Vitromundo & Smithfield

[iprojects]

Hello Everyone.
After many years of only activity, I have been compeltely dumbfounded as to how to get rid of these trojans from my computer.
I have tried the recommended "extra" removal programs but have developed a deep seeded mistrust.
Spybot has kept me clean for many years but now it is doing nothing.
Here is my HTJ output for your knowledge. Can you please help me?

[PHP]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:09 PM, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\All Users.WINDOWS\Application Data\ezsvwhop\szuxmxud.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\purkliry.exe
D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\Program Files\Labtec Wireless Desktop\MagicKey.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgrsx.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mah-Jongg\Mj3Pro.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {94A5C93F-BD18-4C46-B777-C94C145C3CAB} - (no file)
O4 - HKLM\..\Run: [VX1000] D:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "D:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GenAdm] D:\WINDOWS\system32\purkliry.exe
O4 - HKCU\..\Run: [ProcSys] D:\WINDOWS\system32\qbojobmf.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [BNBlvkDlSv] D:\Documents and Settings\All Users.WINDOWS\Application Data\ezsvwhop\szuxmxud.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120472294952
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: chkmsginfo - {4D74DA14-A45D-3881-0F6F-0B65170D9AAC} - D:\Program Files\iqzbkdb\chkmsginfo.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9316 bytes

Sorry if I've stuffed this up.
Cheers
:)

 

[Shaba]

Hi iprojects

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post:

- mbam log
- rsit logs (taken after mbam run)

 

[iprojects]

Logs done

Hi thanks for the help.
Much appreciated.
Here is the Malware Log

Malwarebytes' Anti-Malware 1.30
Database version: 1335
Windows 5.1.2600 Service Pack 3

10/30/2008 7:40:01 AM
mbam-log-2008-10-30 (07-40-01).txt

Scan type: Full Scan (C:\|D:\|G:\|I:\|)
Objects scanned: 226889
Time elapsed: 4 hour(s), 42 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4D74DA14-A45D-3881-0F6F-0B65170D9AAC} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\chkmsginfo (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\genadm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bnblvkdlsv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{94a5c93f-bd18-4c46-b777-c94c145c3cab} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Program Files\iqzbkdb\chkmsginfo.dll (Trojan.FakeAlert.H) -> Delete on reboot.
D:\WINDOWS\system32\purkliry.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS\Application Data\ezsvwhop\szuxmxud.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\RECYCLER\NPROTECT\00000008.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

Now here is the RSIT log

Logfile of random's system information tool 1.04 (written by random/random)
Run by IPROJECTS at 2008-10-30 08:01:22
Microsoft Windows XP Professional Service Pack 3
System drive D: has 7 GB (11%) free of 57 GB
Total RAM: 1023 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:44 AM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\vVX1000.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
D:\Program Files\Labtec Wireless Desktop\MagicKey.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\IPROJECTS\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\IPROJECTS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VX1000] D:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "D:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120472294952
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8449 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\RegCure Program Check.job
D:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VX1000"=D:\WINDOWS\vVX1000.exe [2006-12-06 707360]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2005-01-10 77824]
"NeroFilterCheck"=D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"LifeCam"=D:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-13 275800]
"DAEMON Tools"=D:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2
"SharedAccess"=2

D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Enable Labtec Wireless Desktop.lnk - D:\Program Files\Labtec Wireless Desktop\MulMouse.exe

D:\Documents and Settings\IPROJECTS\Start Menu\Programs\Startup
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\Program Files\Sonos\Sonos.exe"="D:\Program Files\Sonos\Sonos.exe:LocalSubNet:Enabled:Sonos Desktop Controller"
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\Program Files\Azureus\Azureus.exe"="D:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"D:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="D:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb074978-ef7e-11d9-bcc4-00508dd519b9}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 1 months======

2008-10-30 08:01:22 ----D---- D:\rsit
2008-10-29 18:33:00 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\Malwarebytes
2008-10-29 18:32:46 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 18:32:46 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-29 07:51:52 ----A---- D:\WINDOWS\system32\hkdcvkpk.exe
2008-10-28 20:56:24 ----D---- D:\Program Files\Trend Micro
2008-10-28 20:14:03 ----D---- D:\WINDOWS\temp
2008-10-28 20:13:55 ----A---- D:\ComboFix.txt
2008-10-28 19:51:36 ----A---- D:\WINDOWS\system32\dgronovu.exe
2008-10-28 19:32:46 ----A---- D:\Boot.bak
2008-10-28 19:32:14 ----RASHD---- D:\cmdcons
2008-10-28 19:28:07 ----A---- D:\WINDOWS\zip.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\VFIND.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWXCACLS.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWSC.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWREG.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\sed.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\NIRCMD.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\grep.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\fdsv.exe
2008-10-28 19:27:57 ----D---- D:\WINDOWS\ERDNT
2008-10-28 19:27:57 ----D---- D:\Qoobox
2008-10-27 20:18:32 ----A---- D:\WINDOWS\ntbtlog.txt
2008-10-27 20:15:06 ----D---- D:\VundoFix Backups
2008-10-26 18:44:23 ----A---- D:\WINDOWS\system32\LEXPPS.EXE
2008-10-26 18:44:23 ----A---- D:\WINDOWS\system32\LEXBCES.EXE
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbcvs.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbcpwr.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccoin.ini
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccoin.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccinf.dll
2008-10-26 13:05:01 ----A---- D:\WINDOWS\system32\danynefm.exe
2008-10-26 09:59:16 ----D---- D:\Program Files\NCSoft
2008-10-26 09:50:08 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\GetRightToGo
2008-10-25 20:26:35 ----A---- D:\WINDOWS\system32\hcxurqjk.exe
2008-10-24 19:01:13 ----A---- D:\WINDOWS\system32\leditqjo.exe
2008-10-24 18:55:31 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-23 16:26:57 ----A---- D:\VundoFix.txt
2008-10-23 06:49:24 ----D---- D:\Program Files\iqzbkdb
2008-10-23 06:49:05 ----A---- D:\WINDOWS\system32\wzmzspen.exe
2008-10-22 05:03:34 ----A---- D:\WINDOWS\system32\dobmfsfo.exe
2008-10-21 17:03:44 ----D---- D:\Program Files\cbazgme
2008-10-21 17:03:19 ----A---- D:\WINDOWS\system32\anqderoh.exe
2008-10-21 04:57:11 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\ezsvwhop
2008-10-16 03:13:44 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:13:29 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:12:59 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:10:12 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-16 03:09:02 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-12 12:27:09 ----D---- D:\Program Files\Enterbrain
2008-10-12 12:26:17 ----D---- D:\Program Files\Common Files\Enterbrain
2008-10-08 22:05:50 ----D---- D:\Program Files\Warner Bros. Interactive Entertainment

======List of files/folders modified in the last 1 months======

2008-10-30 08:01:29 ----D---- D:\WINDOWS\Prefetch
2008-10-30 07:57:21 ----D---- D:\Program Files\Mozilla Firefox
2008-10-30 07:55:27 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\Skype
2008-10-30 07:51:03 ----D---- D:\WINDOWS\system32\CatRoot2
2008-10-30 07:48:02 ----D---- D:\WINDOWS\system32\drivers
2008-10-30 07:47:19 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-10-30 07:40:15 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-10-30 07:40:01 ----D---- D:\WINDOWS\system32
2008-10-29 22:08:42 ----HD---- D:\$AVG8.VAULT$
2008-10-29 18:32:46 ----D---- D:\Program Files
2008-10-28 20:14:03 ----D---- D:\WINDOWS
2008-10-28 19:55:33 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 19:47:45 ----A---- D:\WINDOWS\system.ini
2008-10-28 19:43:22 ----D---- D:\WINDOWS\system32\config
2008-10-28 19:39:48 ----D---- D:\WINDOWS\AppPatch
2008-10-28 19:39:48 ----D---- D:\Program Files\Common Files
2008-10-28 19:32:46 ----RASH---- D:\boot.ini
2008-10-28 19:30:08 ----D---- D:\WINDOWS\system32\Restore
2008-10-28 19:28:07 ----SHD---- D:\System Volume Information
2008-10-28 19:00:18 ----SHD---- D:\WINDOWS\Installer
2008-10-28 19:00:18 ----HD---- D:\Config.Msi
2008-10-28 19:00:16 ----D---- D:\Program Files\Java
2008-10-27 20:25:04 ----HD---- D:\WINDOWS\inf
2008-10-27 19:32:03 ----D---- D:\!KillBox
2008-10-26 19:44:06 ----SD---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-10-26 10:01:59 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\BitTorrent
2008-10-26 09:59:16 ----HD---- D:\Program Files\InstallShield Installation Information
2008-10-25 13:56:35 ----A---- D:\WINDOWS\NeroDigital.ini
2008-10-24 18:55:19 ----HD---- D:\WINDOWS\$hf_mig$
2008-10-23 19:39:12 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-10-23 19:38:55 ----AD---- D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-22 19:53:58 ----A---- D:\WINDOWS\WININIT.INI
2008-10-21 04:57:58 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\DNA
2008-10-16 17:39:48 ----D---- D:\Program Files\Spybot - Search & Destroy
2008-10-16 03:13:53 ----A---- D:\WINDOWS\imsins.BAK
2008-10-16 03:12:24 ----D---- D:\Program Files\Internet Explorer
2008-10-16 03:11:43 ----D---- D:\WINDOWS\ie7updates
2008-10-16 02:34:24 ----A---- D:\WINDOWS\system32\netapi32.dll
2008-10-13 11:56:58 ----D---- D:\Program Files\RegCure
2008-10-09 06:17:45 ----D---- D:\Program Files\BitTorrent
2008-10-09 06:17:40 ----D---- D:\Program Files\DNA
2008-10-09 06:12:13 ----D---- D:\Program Files\Canon
2008-10-08 22:30:54 ----D---- D:\WINDOWS\system32\DirectX
2008-10-08 22:30:02 ----RSD---- D:\WINDOWS\assembly
2008-10-08 20:07:41 ----D---- D:\Program Files\HP
2008-10-08 20:07:41 ----D---- D:\Program Files\Hewlett-Packard
2008-10-08 20:04:52 ----D---- D:\Program Files\WildGames
2008-10-08 20:04:52 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\WildTangent
2008-10-08 05:19:40 ----A---- D:\WINDOWS\system32\MRT.exe
2008-10-04 03:41:15 ----A---- D:\WINDOWS\system32\ieframe.dll
2008-10-02 13:57:36 ----A---- D:\WINDOWS\system32\CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; D:\WINDOWS\System32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 ElbyCDIO;ElbyCDIO Driver; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 kbfilter;Keyboard Filter Driver; D:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 12964]
R1 moufiltr;Mouse Filter Driver; D:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
R1 prodrv06;StarForce Protection Environment Driver v6; D:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-27 52224]
R1 SSHDRV65;SSHDRV65; \??\D:\WINDOWS\system32\drivers\SSHDRV65.sys []
R1 SSHDRV85;SSHDRV85; \??\D:\WINDOWS\system32\drivers\SSHDRV85.sys []
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-12-23 165376]
R2 AvgTdiX;AVG8 Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-12-23 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-12 2306304]
R3 AnyDVD;AnyDVD; D:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-02-06 97216]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; D:\WINDOWS\System32\DRIVERS\getnd5b.sys [2004-10-21 46080]
R3 HCF_MSFT;HCF_MSFT; D:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; D:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; D:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 VX1000;VX-1000; D:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S3 aeowoalp;aeowoalp; D:\WINDOWS\system32\drivers\aeowoalp.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\D:\WINDOWS\system32\ASNDIS5.SYS []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\E:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cel90xbe;cel90xbe; \??\D:\DOCUME~1\IPROJE~1\LOCALS~1\Temp\cel90xbe.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; D:\WINDOWS\System32\Drivers\LMouKE.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NTSIM;NTSIM; \??\D:\WINDOWS\System32\ntsim.sys []
S3 Pcouffin;Low level access layer for CD devices; D:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SiS315;SiS315; D:\WINDOWS\system32\DRIVERS\sisgrp.sys [2002-12-31 255616]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Motorola USB Modem Driver; D:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avg8emc;AVG8 E-mail Scanner; D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 MSCamSvc;MSCamSvc; D:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 240408]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-04 654848]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2007-08-16 593920]
S3 Adobe LM Service;Adobe LM Service; D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-30 72704]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 HP Port Resolver;HP Port Resolver; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LPDSVC;TCP/IP Print Server; D:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Fax;Fax; D:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

-----------------EOF-----------------

Now the info text

info.txt logfile of random's system information tool 1.04 2008-10-30 08:01:46

======Uninstall list======

-->"D:\Program Files\WildGames\FATE Undiscovered Realms\Uninstall.exe"
-->"D:\Program Files\WildGames\FATE\Uninstall.exe"
-->D:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->D:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Age of Empires III - The Asian Dynasties-->D:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Allok RM RMVB to AVI MPEG DVD Converter 2.4.0423-->"D:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter\unins000.exe"
AnyDVD-->"D:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="D:\Program Files\SlySoft\AnyDVD"
ASUS WL-700gE Wireless Router Utilities-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6E00E4BF-C89B-4FC5-A32B-47232A797806}\setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3f3f
ATI Display Driver-->rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AVG Free 8.0-->D:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus-->D:\Program Files\Azureus\Uninstall.exe
BOINC 4.49-->MsiExec.exe /I{C84AF6B4-168C-4469-B859-7066B037AA02}
Business Card Designer Plus 7.1.0.0-->"D:\Program Files\CAM Development\Business Card Designer Plus 7\Uninstall\unins000.exe"
Canon Camera Support Core Library-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001AB29C-5468-4972-8D24-2EBDB2B12133}
Canon Camera Window DS for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}
Canon Camera Window MC 5 for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{89EB3ED7-225A-412E-B048-623D502C000F}
Canon MovieEdit Task for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68D27126-BF6A-457D-8DD0-5F35E8D41310}
Canon RAW Image Task for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001EB665-D9EC-415E-9E13-AD2125B2B992}
Canon Utilities PhotoStitch 3.1-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
CASHFLOW® 202 THE E-GAME-->D:\PROGRA~1\CASHFL~1\UNWISE.EXE D:\PROGRA~1\CASHFL~1\INSTALL.LOG
Dawn of War - Soulstorm-->"D:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
Dawn Of War-->MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Direct Show Ogg Vorbis Filter (remove only)-->"D:\WINDOWS\system32\OggDSuninst.exe"
Divine Divinity-->C:\PROGRA~1\DIVINE~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\DIVINE~1\UNINST~1\INSTALL.LOG
DVD Shrink 3.2-->"D:\Program Files\DVD Shrink\unins000.exe"
Google Earth-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTA San Andreas-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IsoBuster 1.8-->"D:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Labtec Wireless Desktop-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A369B607-5BAF-4AB3-B18A-1017ED19902D}\Setup.exe" -l0x0009
LEGO Creator-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\LEGO Media\Constructive\CREATOR\Uninst.isu"
LEGO Racers 2-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3DD2E9EA-0544-4162-B8BE-E21E994E9F3B}\setup.exe" -uninst
LEGO Star Wars II-->D:\Program Files\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x0409
LEGO Star Wars-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{E914A24F-2412-4374-B420-86D21D6D444A}
LEGO® Batman™-->D:\Program Files\InstallShield Installation Information\{398AB469-77FC-4935-820B-D419388C0A6A}\Setup.exe -runfromtemp -l0x0409
LEGO® Indiana Jones™-->D:\Program Files\InstallShield Installation Information\{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}\Setup.exe -runfromtemp -l0x0409
LiveReg (Symantec Corporation)-->D:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Magic DVD Ripper V5.2-->"D:\Program Files\MagicDVDRipper\unins000.exe"
Magic ISO Maker v5.4 (build 0239)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93-->D:\PROGRA~1\MAGICD~2\UNWISE.EXE D:\PROGRA~1\MAGICD~2\INSTALL.LOG
Mah-Jongg 3000 Pro 6.4-->D:\WINDOWS\ST4UNST.EXE -n "D:\Program Files\Mah-Jongg\ST4UNST.LOG"
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{06C32EA0-4A22-4919-979A-8700715865B8}
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Motorola Desktop Suite-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{ABEBCB7D-60F7-4836-ACF4-CFCA39FA00DA}\setup.exe" -l0x9
Mozilla Firefox (3.0.3)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 7-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Neverwinter Nights Platinum Edition-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\Setup.exe" -l0x9
OCR Software by I.R.I.S 7.0-->D:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
oggcodecs 0.71.0946-->D:\Program Files\illiminable\oggcodecs\uninst.exe
ParaWorld-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EAA01BA0-6991-4296-A404-4FFF2DAC2225}\setup.exe" -l0x9 -removeonly
Pharaoh-->D:\WINDOWS\IsUninst.exe -fd:\SIERRA\Pharaoh\Uninst.isu
PlayNC Launcher-->D:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegCure 1.5.0.0-->D:\Program Files\RegCure\uninst.exe
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
RTPatch Update-->"D:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"D:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"D:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"D:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->D:\WINDOWS\system32\MacroMed\Flash\genuinst.exe D:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"D:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel MSCN Audio Player-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C9B59DAD-86AC-456C-80A7-B665E77AA325}\Setup.exe" -l0x9
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonos Desktop Controller-->MsiExec.exe /I{1401311D-3960-4CEB-AC0B-4214F069E5B9}
Spybot - Search & Destroy 1.5.2.20-->"D:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins001.exe"
Star Wars Jedi Knight Jedi Academy-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
The Battle for Middle-earth (tm) II-->c:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
The Lord of the Rings, The Rise of the Witch-king-->D:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\EAUninstall.exe
Tiger Woods PGA TOUR 06-->c:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 06\EAUninstall.exe
TMPGEnc Plus 2.5-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}
Uninstall Seal Of Evil-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8B2EA9F0-BB35-45DA-AEC1-38E1D43CCAF5}\SETUP.EXE" -uninst
Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VIA Networking Velocity Family Giga-bit Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Velocity $VNT
VideoLAN VLC media player 0.8.6i-->D:\Program Files\VideoLAN\VLC\uninstall.exe
WildGames-->"D:\Program Files\WildGames\Uninstall.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
WMPTagSupportExtender-->MsiExec.exe /I{3E3AA64F-0564-4425-8031-0EC9DC7720F0}
Xvid 1.1.3 final uninstall-->"D:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\Common Files\Adobe\AGL;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=1f00
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Look forward to the next step.

 

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus
BitTorrent

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder

Please run a new RSIT scan when finished and post the logs back here.

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.

 

[Shaba]

Re-opened upon request.

 

[iprojects]

RSIT Logs

Logfile of random's system information tool 1.04 (written by random/random)
Run by IPROJECTS at 2008-11-06 06:45:21
Microsoft Windows XP Professional Service Pack 3
System drive D: has 3 GB (5%) free of 57 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:50 AM, on 11/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\WINDOWS\vVX1000.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Labtec Wireless Desktop\MagicKey.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\IPROJECTS\Desktop\Malware Files\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\IPROJECTS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VX1000] D:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "D:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120472294952
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8411 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\RegCure Program Check.job
D:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VX1000"=D:\WINDOWS\vVX1000.exe [2006-12-06 707360]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2005-01-10 77824]
"NeroFilterCheck"=D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"LifeCam"=D:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-13 275800]
"DAEMON Tools"=D:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2
"SharedAccess"=2

D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Enable Labtec Wireless Desktop.lnk - D:\Program Files\Labtec Wireless Desktop\MulMouse.exe

D:\Documents and Settings\IPROJECTS\Start Menu\Programs\Startup
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\Program Files\Sonos\Sonos.exe"="D:\Program Files\Sonos\Sonos.exe:LocalSubNet:Enabled:Sonos Desktop Controller"
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\Program Files\Azureus\Azureus.exe"="D:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"D:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="D:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:EnabledarkCrusade"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb074978-ef7e-11d9-bcc4-00508dd519b9}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 1 months======

2008-11-05 06:59:46 ----D---- D:\WINDOWS\LastGood
2008-10-30 08:04:24 ----SHD---- D:\RECYCLER
2008-10-30 08:01:22 ----D---- D:\rsit
2008-10-29 18:33:00 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\Malwarebytes
2008-10-29 18:32:46 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 18:32:46 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-29 07:51:52 ----A---- D:\WINDOWS\system32\hkdcvkpk.exe
2008-10-28 20:56:24 ----D---- D:\Program Files\Trend Micro
2008-10-28 20:14:03 ----D---- D:\WINDOWS\temp
2008-10-28 20:13:55 ----A---- D:\ComboFix.txt
2008-10-28 19:51:36 ----A---- D:\WINDOWS\system32\dgronovu.exe
2008-10-28 19:32:46 ----A---- D:\Boot.bak
2008-10-28 19:32:14 ----RASHD---- D:\cmdcons
2008-10-28 19:28:07 ----A---- D:\WINDOWS\zip.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\VFIND.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWXCACLS.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWSC.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWREG.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\sed.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\NIRCMD.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\grep.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\fdsv.exe
2008-10-28 19:27:57 ----D---- D:\WINDOWS\ERDNT
2008-10-28 19:27:57 ----D---- D:\Qoobox
2008-10-27 20:18:32 ----A---- D:\WINDOWS\ntbtlog.txt
2008-10-27 20:15:06 ----D---- D:\VundoFix Backups
2008-10-26 18:44:23 ----A---- D:\WINDOWS\system32\LEXPPS.EXE
2008-10-26 18:44:23 ----A---- D:\WINDOWS\system32\LEXBCES.EXE
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbcvs.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbcpwr.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccoin.ini
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccoin.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccinf.dll
2008-10-26 09:59:16 ----D---- D:\Program Files\NCSoft
2008-10-26 09:50:08 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\GetRightToGo
2008-10-24 19:01:13 ----A---- D:\WINDOWS\system32\leditqjo.exe
2008-10-24 18:55:31 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-23 16:26:57 ----A---- D:\VundoFix.txt
2008-10-23 06:49:24 ----D---- D:\Program Files\iqzbkdb
2008-10-23 06:49:05 ----A---- D:\WINDOWS\system32\wzmzspen.exe
2008-10-22 05:03:34 ----A---- D:\WINDOWS\system32\dobmfsfo.exe
2008-10-21 17:03:44 ----D---- D:\Program Files\cbazgme
2008-10-21 17:03:19 ----A---- D:\WINDOWS\system32\anqderoh.exe
2008-10-21 04:57:11 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\ezsvwhop
2008-10-16 03:13:44 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:13:29 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:12:59 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:10:12 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-16 03:09:02 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-12 12:27:09 ----D---- D:\Program Files\Enterbrain
2008-10-12 12:26:17 ----D---- D:\Program Files\Common Files\Enterbrain
2008-10-08 22:05:50 ----D---- D:\Program Files\Warner Bros. Interactive Entertainment

======List of files/folders modified in the last 1 months======

2008-11-06 06:45:29 ----D---- D:\WINDOWS\Prefetch
2008-11-06 06:44:22 ----D---- D:\Program Files
2008-11-06 06:30:24 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\Skype
2008-11-06 05:55:34 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\Azureus
2008-11-06 05:45:54 ----D---- D:\Program Files\Mozilla Firefox
2008-11-05 19:34:06 ----D---- D:\WINDOWS\system32\drivers
2008-11-05 07:01:46 ----D---- D:\WINDOWS\system32\CatRoot
2008-11-05 07:00:59 ----HD---- D:\WINDOWS\inf
2008-11-05 07:00:45 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-11-05 07:00:45 ----D---- D:\WINDOWS\system32
2008-11-05 07:00:43 ----D---- D:\WINDOWS
2008-11-05 06:59:45 ----D---- D:\WINDOWS\system32\CatRoot2
2008-11-05 06:57:37 ----HD---- D:\$AVG8.VAULT$
2008-11-04 17:58:54 ----A---- D:\WINDOWS\NeroDigital.ini
2008-11-04 08:20:23 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-10-30 20:23:21 ----D---- D:\Temp
2008-10-30 18:36:31 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-10-28 19:55:33 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 19:47:45 ----A---- D:\WINDOWS\system.ini
2008-10-28 19:43:22 ----D---- D:\WINDOWS\system32\config
2008-10-28 19:39:48 ----D---- D:\WINDOWS\AppPatch
2008-10-28 19:39:48 ----D---- D:\Program Files\Common Files
2008-10-28 19:32:46 ----RASH---- D:\boot.ini
2008-10-28 19:30:08 ----D---- D:\WINDOWS\system32\Restore
2008-10-28 19:28:07 ----SHD---- D:\System Volume Information
2008-10-28 19:00:18 ----SHD---- D:\WINDOWS\Installer
2008-10-28 19:00:18 ----HD---- D:\Config.Msi
2008-10-28 19:00:16 ----D---- D:\Program Files\Java
2008-10-27 19:32:03 ----D---- D:\!KillBox
2008-10-26 19:44:06 ----SD---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-10-26 09:59:16 ----HD---- D:\Program Files\InstallShield Installation Information
2008-10-24 18:55:19 ----HD---- D:\WINDOWS\$hf_mig$
2008-10-23 19:39:12 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-10-23 19:38:55 ----AD---- D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-22 19:53:58 ----A---- D:\WINDOWS\WININIT.INI
2008-10-21 04:57:58 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\DNA
2008-10-16 17:39:48 ----D---- D:\Program Files\Spybot - Search & Destroy
2008-10-16 03:13:53 ----A---- D:\WINDOWS\imsins.BAK
2008-10-16 03:12:24 ----D---- D:\Program Files\Internet Explorer
2008-10-16 03:11:43 ----D---- D:\WINDOWS\ie7updates
2008-10-16 02:34:24 ----A---- D:\WINDOWS\system32\netapi32.dll
2008-10-13 11:56:58 ----D---- D:\Program Files\RegCure
2008-10-09 06:17:40 ----D---- D:\Program Files\DNA
2008-10-09 06:12:13 ----D---- D:\Program Files\Canon
2008-10-08 22:30:54 ----D---- D:\WINDOWS\system32\DirectX
2008-10-08 22:30:02 ----RSD---- D:\WINDOWS\assembly
2008-10-08 20:07:41 ----D---- D:\Program Files\HP
2008-10-08 20:07:41 ----D---- D:\Program Files\Hewlett-Packard
2008-10-08 20:04:52 ----D---- D:\Program Files\WildGames
2008-10-08 20:04:52 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\WildTangent
2008-10-08 05:19:40 ----A---- D:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; D:\WINDOWS\System32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 ElbyCDIO;ElbyCDIO Driver; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 kbfilter;Keyboard Filter Driver; D:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 12964]
R1 moufiltr;Mouse Filter Driver; D:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
R1 prodrv06;StarForce Protection Environment Driver v6; D:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-27 52224]
R1 SSHDRV65;SSHDRV65; \??\D:\WINDOWS\system32\drivers\SSHDRV65.sys []
R1 SSHDRV85;SSHDRV85; \??\D:\WINDOWS\system32\drivers\SSHDRV85.sys []
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-12-23 165376]
R2 AvgTdiX;AVG8 Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-12-23 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-12 2306304]
R3 AnyDVD;AnyDVD; D:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-02-06 97216]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; D:\WINDOWS\System32\DRIVERS\getnd5b.sys [2004-10-21 46080]
R3 HCF_MSFT;HCF_MSFT; D:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; D:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; D:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 VX1000;VX-1000; D:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S3 ab8wjx0v;ab8wjx0v; D:\WINDOWS\system32\drivers\ab8wjx0v.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\D:\WINDOWS\system32\ASNDIS5.SYS []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\E:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cel90xbe;cel90xbe; \??\D:\DOCUME~1\IPROJE~1\LOCALS~1\Temp\cel90xbe.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; D:\WINDOWS\System32\Drivers\LMouKE.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NTSIM;NTSIM; \??\D:\WINDOWS\System32\ntsim.sys []
S3 Pcouffin;Low level access layer for CD devices; D:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SiS315;SiS315; D:\WINDOWS\system32\DRIVERS\sisgrp.sys [2002-12-31 255616]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Motorola USB Modem Driver; D:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avg8emc;AVG8 E-mail Scanner; D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 MSCamSvc;MSCamSvc; D:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 240408]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-04 654848]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2007-08-16 593920]
S2 avg8wd;AVG8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
S3 Adobe LM Service;Adobe LM Service; D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-30 72704]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 HP Port Resolver;HP Port Resolver; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LPDSVC;TCP/IP Print Server; D:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Fax;Fax; D:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-06 06:45:55

======Uninstall list======

-->"D:\Program Files\WildGames\FATE Undiscovered Realms\Uninstall.exe"
-->"D:\Program Files\WildGames\FATE\Uninstall.exe"
-->D:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->D:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Age of Empires III - The Asian Dynasties-->D:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Allok RM RMVB to AVI MPEG DVD Converter 2.4.0423-->"D:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter\unins000.exe"
AnyDVD-->"D:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="D:\Program Files\SlySoft\AnyDVD"
ASUS WL-700gE Wireless Router Utilities-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6E00E4BF-C89B-4FC5-A32B-47232A797806}\setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3f3f
ATI Display Driver-->rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AVG Free 8.0-->D:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus-->D:\Program Files\Azureus\Uninstall.exe
BOINC 4.49-->MsiExec.exe /I{C84AF6B4-168C-4469-B859-7066B037AA02}
Business Card Designer Plus 7.1.0.0-->"D:\Program Files\CAM Development\Business Card Designer Plus 7\Uninstall\unins000.exe"
Canon Camera Support Core Library-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001AB29C-5468-4972-8D24-2EBDB2B12133}
Canon Camera Window DS for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}
Canon Camera Window MC 5 for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{89EB3ED7-225A-412E-B048-623D502C000F}
Canon MovieEdit Task for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68D27126-BF6A-457D-8DD0-5F35E8D41310}
Canon RAW Image Task for ZoomBrowser EX-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001EB665-D9EC-415E-9E13-AD2125B2B992}
Canon Utilities PhotoStitch 3.1-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
CASHFLOW® 202 THE E-GAME-->D:\PROGRA~1\CASHFL~1\UNWISE.EXE D:\PROGRA~1\CASHFL~1\INSTALL.LOG
Dawn of War - Soulstorm-->"D:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
Dawn Of War-->MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Direct Show Ogg Vorbis Filter (remove only)-->"D:\WINDOWS\system32\OggDSuninst.exe"
Divine Divinity-->C:\PROGRA~1\DIVINE~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\DIVINE~1\UNINST~1\INSTALL.LOG
DVD Shrink 3.2-->"D:\Program Files\DVD Shrink\unins000.exe"
Google Earth-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTA San Andreas-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IsoBuster 1.8-->"D:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Labtec Wireless Desktop-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A369B607-5BAF-4AB3-B18A-1017ED19902D}\Setup.exe" -l0x0009
LEGO Creator-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\LEGO Media\Constructive\CREATOR\Uninst.isu"
LEGO Racers 2-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3DD2E9EA-0544-4162-B8BE-E21E994E9F3B}\setup.exe" -uninst
LEGO Star Wars II-->D:\Program Files\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x0409
LEGO Star Wars-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{E914A24F-2412-4374-B420-86D21D6D444A}
LEGO® Batman™-->D:\Program Files\InstallShield Installation Information\{398AB469-77FC-4935-820B-D419388C0A6A}\Setup.exe -runfromtemp -l0x0409
LEGO® Indiana Jones™-->D:\Program Files\InstallShield Installation Information\{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}\Setup.exe -runfromtemp -l0x0409
LiveReg (Symantec Corporation)-->D:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Magic DVD Ripper V5.2-->"D:\Program Files\MagicDVDRipper\unins000.exe"
Magic ISO Maker v5.4 (build 0239)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
Mah-Jongg 3000 Pro 6.4-->D:\WINDOWS\ST4UNST.EXE -n "D:\Program Files\Mah-Jongg\ST4UNST.LOG"
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{06C32EA0-4A22-4919-979A-8700715865B8}
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Motorola Desktop Suite-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{ABEBCB7D-60F7-4836-ACF4-CFCA39FA00DA}\setup.exe" -l0x9
Mozilla Firefox (3.0.3)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 7-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Neverwinter Nights Platinum Edition-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\Setup.exe" -l0x9
OCR Software by I.R.I.S 7.0-->D:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
oggcodecs 0.71.0946-->D:\Program Files\illiminable\oggcodecs\uninst.exe
ParaWorld-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EAA01BA0-6991-4296-A404-4FFF2DAC2225}\setup.exe" -l0x9 -removeonly
Pharaoh-->D:\WINDOWS\IsUninst.exe -fd:\SIERRA\Pharaoh\Uninst.isu
PlayNC Launcher-->D:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegCure 1.5.0.0-->D:\Program Files\RegCure\uninst.exe
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
RTPatch Update-->"D:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"D:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"D:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"D:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->D:\WINDOWS\system32\MacroMed\Flash\genuinst.exe D:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"D:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel MSCN Audio Player-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C9B59DAD-86AC-456C-80A7-B665E77AA325}\Setup.exe" -l0x9
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonos Desktop Controller-->MsiExec.exe /I{1401311D-3960-4CEB-AC0B-4214F069E5B9}
Spybot - Search & Destroy 1.5.2.20-->"D:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins001.exe"
Star Wars Jedi Knight Jedi Academy-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
The Battle for Middle-earth (tm) II-->c:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
The Lord of the Rings, The Rise of the Witch-king-->D:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\EAUninstall.exe
Tiger Woods PGA TOUR 06-->c:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 06\EAUninstall.exe
TMPGEnc Plus 2.5-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}
Uninstall Seal Of Evil-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8B2EA9F0-BB35-45DA-AEC1-38E1D43CCAF5}\SETUP.EXE" -uninst
Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VIA Networking Velocity Family Giga-bit Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Velocity $VNT
VideoLAN VLC media player 0.8.6i-->D:\Program Files\VideoLAN\VLC\uninstall.exe
WildGames-->"D:\Program Files\WildGames\Uninstall.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
WMPTagSupportExtender-->MsiExec.exe /I{3E3AA64F-0564-4425-8031-0EC9DC7720F0}
Xvid 1.1.3 final uninstall-->"D:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\Common Files\Adobe\AGL;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=1f00
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Sorry for the delay.
I cannot delete azureus via ad or delete programs.
I have a number of program like that.

Cheers

iprojects

 

[Shaba]

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :files
  D:\Documents and Settings\IPROJECTS\Application Data\Azureus
  D:\Program Files\Azureus
  D:\Program Files\BitTorrent
  D:\Program Files\DNA
  
  :reg
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "D:\Program Files\Azureus\Azureus.exe"=-
  "D:\Program Files\BitTorrent\bittorrent.exe"=-

• Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

[iprojects]

OTMOveIt3 Info

========== FILES ==========
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\updates moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\torrents moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\tmp moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\shares moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\plugins\webui\cache moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\plugins\webui moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\plugins\azupnpav moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\plugins\azemp moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\plugins moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\net moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\media\azpd moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\media moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\logs\save moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\logs moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\dht moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\debug moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus\active moved successfully.
D:\Documents and Settings\IPROJECTS\Application Data\Azureus moved successfully.
File/Folder D:\Program Files\Azureus not found.
File/Folder D:\Program Files\BitTorrent not found.
D:\Program Files\DNA\plugins moved successfully.
D:\Program Files\DNA moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\Program Files\Azureus\Azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\Program Files\BitTorrent\bittorrent.exe deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11062008_224133

 

[Shaba]

• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :files
  D:\WINDOWS\system32\hkdcvkpk.exe
  D:\WINDOWS\system32\dgronovu.exe
  D:\WINDOWS\system32\leditqjo.exe
  D:\Program Files\iqzbkdb
  D:\WINDOWS\system32\wzmzspen.exe
  D:\WINDOWS\system32\dobmfsfo.exe
  D:\Program Files\cbazgme
  D:\WINDOWS\system32\anqderoh.exe
  D:\Documents and Settings\All Users.WINDOWS\Application Data\ezsvwhop
  D:\Documents and Settings\IPROJECTS\Application Data\BitTorrent
  
  :commands
  [EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- a fresh rsit log (only log.txt will appear)
- a fresh otmoveit3 log

 

[iprojects]

OTMOveIt3 Info & RSIT

========== FILES ==========
D:\WINDOWS\system32\hkdcvkpk.exe moved successfully.
D:\WINDOWS\system32\dgronovu.exe moved successfully.
D:\WINDOWS\system32\leditqjo.exe moved successfully.
D:\Program Files\iqzbkdb moved successfully.
D:\WINDOWS\system32\wzmzspen.exe moved successfully.
D:\WINDOWS\system32\dobmfsfo.exe moved successfully.
D:\Program Files\cbazgme moved successfully.
D:\WINDOWS\system32\anqderoh.exe moved successfully.
D:\Documents and Settings\All Users.WINDOWS\Application Data\ezsvwhop moved successfully.
File/Folder D:\Documents and Settings\IPROJECTS\Application Data\BitTorrent not found.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\IPROJE~1\LOCALS~1\Temp\etilqs_XARPlWDNK5Y6dvv7wCOu scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\IPROJE~1\LOCALS~1\Temp\~DF8DFD.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11072008_061421

Files moved on Reboot...
File D:\DOCUME~1\IPROJE~1\LOCALS~1\Temp\etilqs_XARPlWDNK5Y6dvv7wCOu not found!
D:\DOCUME~1\IPROJE~1\LOCALS~1\Temp\~DF8DFD.tmp moved successfully.
D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_001_ moved successfully.
D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_002_ moved successfully.
D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_003_ moved successfully.
D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\Cache\_CACHE_MAP_ moved successfully.
D:\Documents and Settings\IPROJECTS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q934benw.default\urlclassifier3.sqlite moved successfully.

Logfile of random's system information tool 1.04 (written by random/random)
Run by IPROJECTS at 2008-11-07 06:56:06
Microsoft Windows XP Professional Service Pack 3
System drive D: has 3 GB (5%) free of 57 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:29 AM, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\WINDOWS\notepad.exe
D:\WINDOWS\vVX1000.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
D:\Program Files\Labtec Wireless Desktop\MagicKey.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\IPROJECTS\Desktop\Malware Files\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\IPROJECTS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VX1000] D:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "D:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = D:\Program Files\Labtec Wireless Desktop\MulMouse.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120472294952
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8381 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\RegCure Program Check.job
D:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VX1000"=D:\WINDOWS\vVX1000.exe [2006-12-06 707360]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2005-01-10 77824]
"NeroFilterCheck"=D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"LifeCam"=D:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-13 275800]
"DAEMON Tools"=D:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2
"SharedAccess"=2

D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Enable Labtec Wireless Desktop.lnk - D:\Program Files\Labtec Wireless Desktop\MulMouse.exe

D:\Documents and Settings\IPROJECTS\Start Menu\Programs\Startup
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\Program Files\Sonos\Sonos.exe"="D:\Program Files\Sonos\Sonos.exe:LocalSubNet:Enabled:Sonos Desktop Controller"
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"D:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="D:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:EnabledarkCrusade"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb074978-ef7e-11d9-bcc4-00508dd519b9}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 1 months======

2008-11-06 22:41:33 ----D---- D:\_OTMoveIt
2008-10-30 08:04:24 ----SHD---- D:\RECYCLER
2008-10-30 08:01:22 ----D---- D:\rsit
2008-10-29 18:33:00 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\Malwarebytes
2008-10-29 18:32:46 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 18:32:46 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-28 20:56:24 ----D---- D:\Program Files\Trend Micro
2008-10-28 20:14:03 ----D---- D:\WINDOWS\temp
2008-10-28 20:13:55 ----A---- D:\ComboFix.txt
2008-10-28 19:32:46 ----A---- D:\Boot.bak
2008-10-28 19:32:14 ----RASHD---- D:\cmdcons
2008-10-28 19:28:07 ----A---- D:\WINDOWS\zip.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\VFIND.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWXCACLS.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWSC.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\SWREG.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\sed.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\NIRCMD.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\grep.exe
2008-10-28 19:28:07 ----A---- D:\WINDOWS\fdsv.exe
2008-10-28 19:27:57 ----D---- D:\WINDOWS\ERDNT
2008-10-28 19:27:57 ----D---- D:\Qoobox
2008-10-27 20:18:32 ----A---- D:\WINDOWS\ntbtlog.txt
2008-10-27 20:15:06 ----D---- D:\VundoFix Backups
2008-10-26 18:44:23 ----A---- D:\WINDOWS\system32\LEXPPS.EXE
2008-10-26 18:44:23 ----A---- D:\WINDOWS\system32\LEXBCES.EXE
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbcvs.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbcpwr.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccoin.ini
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccoin.dll
2008-10-26 18:44:21 ----A---- D:\WINDOWS\system32\dlbccinf.dll
2008-10-26 09:59:16 ----D---- D:\Program Files\NCSoft
2008-10-26 09:50:08 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\GetRightToGo
2008-10-24 18:55:31 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-23 16:26:57 ----A---- D:\VundoFix.txt
2008-10-16 03:13:44 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:13:29 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:12:59 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:10:12 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-16 03:09:02 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-12 12:27:09 ----D---- D:\Program Files\Enterbrain
2008-10-12 12:26:17 ----D---- D:\Program Files\Common Files\Enterbrain
2008-10-08 22:05:50 ----D---- D:\Program Files\Warner Bros. Interactive Entertainment

======List of files/folders modified in the last 1 months======

2008-11-07 06:52:43 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\Skype
2008-11-07 06:29:14 ----D---- D:\Program Files\Mozilla Firefox
2008-11-07 06:26:57 ----D---- D:\WINDOWS\Prefetch
2008-11-07 06:15:57 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-11-07 06:14:22 ----D---- D:\WINDOWS\system32
2008-11-07 06:14:22 ----D---- D:\Program Files
2008-11-06 18:42:47 ----HD---- D:\$AVG8.VAULT$
2008-11-06 18:20:52 ----D---- D:\WINDOWS\system32\NtmsData
2008-11-06 18:19:23 ----D---- D:\Program Files\Spybot - Search & Destroy
2008-11-06 18:18:37 ----D---- D:\WINDOWS\system32\CatRoot2
2008-11-06 07:30:35 ----D---- D:\WINDOWS
2008-11-05 19:34:06 ----D---- D:\WINDOWS\system32\drivers
2008-11-05 07:01:46 ----D---- D:\WINDOWS\system32\CatRoot
2008-11-05 07:00:59 ----HD---- D:\WINDOWS\inf
2008-11-05 07:00:45 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-11-04 17:58:54 ----A---- D:\WINDOWS\NeroDigital.ini
2008-10-30 20:23:21 ----D---- D:\Temp
2008-10-30 18:36:31 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-10-28 19:55:33 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 19:47:45 ----A---- D:\WINDOWS\system.ini
2008-10-28 19:43:22 ----D---- D:\WINDOWS\system32\config
2008-10-28 19:39:48 ----D---- D:\WINDOWS\AppPatch
2008-10-28 19:39:48 ----D---- D:\Program Files\Common Files
2008-10-28 19:32:46 ----RASH---- D:\boot.ini
2008-10-28 19:30:08 ----D---- D:\WINDOWS\system32\Restore
2008-10-28 19:28:07 ----SHD---- D:\System Volume Information
2008-10-28 19:00:18 ----SHD---- D:\WINDOWS\Installer
2008-10-28 19:00:18 ----HD---- D:\Config.Msi
2008-10-28 19:00:16 ----D---- D:\Program Files\Java
2008-10-27 19:32:03 ----D---- D:\!KillBox
2008-10-26 19:44:06 ----SD---- D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-10-26 09:59:16 ----HD---- D:\Program Files\InstallShield Installation Information
2008-10-24 18:55:19 ----HD---- D:\WINDOWS\$hf_mig$
2008-10-23 19:39:12 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-10-23 19:38:55 ----AD---- D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-22 19:53:58 ----A---- D:\WINDOWS\WININIT.INI
2008-10-21 04:57:58 ----D---- D:\Documents and Settings\IPROJECTS\Application Data\DNA
2008-10-16 03:13:53 ----A---- D:\WINDOWS\imsins.BAK
2008-10-16 03:12:24 ----D---- D:\Program Files\Internet Explorer
2008-10-16 03:11:43 ----D---- D:\WINDOWS\ie7updates
2008-10-16 02:34:24 ----A---- D:\WINDOWS\system32\netapi32.dll
2008-10-13 11:56:58 ----D---- D:\Program Files\RegCure
2008-10-09 06:12:13 ----D---- D:\Program Files\Canon
2008-10-08 22:30:54 ----D---- D:\WINDOWS\system32\DirectX
2008-10-08 22:30:02 ----RSD---- D:\WINDOWS\assembly
2008-10-08 20:07:41 ----D---- D:\Program Files\HP
2008-10-08 20:07:41 ----D---- D:\Program Files\Hewlett-Packard
2008-10-08 20:04:52 ----D---- D:\Program Files\WildGames
2008-10-08 20:04:52 ----D---- D:\Documents and Settings\All Users.WINDOWS\Application Data\WildTangent
2008-10-08 05:19:40 ----A---- D:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; D:\WINDOWS\System32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 ElbyCDIO;ElbyCDIO Driver; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 kbfilter;Keyboard Filter Driver; D:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 12964]
R1 moufiltr;Mouse Filter Driver; D:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
R1 prodrv06;StarForce Protection Environment Driver v6; D:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-27 52224]
R1 SSHDRV65;SSHDRV65; \??\D:\WINDOWS\system32\drivers\SSHDRV65.sys []
R1 SSHDRV85;SSHDRV85; \??\D:\WINDOWS\system32\drivers\SSHDRV85.sys []
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-12-23 165376]
R2 AvgTdiX;AVG8 Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-12-23 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-12 2306304]
R3 AnyDVD;AnyDVD; D:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-02-06 97216]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; D:\WINDOWS\System32\DRIVERS\getnd5b.sys [2004-10-21 46080]
R3 HCF_MSFT;HCF_MSFT; D:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; D:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; D:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 VX1000;VX-1000; D:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S3 a964a5pb;a964a5pb; D:\WINDOWS\system32\drivers\a964a5pb.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\D:\WINDOWS\system32\ASNDIS5.SYS []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\E:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cel90xbe;cel90xbe; \??\D:\DOCUME~1\IPROJE~1\LOCALS~1\Temp\cel90xbe.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; D:\WINDOWS\System32\Drivers\LMouKE.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NTSIM;NTSIM; \??\D:\WINDOWS\System32\ntsim.sys []
S3 Pcouffin;Low level access layer for CD devices; D:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SiS315;SiS315; D:\WINDOWS\system32\DRIVERS\sisgrp.sys [2002-12-31 255616]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Motorola USB Modem Driver; D:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avg8emc;AVG8 E-mail Scanner; D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 MSCamSvc;MSCamSvc; D:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 240408]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-04 654848]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2007-08-16 593920]
S3 Adobe LM Service;Adobe LM Service; D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-30 72704]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 HP Port Resolver;HP Port Resolver; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LPDSVC;TCP/IP Print Server; D:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Fax;Fax; D:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

-----------------EOF-----------------

 

[Shaba]

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here

 

[iprojects]

On line scan keeps stalling

Hi

The on line scan is not working properly.
It keeps stalling and hanging.
Do you know what the problem is?

Cheers

 

[Shaba]

Please try this instead:

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

1. Check (tick) this box: YES, I accept the Terms of Use.
2. Click on the Start button next to it.
3. When prompted to run ActiveX. click Yes.
4. You will be asked to install an ActiveX. Click Install.
5. Once installed, the scanner will be initialized.
6. After the scanner is initialized, click Start.
7. Uncheck (untick) Remove found threats box.
8. Check (tick) Scan unwanted applications.
9. Click on Scan.
10. It will start scanning. Please be patient.
11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

 

[iprojects]

Eset info

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3596 (20081107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=235d3145d0b05f4598546f928e12396b
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-08 12:58:23
# local_time=2008-11-08 10:58:23 (+1000, E. Australia Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=397784
# found=2
# scan_time=8738
D:\WINDOWS\system32\madCHook.dll Win32/RiskWare.Hooker.A application 277BFFF6699F6DF3C54FBA2066AE1611
D:\WINDOWS\system32\madCHook.dll »UPX v12_m2_dll Win32/RiskWare.Hooker.A application 00000000000000000000000000000000

 

[Shaba]

That looks good

Still problems?

 

[iprojects]

All good

Tahnks a lot for your help.
Do I delete the info from the online scan off my D:\ drive?
Thanks a lot again.
It's all clear now.
Cheers
resent:
:bigthumb:

 

[Shaba]

Sure you can

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

You can delete rsit and c:\rsit folder.

Please download OTCleanIt and save it to desktop.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

• Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and re-enable system restore here:
  
  Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
  You can use one of these sites to check if any updates are needed for your pc.
  Secunia Software Inspector
  F-secure Health Check
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
• Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
  
  Malwarebytes' Anti-Malware Setup Guide
  
  Malwarebytes' Anti-Malware Scanning Guide
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:

 

[Shaba]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.