:37 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-09 13:14:37 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-09 13:14:36 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-09 13:14:36 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-09 13:14:34 ----D---- C:\Program Files\Outlook Express
2009-07-09 13:14:34 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-09 13:14:34 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-09 13:14:34 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-09 13:14:33 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-09 13:14:33 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-09 13:14:33 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-09 13:14:33 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-09 13:14:29 ----D---- C:\Program Files\Common Files\System
2009-07-09 13:14:28 ----D---- C:\Program Files\Internet Explorer
2009-07-09 13:14:19 ----D---- C:\Program Files\ComPlus Applications
2009-07-09 13:14:17 ----A---- C:\WINDOWS\vbaddin.ini
2009-07-09 13:14:17 ----A---- C:\WINDOWS\vb.ini
2009-07-09 13:14:14 ----D---- C:\WINDOWS\Registration
2009-07-09 13:13:54 ----D---- C:\Program Files\Windows Media Player
2009-07-09 13:13:54 ----D---- C:\Program Files\Online Services
2009-07-09 13:13:50 ----D---- C:\Program Files\Messenger
2009-07-09 13:13:47 ----D---- C:\Program Files\MSN Gaming Zone
2009-07-09 13:13:47 ----A---- C:\WINDOWS\system32\write.exe
2009-07-09 13:13:40 ----A---- C:\WINDOWS\system32\winchat.exe
2009-07-09 13:13:40 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-09 13:13:40 ----A---- C:\WINDOWS\system32\hticons.dll
2009-07-09 13:13:40 ----A---- C:\WINDOWS\system32\avwav.dll
2009-07-09 13:13:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-07-09 13:13:40 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-07-09 13:13:35 ----A---- C:\WINDOWS\system32\getuname.dll
2009-07-09 13:13:35 ----A---- C:\WINDOWS\system32\charmap.exe
2009-07-09 13:13:34 ----A---- C:\WINDOWS\system32\winmine.exe
2009-07-09 13:13:34 ----A---- C:\WINDOWS\system32\sol.exe
2009-07-09 13:13:34 ----A---- C:\WINDOWS\system32\reset.exe
2009-07-09 13:13:34 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-07-09 13:13:34 ----A---- C:\WINDOWS\system32\freecell.exe
2009-07-09 13:13:34 ----A---- C:\WINDOWS\system32\calc.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\tskill.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\tscon.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\shadow.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\regini.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\msg.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\logoff.exe
2009-07-09 13:13:33 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-07-09 13:13:32 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-09 13:13:32 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-09 13:13:32 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-09 13:13:32 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-07-09 13:13:32 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-09 13:13:32 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-09 13:13:32 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-09 13:13:31 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-09 13:13:31 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-09 13:13:28 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-07-09 13:13:18 ----D---- C:\Program Files\MSN
2009-07-09 13:13:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-09 13:13:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-09 13:13:17 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-09 13:13:17 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-09 13:13:16 ----D---- C:\Program Files\Windows NT
2009-07-09 13:13:16 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-09 13:13:16 ----A---- C:\WINDOWS\system32\spider.exe
2009-07-09 13:13:16 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-09 13:13:16 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-09 13:13:15 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-09 13:13:14 ----D---- C:\WINDOWS\system32\MsDtc
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-09 13:13:14 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-09 13:13:13 ----D---- C:\WINDOWS\system32\Com
2009-07-09 13:13:13 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-09 13:13:13 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-09 13:13:13 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-09 13:13:13 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-09 13:13:13 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-09 13:13:12 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-09 13:13:12 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-09 13:13:12 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-09 13:13:12 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-09 13:13:12 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-09 13:13:08 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-09 13:13:08 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-09 13:13:08 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-07-09 13:13:08 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-07-09 12:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-09 12:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-09 12:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-09 12:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-09 12:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-07-09 12:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-09 12:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-09 12:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-09 12:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-09 12:19:06 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-09 12:19:06 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-09 12:19:06 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-09 12:19:05 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-09 12:19:05 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-09 12:19:04 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-09 12:19:04 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-07-09 12:19:03 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-07-09 12:19:03 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-07-09 12:19:03 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-07-09 12:19:02 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-07-09 12:19:02 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-07-09 12:19:01 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-07-09 12:19:01 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-07-09 12:19:00 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-07-09 12:19:00 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-07-09 12:18:59 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-07-09 12:18:59 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-07-09 12:18:59 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-07-09 12:18:58 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-07-09 12:18:57 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-07-09 12:18:57 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-07-09 12:18:57 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-07-09 12:18:56 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-07-09 12:18:56 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-07-09 12:18:56 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-07-09 12:18:55 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-07-09 12:18:54 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-07-09 12:18:54 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-07-09 12:18:53 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-07-09 12:18:53 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-07-09 12:18:53 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-07-09 12:18:52 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-07-09 12:18:52 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-07-09 12:18:50 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-07-09 12:18:50 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-07-09 12:18:50 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-07-09 12:18:49 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-07-09 12:18:48 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-07-09 12:18:48 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-07-09 12:18:48 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-07-09 12:18:47 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-07-09 12:18:47 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-07-09 12:18:46 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-07-09 12:18:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-07-09 12:18:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-07-09 12:18:45 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-09 12:18:45 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-07-09 12:18:44 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-07-09 12:18:44 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-07-09 12:18:42 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-07-09 12:18:42 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-07-09 12:18:41 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-07-09 12:18:41 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-09 12:18:40 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-07-09 12:18:40 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-07-09 12:18:40 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-09 12:18:39 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-07-09 12:18:39 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-07-09 12:18:38 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-07-09 12:18:38 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-07-09 12:18:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-07-09 12:18:37 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-07-09 12:18:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-07-09 12:18:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-07-09 12:18:36 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-07-09 12:18:35 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-09 12:18:35 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-07-09 12:18:34 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-09 12:18:34 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-07-09 12:18:33 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-09 12:18:32 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-07-09 12:17:33 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-09 12:07:06 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-09 12:07:00 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-07-09 12:06:50 ----D---- C:\Program Files\Windows Media Connect 2
2009-07-09 12:06:42 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-09 12:06:16 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-09 12:06:03 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-09 12:05:53 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-07-09 12:05:24 ----SHD---- C:\RECYCLER
2009-07-09 12:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-09 12:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-09 12:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-09 12:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-09 12:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-09 12:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-09 12:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-09 12:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-09 12:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-09 12:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-09 12:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-09 12:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-09 12:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-09 12:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-09 12:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-09 12:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-09 12:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-09 12:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-09 12:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-09 12:03:08 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-09 12:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-09 12:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-07-09 12:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-09 12:02:34 ----D---- C:\WINDOWS\ie8updates
2009-07-09 12:02:24 ----D---- C:\WINDOWS\WBEM
2009-07-09 12:01:39 ----HDC---- C:\WINDOWS\ie8
2009-07-09 11:59:27 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-09 11:59:22 ----D---- C:\WINDOWS\Logs
2009-07-09 11:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-09 11:55:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-09 11:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-09 11:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-09 11:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-09 11:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-09 11:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-09 11:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-09 11:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-09 11:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-09 11:51:51 ----D---- C:\WINDOWS\Prefetch
2009-07-09 11:47:33 ----D---- C:\WINDOWS\system32\en-us
2009-07-09 11:47:32 ----D---- C:\WINDOWS\system32\scripting
2009-07-09 11:47:32 ----D---- C:\WINDOWS\l2schemas
2009-07-09 11:47:31 ----D---- C:\WINDOWS\system32\en
2009-07-09 11:47:31 ----D---- C:\WINDOWS\system32\bits
2009-07-09 11:45:50 ----D---- C:\Program Files\Common Files\Adobe
2009-07-09 11:44:56 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-09 11:43:43 ----D---- C:\Program Files\Adobe
2009-07-09 11:43:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-09 11:43:32 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-09 11:42:23 ----D---- C:\WINDOWS\network diagnostic
2009-07-09 11:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-09 11:40:45 ----D---- C:\Program Files\NOS
2009-07-09 11:40:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-09 11:39:39 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\Macromedia
2009-07-09 11:39:39 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\Adobe
2009-07-09 11:37:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-09 11:36:31 ----D---- C:\Program Files\Mozilla Firefox
2009-07-09 11:31:30 ----A---- C:\WINDOWS\system32\wpa.bak
2009-07-09 11:30:25 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-09 11:09:08 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-09 10:54:45 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-09 10:54:44 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-09 10:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-09 10:54:25 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-07-09 10:30:05 ----D---- C:\Program Files\McAfee
2009-07-09 10:28:35 ----D---- C:\Documents and Settings\Chris Diaz\Application Data\Identities
2009-07-09 10:28:34 ----HD---- C:\Program Files\Uninstall Information
2009-07-09 10:28:31 ----SD---- C:\Documents and Settings\Chris Diaz\Application Data\Microsoft
2009-07-09 10:28:31 ----ASH---- C:\Documents and Settings\Chris Diaz\Application Data\desktop.ini
2009-07-09 10:22:09 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-09 06:12:04 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-09 06:08:25 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-09 06:07:37 ----A---- C:\WINDOWS\imsins.BAK
2009-07-09 06:07:35 ----SHD---- C:\WINDOWS\Installer
2009-07-09 06:07:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-09 06:07:34 ----D---- C:\Program Files\Common Files\ODBC
2009-07-09 06:07:34 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-09 06:07:32 ----RD---- C:\Program Files
2009-07-09 06:07:32 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-07-09 06:07:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-09 06:07:32 ----D---- C:\Program Files\Common Files
2009-07-09 06:07:30 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-07-09 06:07:30 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-07-09 06:07:30 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-07-09 06:07:28 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-07-09 06:07:27 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-07-09 06:07:27 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-07-09 06:07:27 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-07-09 06:07:27 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-07-09 06:07:27 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-07-09 06:07:27 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-07-09 06:07:27 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-07-09 06:07:26 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-07-09 06:07:25 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-07-09 06:07:25 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-07-09 06:07:25 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-07-09 06:07:25 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-07-09 06:07:24 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-07-09 06:07:22 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-09 06:07:22 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-09 06:07:22 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-07-09 06:07:22 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-07-09 06:07:22 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-07-09 06:07:20 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-07-09 06:07:20 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-07-09 06:07:20 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-09 06:07:19 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-09 06:07:19 ----A---- C:\WINDOWS\notepad.exe
2009-07-09 06:07:13 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-09 06:07:12 ----RA---- C:\WINDOWS\SET25.tmp
2009-07-09 06:07:10 ----RA---- C:\WINDOWS\SET8.tmp
2009-07-09 06:07:08 ----RA---- C:\WINDOWS\SET4.tmp
2009-07-09 06:07:06 ----RA---- C:\WINDOWS\SET3.tmp
2009-07-09 06:07:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-09 06:07:02 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-09 06:06:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-09 06:06:36 ----A---- C:\WINDOWS\setuplog.txt
2009-07-09 06:06:33 ----SHD---- C:\System Volume Information
2009-07-09 06:06:33 ----D---- C:\Documents and Settings
2009-07-09 06:05:50 ----SH---- C:\boot.ini
2009-07-08 11:56:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-08 11:56:07 ----RSD---- C:\WINDOWS\Fonts
2009-07-08 11:56:07 ----RD---- C:\WINDOWS\Web
2009-07-08 11:56:07 ----HD---- C:\WINDOWS\inf
2009-07-08 11:56:07 ----D---- C:\WINDOWS\WinSxS
2009-07-08 11:56:07 ----D---- C:\WINDOWS\twain_32
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\wins
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\wbem
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\usmt
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\spool
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\Setup
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\ras
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\oobe
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\npp
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\mui
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\IME
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\icsxml
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\ias
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\export
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\drivers
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\dhcp
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\config
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\3com_dmi
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\3076
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\2052
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1054
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1042
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1041
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1037
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1033
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1031
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1028
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32\1025
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system32
2009-07-08 11:56:07 ----D---- C:\WINDOWS\system
2009-07-08 11:56:07 ----D---- C:\WINDOWS\security
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Resources
2009-07-08 11:56:07 ----D---- C:\WINDOWS\repair
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Provisioning
2009-07-08 11:56:07 ----D---- C:\WINDOWS\PeerNet
2009-07-08 11:56:07 ----D---- C:\WINDOWS\pchealth
2009-07-08 11:56:07 ----D---- C:\WINDOWS\mui
2009-07-08 11:56:07 ----D---- C:\WINDOWS\msapps
2009-07-08 11:56:07 ----D---- C:\WINDOWS\msagent
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Media
2009-07-08 11:56:07 ----D---- C:\WINDOWS\java
2009-07-08 11:56:07 ----D---- C:\WINDOWS\ime
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Help
2009-07-08 11:56:07 ----D---- C:\WINDOWS\ehome
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Driver Cache
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Debug
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Cursors
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Connection Wizard
2009-07-08 11:56:07 ----D---- C:\WINDOWS\Config
2009-07-08 11:56:07 ----D---- C:\WINDOWS\AppPatch
2009-07-08 11:56:07 ----D---- C:\WINDOWS\addins
2009-07-08 11:56:07 ----D---- C:\WINDOWS
2009-07-08 11:56:07 ----AD---- C:\WINDOWS\Temp

======List of files/folders modified in the last 1 months======

2009-07-28 16:50:23 ----A---- C:\WINDOWS\system32\user32.DLL
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-09 12:06:54 ----A---- C:\WINDOWS\win.ini
2009-07-09 06:07:31 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-12-01 201320]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-12-01 55016]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ayzvlt49;ayzvlt49; C:\WINDOWS\system32\drivers\ayzvlt49.sys []
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2007-12-01 79304]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2007-12-01 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\WINDOWS\system32\drivers\MfeRKDK.sys [2007-12-01 33832]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-17 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-08-02 189672]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 17408]

-----------------EOF-----------------

[fast1.5]

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/3/2009 5:12:53 PM
mbam-log-2009-08-03 (17-12-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 109693
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 7
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\228390.dll (Hijack.LSP) -> Delete on reboot.
C:\WINDOWS\system32\hs7f3uhduhfukde.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\ghaf8jkdfd.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\nvrsk.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94977f5a-3e3d-d5f0-5c01-2bd493e1c27f} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appibvt_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ydutodhdepmtg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msWindows restore service (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpyware Service (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\Chris Diaz\meqsq.exe \s) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ghaf8jkdfd.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\hs7f3uhduhfukde.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\nvrsk.dll (Spyware.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\228390.dll (Hijack.LSP) -> Delete on reboot.
C:\Documents and Settings\Chris Diaz\rrwk.exe (Backdoor.Tofsee) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgcnowj0ee0a.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgcjowj0ee0a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fq.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\srrqe4mq6.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\services.exe (Password.Stealer) -> Delete on reboot.
C:\Documents and Settings\Chris Diaz\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\sfjh98w3jkdmfkd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Diaz\Local Settings\Temp\ke0et.exe (Trojan.Dropper) -> Delete on reboot.

[katana]

Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 5.1.4

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


----------------------------------------------------------------------------------------
Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\system32\vxbik.exe
Click Submit/Send File

When the scan has finished, you can copy the URL from the browser address window and paste it in your reply.

If Virustotal is too busy please try Jotti


----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

----------------------------------------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• Virus Total Results
• ComboFix Log
• Kaspersky log
• How are things running now ?

[fast1.5]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, August 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, August 04, 2009 00:15:16
Records in database: 2577736
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 27838
Threat name: 5
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 00:36:25


File name / Threat name / Threats count
C:\WINDOWS\system32\winlogon.exe/C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\system32\vxbik.exe/C:\WINDOWS\system32\vxbik.exe Infected: Trojan-PSW.Win32.Agent.nnh 1
C:\Documents and Settings\Chris Diaz\meqsq.exe Infected: Trojan-PSW.Win32.Agent.nnh 1
C:\Documents and Settings\Chris Diaz\My Documents\Downloads\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
C:\Documents and Settings\Chris Diaz\nukqkt.exe Infected: Trojan-PSW.Win32.Agent.nnh 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Infected: Trojan.Win32.Patched.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsass.exe.vir Infected: Trojan.Win32.Patched.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\services.exe.vir Infected: Trojan.Win32.Patched.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\spoolsv.exe.vir Infected: Trojan.Win32.Patched.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\svchost.exe.vir Infected: Trojan.Win32.Patched.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir.vir Infected: Trojan.Win32.Patched.gq 1
C:\WINDOWS\system32\fpu.exe Infected: Trojan-PSW.Win32.Agent.nnh 1
C:\WINDOWS\system32\vxbik.exe Infected: Trojan-PSW.Win32.Agent.nnh 1
C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa 1

The selected area was scanned.


ComboFix 09-08-03.04 - Chris Diaz 08/03/2009 19:00.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1675 [GMT -4:00]
Running from: c:\documents and settings\Chris Diaz\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\lsass.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\lsass.exe

Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe

Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\spoolsv.exe


c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 23:02 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-08-03 22:54 . 2009-08-03 22:54 -------- d-----w- c:\windows\Sun
2009-08-03 21:26 . 2009-08-03 21:26 -------- d-----w- C:\rsit
2009-08-03 21:04 . 2009-08-03 21:04 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\Malwarebytes
2009-08-03 21:03 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 21:03 . 2009-08-03 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 21:03 . 2009-08-03 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 21:03 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 11:24 . 2009-08-02 11:24 32768 ---h--w- c:\documents and settings\Chris Diaz\meqsq.exe
2009-08-02 11:24 . 2009-08-02 11:24 32768 ----a-w- c:\windows\system32\vxbik.exe
2009-08-02 11:22 . 2009-08-02 11:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-01 21:52 . 2009-08-01 21:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-01 12:04 . 2009-08-01 12:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-31 10:01 . 2009-07-31 10:01 32768 ---h--w- c:\documents and settings\Chris Diaz\nukqkt.exe
2009-07-31 10:01 . 2009-07-31 10:01 32768 ----a-w- c:\windows\system32\fpu.exe
2009-07-29 21:17 . 2009-07-29 21:17 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\AVG8
2009-07-29 21:01 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 21:01 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-29 00:17 . 2009-07-29 00:18 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DAEMON Tools Lite
2009-07-28 21:14 . 2009-07-31 10:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 21:14 . 2009-07-31 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-28 21:11 . 2009-07-28 21:11 -------- d-----w- c:\program files\Trend Micro
2009-07-28 20:53 . 2009-07-28 20:53 32256 ---h--w- c:\documents and settings\Chris Diaz\wafayoh.exe
2009-07-28 20:53 . 2009-07-28 20:53 32256 ----a-w- c:\windows\system32\aev.exe
2009-07-28 20:50 . 2009-08-03 23:02 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-17 21:14 . 2009-08-02 22:30 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-17 21:13 . 2009-08-02 22:29 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-17 21:13 . 2009-07-17 21:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-17 21:13 . 2009-07-17 21:13 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\PunkBuster
2009-07-16 23:15 . 2009-07-29 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-07-16 23:13 . 2009-07-16 23:13 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-16 23:13 . 2009-07-16 23:20 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DAEMON Tools Pro
2009-07-16 22:33 . 2009-07-16 22:33 -------- d-----w- c:\program files\EA GAMES
2009-07-16 22:27 . 2009-07-16 23:27 -------- d-----w- c:\program files\Steam
2009-07-16 20:38 . 2009-07-16 20:38 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\dvdcss
2009-07-16 01:30 . 2009-07-16 01:30 -------- d-----w- c:\program files\VideoLAN
2009-07-13 07:01 . 2009-07-22 12:07 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\LimeWire
2009-07-12 19:36 . 2009-07-16 01:22 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DivX
2009-07-12 17:50 . 2009-07-16 22:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 17:50 . 2009-07-12 17:50 -------- d-----w- c:\program files\MC2
2009-07-12 17:50 . 2009-07-16 22:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 17:44 . 2009-07-12 17:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-12 14:03 . 2009-08-03 01:23 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\BitTorrent
2009-07-12 14:01 . 2009-07-12 14:01 -------- d-----w- c:\program files\BitTorrent
2009-07-12 14:00 . 2009-07-12 14:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-12 14:00 . 2009-07-12 14:00 -------- d-----w- c:\program files\Java
2009-07-12 14:00 . 2009-07-12 14:00 152576 ----a-w- c:\documents and settings\Chris Diaz\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-07-12 13:59 . 2009-07-12 14:00 -------- d-----w- c:\program files\LimeWire
2009-07-12 02:12 . 2009-06-10 10:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-12 02:12 . 2009-06-21 12:46 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-12 02:12 . 2009-07-12 02:12 -------- d-----w- C:\NVIDIA
2009-07-11 20:39 . 2006-12-06 01:17 240 ----a-w- c:\windows\myClean.bat
2009-07-11 20:39 . 2009-07-11 20:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-10 03:43 . 2009-07-10 03:43 -------- d-sh--w- c:\documents and settings\Chris Diaz\IECompatCache
2009-07-09 21:36 . 2009-07-09 21:36 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\Identities
2009-07-09 20:57 . 2009-07-09 20:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-09 20:57 . 2009-07-09 20:57 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\Mozilla
2009-07-09 20:49 . 2009-08-03 21:03 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\mIRC
2009-07-09 20:49 . 2009-08-03 20:45 -------- d-----w- c:\program files\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 23:02 . 2006-02-28 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2009-07-16 00:15 . 2009-07-09 16:17 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-12 17:45 . 2009-07-12 17:44 -------- d-----w- c:\program files\DivX
2009-07-11 21:00 . 2009-07-09 16:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-09 17:16 . 2009-07-09 17:16 -------- d-----w- c:\program files\microsoft frontpage
2009-07-09 17:14 . 2009-07-09 17:14 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-09 16:17 . 2009-07-09 16:17 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-09 16:10 . 2009-07-09 16:10 13104 ----a-w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 16:06 . 2009-07-09 16:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-09 15:51 . 2009-07-09 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-09 15:51 . 2009-07-09 15:40 -------- d-----w- c:\program files\NOS
2009-07-09 15:48 . 2009-07-09 17:15 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-09 15:45 . 2009-07-09 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-09 15:43 . 2009-07-09 15:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-09 15:41 . 2009-07-09 15:41 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-09 14:30 . 2009-07-09 14:30 -------- d-----w- c:\program files\McAfee
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-07-09 15:33 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2009-06-10 10:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2009-06-10 10:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2008-04-14 00:12 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 21:56 . 2009-07-12 17:45 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2009-07-12 17:45 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-07-12 17:45 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-13 21:56 . 2009-07-12 17:45 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:56 . 2009-07-12 17:45 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-12 17:45 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.
Infected c:\windows\system32\user32.dll hex repaired


------- Sigcheck -------

[7] 2006-02-28 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 512000 281CCAB31BFBA7930981BE229AE3E222 c:\windows\system32\winlogon.exe


[7] 2006-02-28 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-12 136600]
"vxbik"="c:\windows\system32\vxbik.exe" [2009-08-02 32768]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\aev.exe"=
"c:\\Documents and Settings\\Chris Diaz\\wafayoh.exe"=
"c:\\WINDOWS\\system32\\fpu.exe"=
"c:\\Documents and Settings\\Chris Diaz\\nukqkt.exe"=
"c:\\Documents and Settings\\Chris Diaz\\meqsq.exe"=
"c:\\WINDOWS\\system32\\vxbik.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: //about.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 19:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\ACTIVEDS.dll

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-03 19:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 23:05

Pre-Run: 700,581,122,048 bytes free
Post-Run: 700,568,174,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

240 --- E O F --- 2009-07-29 21:08


http://www.virustotal.com/analisis/c...59a-1249126567


this machine does not have the microsoft windows recovery console installed without it combo fix shall not attempt the fixing of some serious infections
click yes to have combofix donload and install

i hit yes but that was not in the tutorial

So far its faster i have folder options back i have regedit back but it still shows alot of infected files i forgot to take limewire off before i did all this sorry thanks alot for the help i appreciate it.

[katana]

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  http://forums.spybot.info/showthread.php?p=326195#post326195
  Collect::[4]
  C:\Documents and Settings\Chris Diaz\meqsq.exe
  C:\Documents and Settings\Chris Diaz\nukqkt.exe
  C:\WINDOWS\system32\fpu.exe
  C:\WINDOWS\system32\vxbik.exe
  c:\documents and settings\Chris Diaz\wafayoh.exe
  c:\windows\system32\aev.exe
  Folder::
  c:\documents and settings\Chris Diaz\Application Data\LimeWire
  c:\documents and settings\Chris Diaz\Application Data\BitTorrent
  c:\Program Files\BitTorrent
  c:\Program Files\LimeWire
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "SunJavaUpdateSched"=-
  "vxbik"=-
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
  "c:\\WINDOWS\\system32\\aev.exe"=-
  "c:\\Documents and Settings\\Chris Diaz\\wafayoh.exe"=-
  "c:\\WINDOWS\\system32\\fpu.exe"=-
  "c:\\Documents and Settings\\Chris Diaz\\nukqkt.exe"=-
  "c:\\Documents and Settings\\Chris Diaz\\meqsq.exe"=-
  "c:\\WINDOWS\\system32\\vxbik.exe"=-
  ADS::

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• **Note**
  When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

[fast1.5]

ComboFix 09-08-03.07 - Chris Diaz 08/04/2009 6:01.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1695 [GMT -4:00]
Running from: c:\documents and settings\Chris Diaz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris Diaz\Desktop\CFScript.txt

file zipped: c:\windows\system32\aev.exe
file zipped: c:\windows\system32\fpu.exe
file zipped: c:\windows\system32\vxbik.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.4.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\windows\system32\aev.exe
c:\windows\system32\fpu.exe
c:\windows\system32\vxbik.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 23:02 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-08-03 22:54 . 2009-08-03 22:54 -------- d-----w- c:\windows\Sun
2009-08-03 21:26 . 2009-08-03 21:26 -------- d-----w- C:\rsit
2009-08-03 21:04 . 2009-08-03 21:04 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\Malwarebytes
2009-08-03 21:03 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 21:03 . 2009-08-03 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 21:03 . 2009-08-03 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 21:03 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 11:24 . 2009-08-02 11:24 32768 ---h--w- c:\documents and settings\Chris Diaz\meqsq.exe
2009-08-02 11:22 . 2009-08-02 11:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-01 21:52 . 2009-08-01 21:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-01 12:04 . 2009-08-01 12:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-31 10:01 . 2009-07-31 10:01 32768 ---h--w- c:\documents and settings\Chris Diaz\nukqkt.exe
2009-07-29 21:17 . 2009-07-29 21:17 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\AVG8
2009-07-29 21:01 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 21:01 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-29 00:17 . 2009-07-29 00:18 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DAEMON Tools Lite
2009-07-28 21:14 . 2009-07-31 10:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 21:14 . 2009-07-31 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-28 21:11 . 2009-07-28 21:11 -------- d-----w- c:\program files\Trend Micro
2009-07-28 20:53 . 2009-07-28 20:53 32256 ---h--w- c:\documents and settings\Chris Diaz\wafayoh.exe
2009-07-28 20:50 . 2009-08-03 23:02 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-17 21:14 . 2009-08-04 09:01 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-17 21:13 . 2009-08-04 09:00 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-17 21:13 . 2009-07-17 21:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-17 21:13 . 2009-07-17 21:13 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\PunkBuster
2009-07-16 23:15 . 2009-07-29 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-07-16 23:13 . 2009-07-16 23:13 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-16 23:13 . 2009-07-16 23:20 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DAEMON Tools Pro
2009-07-16 22:33 . 2009-07-16 22:33 -------- d-----w- c:\program files\EA GAMES
2009-07-16 22:27 . 2009-07-16 23:27 -------- d-----w- c:\program files\Steam
2009-07-16 20:38 . 2009-07-16 20:38 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\dvdcss
2009-07-16 01:30 . 2009-07-16 01:30 -------- d-----w- c:\program files\VideoLAN
2009-07-13 07:01 . 2009-07-22 12:07 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\LimeWire
2009-07-12 19:36 . 2009-07-16 01:22 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DivX
2009-07-12 17:50 . 2009-07-16 22:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 17:50 . 2009-07-12 17:50 -------- d-----w- c:\program files\MC2
2009-07-12 17:50 . 2009-07-16 22:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 17:44 . 2009-07-12 17:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-12 14:03 . 2009-08-03 01:23 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\BitTorrent
2009-07-12 14:00 . 2009-07-12 14:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-12 14:00 . 2009-07-12 14:00 -------- d-----w- c:\program files\Java
2009-07-12 14:00 . 2009-07-12 14:00 152576 ----a-w- c:\documents and settings\Chris Diaz\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-07-12 02:12 . 2009-06-10 10:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-12 02:12 . 2009-06-21 12:46 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-12 02:12 . 2009-07-12 02:12 -------- d-----w- C:\NVIDIA
2009-07-11 20:39 . 2006-12-06 01:17 240 ----a-w- c:\windows\myClean.bat
2009-07-11 20:39 . 2009-07-11 20:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-10 03:43 . 2009-07-10 03:43 -------- d-sh--w- c:\documents and settings\Chris Diaz\IECompatCache
2009-07-09 21:36 . 2009-07-09 21:36 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\Identities
2009-07-09 20:57 . 2009-07-09 20:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-09 20:57 . 2009-07-09 20:57 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\Mozilla
2009-07-09 20:49 . 2009-08-04 02:15 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\mIRC
2009-07-09 20:49 . 2009-08-04 01:53 -------- d-----w- c:\program files\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 23:02 . 2006-02-28 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2009-07-16 00:15 . 2009-07-09 16:17 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-12 17:45 . 2009-07-12 17:44 -------- d-----w- c:\program files\DivX
2009-07-11 21:00 . 2009-07-09 16:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-09 17:16 . 2009-07-09 17:16 -------- d-----w- c:\program files\microsoft frontpage
2009-07-09 17:14 . 2009-07-09 17:14 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-09 16:17 . 2009-07-09 16:17 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-09 16:10 . 2009-07-09 16:10 13104 ----a-w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 16:06 . 2009-07-09 16:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-09 15:51 . 2009-07-09 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-09 15:51 . 2009-07-09 15:40 -------- d-----w- c:\program files\NOS
2009-07-09 15:48 . 2009-07-09 17:15 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-09 15:45 . 2009-07-09 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-09 15:43 . 2009-07-09 15:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-09 15:41 . 2009-07-09 15:41 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-09 14:30 . 2009-07-09 14:30 -------- d-----w- c:\program files\McAfee
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-07-09 15:33 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2009-06-10 10:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2009-06-10 10:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2008-04-14 00:12 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 21:56 . 2009-07-12 17:45 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2009-07-12 17:45 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-07-12 17:45 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-13 21:56 . 2009-07-12 17:45 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:56 . 2009-07-12 17:45 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-12 17:45 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

------- Sigcheck -------

[7] 2006-02-28 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 512000 281CCAB31BFBA7930981BE229AE3E222 c:\windows\system32\winlogon.exe


[7] 2006-02-28 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-03_23.04.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-04 09:53 . 2009-08-04 09:53 16384 c:\windows\Temp\Perflib_Perfdata_674.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\Chris Diaz\\wafayoh.exe"=
"c:\\Documents and Settings\\Chris Diaz\\nukqkt.exe"=
"c:\\Documents and Settings\\Chris Diaz\\meqsq.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: //about.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 06:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-04 6:04
ComboFix-quarantined-files.txt 2009-08-04 10:04
ComboFix2.txt 2009-08-03 23:05

Pre-Run: 699,980,046,336 bytes free
Post-Run: 699,995,975,680 bytes free

284 --- E O F --- 2009-07-29 21:08
Upload was successful

[katana]

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  http://forums.spybot.info/showthread.php?p=326277#post326277
  Suspect::[4]
  c:\documents and settings\Chris Diaz\meqsq.exe
  c:\documents and settings\Chris Diaz\nukqkt.exe
  c:\Documents and Settings\Chris Diaz\wafayoh.exe
  File::
  c:\documents and settings\Chris Diaz\meqsq.exe
  c:\documents and settings\Chris Diaz\nukqkt.exe
  c:\Documents and Settings\Chris Diaz\wafayoh.exe
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Documents and Settings\\Chris Diaz\\wafayoh.exe"=-
  "c:\\Documents and Settings\\Chris Diaz\\nukqkt.exe"=-
  "c:\\Documents and Settings\\Chris Diaz\\meqsq.exe"=-
  FCopy::
  c:\windows\ServicePackFiles\i386\winlogon.exe|c:\windows\system32\winlogon.exe
  c:\windows\system32\dllcache\beep.sys|C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys
  ADS::

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• **Note**
  When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

[fast1.5]

ComboFix 09-08-04.02 - Chris Diaz 08/04/2009 17:52.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1718 [GMT -4:00]
Running from: c:\documents and settings\Chris Diaz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris Diaz\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Chris Diaz\meqsq.exe"
"c:\documents and settings\Chris Diaz\nukqkt.exe"
"c:\documents and settings\Chris Diaz\wafayoh.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\system32\dllcache\beep.sys --> c:\windows\SYSTEM32\DRIVERS\beep.sys
.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 21:52 . 2006-02-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-04 21:52 . 2006-02-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-03 23:02 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-08-03 22:54 . 2009-08-03 22:54 -------- d-----w- c:\windows\Sun
2009-08-03 21:26 . 2009-08-03 21:26 -------- d-----w- C:\rsit
2009-08-03 21:04 . 2009-08-03 21:04 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\Malwarebytes
2009-08-03 21:03 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 21:03 . 2009-08-03 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 21:03 . 2009-08-03 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 21:03 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 11:24 . 2009-08-02 11:24 32768 ---h--w- c:\documents and settings\Chris Diaz\meqsq.exe
2009-08-02 11:22 . 2009-08-02 11:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-01 21:52 . 2009-08-01 21:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-01 12:04 . 2009-08-01 12:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-31 10:01 . 2009-07-31 10:01 32768 ---h--w- c:\documents and settings\Chris Diaz\nukqkt.exe
2009-07-29 21:17 . 2009-07-29 21:17 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\AVG8
2009-07-29 21:01 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 21:01 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-29 00:17 . 2009-07-29 00:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-29 00:17 . 2009-07-29 00:18 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DAEMON Tools Lite
2009-07-28 21:14 . 2009-07-31 10:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 21:14 . 2009-07-31 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-28 21:11 . 2009-07-28 21:11 -------- d-----w- c:\program files\Trend Micro
2009-07-28 20:53 . 2009-07-28 20:53 32256 ---h--w- c:\documents and settings\Chris Diaz\wafayoh.exe
2009-07-28 20:50 . 2009-08-03 23:02 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-17 21:14 . 2009-08-04 09:01 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-17 21:13 . 2009-08-04 09:00 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-17 21:13 . 2009-07-17 21:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-17 21:13 . 2009-07-17 21:13 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\PunkBuster
2009-07-16 23:15 . 2009-07-29 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-07-16 23:13 . 2009-07-16 23:13 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-16 23:13 . 2009-07-16 23:20 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DAEMON Tools Pro
2009-07-16 22:33 . 2009-07-16 22:33 -------- d-----w- c:\program files\EA GAMES
2009-07-16 22:27 . 2009-07-16 23:27 -------- d-----w- c:\program files\Steam
2009-07-16 20:38 . 2009-07-16 20:38 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\dvdcss
2009-07-16 01:30 . 2009-07-16 01:30 -------- d-----w- c:\program files\VideoLAN
2009-07-13 07:01 . 2009-07-22 12:07 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\LimeWire
2009-07-12 19:36 . 2009-07-16 01:22 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\DivX
2009-07-12 17:50 . 2009-07-16 22:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 17:50 . 2009-07-12 17:50 -------- d-----w- c:\program files\MC2
2009-07-12 17:50 . 2009-07-16 22:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 17:44 . 2009-07-12 17:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-12 14:03 . 2009-08-03 01:23 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\BitTorrent
2009-07-12 14:00 . 2009-07-12 14:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-12 14:00 . 2009-07-12 14:00 -------- d-----w- c:\program files\Java
2009-07-12 14:00 . 2009-07-12 14:00 152576 ----a-w- c:\documents and settings\Chris Diaz\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-07-12 02:12 . 2009-06-10 10:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-12 02:12 . 2009-06-21 12:46 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-12 02:12 . 2009-07-12 02:12 -------- d-----w- C:\NVIDIA
2009-07-11 20:39 . 2006-12-06 01:17 240 ----a-w- c:\windows\myClean.bat
2009-07-11 20:39 . 2009-07-11 20:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-10 03:43 . 2009-07-10 03:43 -------- d-sh--w- c:\documents and settings\Chris Diaz\IECompatCache
2009-07-09 21:36 . 2009-07-09 21:36 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\Identities
2009-07-09 20:57 . 2009-07-09 20:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-09 20:57 . 2009-07-09 20:57 -------- d-----w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\Mozilla
2009-07-09 20:49 . 2009-08-04 02:15 -------- d-----w- c:\documents and settings\Chris Diaz\Application Data\mIRC
2009-07-09 20:49 . 2009-08-04 01:53 -------- d-----w- c:\program files\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 23:02 . 2006-02-28 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2009-07-16 00:15 . 2009-07-09 16:17 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-12 17:45 . 2009-07-12 17:44 -------- d-----w- c:\program files\DivX
2009-07-11 21:00 . 2009-07-09 16:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-09 17:16 . 2009-07-09 17:16 -------- d-----w- c:\program files\microsoft frontpage
2009-07-09 17:14 . 2009-07-09 17:14 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-09 16:17 . 2009-07-09 16:17 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-09 16:10 . 2009-07-09 16:10 13104 ----a-w- c:\documents and settings\Chris Diaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 16:06 . 2009-07-09 16:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-09 15:51 . 2009-07-09 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-09 15:51 . 2009-07-09 15:40 -------- d-----w- c:\program files\NOS
2009-07-09 15:48 . 2009-07-09 17:15 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-09 15:45 . 2009-07-09 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-09 15:43 . 2009-07-09 15:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-09 15:41 . 2009-07-09 15:41 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-09 14:30 . 2009-07-09 14:30 -------- d-----w- c:\program files\McAfee
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-07-09 15:33 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2009-06-10 10:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2009-06-10 10:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2008-04-14 00:12 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 21:56 . 2009-07-12 17:45 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2009-07-12 17:45 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-07-12 17:45 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-13 21:56 . 2009-07-12 17:45 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:56 . 2009-07-12 17:45 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-12 17:45 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-03_23.04.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-04 21:44 . 2009-08-04 21:44 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat
+ 2006-02-28 12:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\Chris Diaz\\wafayoh.exe"=
"c:\\Documents and Settings\\Chris Diaz\\nukqkt.exe"=
"c:\\Documents and Settings\\Chris Diaz\\meqsq.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: //about.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 17:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-04 17:55
ComboFix-quarantined-files.txt 2009-08-04 21:55
ComboFix2.txt 2009-08-04 10:05
ComboFix3.txt 2009-08-03 23:05

Pre-Run: 700,007,219,200 bytes free
Post-Run: 699,961,929,728 bytes free

207 --- E O F --- 2009-07-29 21:08



Can you clue me in to what is going on still or what i might still have left in the machine is it safe to use the computer for online banking? Thank you very much for your time and help