Tech Support Forum - View Single Post

Siphonblaster · 11-08-2008, 01:56 AM

Hi, i have a serious suspected malware problem.

Everytime i click the computer to shut down, it keeps restarting, not shutting down. I have a Windows XP Service Pack 3 operating system. This problem started only 2 days ago.

I believe the cause of the problem was i opened a email postcard on Facebook from somebody else (who had their identity hacked) & viruses came out including trojans like a Win 32/BHO. NJE TROJAN on file C:\WINDOWS\Temp\win23CF.tmp

Another cause could be i installed trial Video joiner software, then uninstalled it, but it came up with popups telling whether i should delete certain share files on System 32. However i don't bleieve it is the actual cause because i answered 'No' to all popups.

I believe there is a certain file in my system that periodically spams out more than 10 files on the registry key that is trying to attack system 32 files such as the windows cmd. I am currently stalling it using Antivirus programs NOD 32 & a free edition of SuperAntiSpyware which keeps picking up files such as:
HKLM\SOFTWARE\Microsoft\MSSMGR & HKLM\SOFTWARE\Microsoft\MSSMGR#Data (presumably inside the registry key)

I have run the RSIT & GMER scans as advised. I have also uninstalled P2P software including Limewire & Bitcomet as advised. I have both the gmer.txt logs & info.txt logs with the log.txt in them. Please note, some of these logs contain information regarding Eset & Digidesign. This is because i have Protools on my computer. However, they are not part of the virus cause.

the following is the gmer log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-08 18:40:37
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6693F20]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \FileSystem\Fastfat \Fat B55D7D20

AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

---- EOF - GMER 1.0.14 ----

NOW THE INFO LOG:

info.txt logfile of random's system information tool 1.04 2008-11-08 18:40:56

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly
BA Installer-->MsiExec.exe /I{EDA0FFC5-7964-4E2F-9014-693F04695933}
Canon PIXMA iP1000-->C:\WINDOWS\system32\CNMCP6e.exe "-PRINTERNAMECanon PIXMA iP1000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmi0409.dll"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Digidesign Free Bomb Factory Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign Pro Tools LE 7.4-->C:\Program Files\InstallShield Installation Information\{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}\setup.exe -runfromtemp -l0x0009 -removeonly
Digidesign Shared Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign Structure Free 1.0.5316-->"C:\Program Files\Digidesign\Structure\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Ease Audio Converter 4.80-->"C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
McAfee SiteAdvisor-->C:\Program Files\SiteAdvisor\6261\uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero 8 Essentials-->MsiExec.exe /X{523DF39E-DF7D-488F-8022-783946571033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Sibelius 5-->MsiExec.exe /I{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xpand!-->"C:\Program Files\Digidesign\unins000.exe"

======Security center information======

AV: Eset NOD32 antivirus system 2.51

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-08 18:40:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 116 GB (76%) free of 153 GB
Total RAM: 2047 MB (82% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-17 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-21 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-06-03 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-17 927008]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-06-03 121632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6261\SiteAdv.exe [2008-05-17 36640]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-22 16126464]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe -r C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini []
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-26 921600]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrkp32]
C:\WINDOWS\system32\winrkp32.dll [2008-11-07 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\steamapps\hoplite1000\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\hoplite1000\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\spectrum_domain\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\spectrum_domain\counter-strike source\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Steam\steamapps\common\dawn of war soulstorm demo\Soulstorm.exe"="C:\Program Files\Steam\steamapps\common\dawn of war soulstorm demo\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-11-08 18:40:55 ----D---- C:\Program Files\trend micro
2008-11-08 18:40:54 ----D---- C:\rsit
2008-11-08 18:30:01 ----A---- C:\WINDOWS\gmer.ini
2008-11-08 18:30:00 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-08 18:30:00 ----A---- C:\WINDOWS\gmer.exe
2008-11-08 18:30:00 ----A---- C:\WINDOWS\gmer.dll
2008-11-07 10:40:48 ----A---- C:\WINDOWS\system32\AVERM.dll
2008-11-07 10:40:48 ----A---- C:\WINDOWS\system32\AVEQT.dll
2008-11-07 06:53:25 ----A---- C:\WINDOWS\system32\winrkp32.dll
2008-10-29 19:51:29 ----D---- C:\PROTOOLS LOOPS
2008-10-28 19:23:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software
2008-10-28 19:23:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software
2008-10-28 19:23:43 ----A---- C:\WINDOWS\system32\ReWire.dll
2008-10-28 19:22:52 ----D---- C:\Program Files\Propellerhead
2008-10-28 19:02:14 ----D---- C:\Program Files\InterLok
2008-10-28 19:02:12 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-28 19:00:56 ----A---- C:\WINDOWS\system32\Digi32.dll
2008-10-28 19:00:08 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-10-28 19:00:08 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-10-28 19:00:07 ----N---- C:\WINDOWS\system32\ilinet.dll
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\qtmlClient.dll
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71u.dll
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71FRA.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\atl71.dll
2008-10-28 19:00:02 ----A---- C:\WINDOWS\system32\mbx2midu.dll
2008-10-28 19:00:02 ----A---- C:\WINDOWS\system32\dgfwdio.dll
2008-10-28 18:59:55 ----D---- C:\Program Files\Digidesign
2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\WinMMFix.dll
2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\DSI.dll
2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\DirectIO.dll
2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\Diomidi.DLL
2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\DigiPlatformSupport.dll
2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\digicoin.dll
2008-10-28 10:48:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Structure
2008-10-27 22:52:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Digidesign
2008-10-27 22:52:33 ----D---- C:\Digidesign Databases
2008-10-27 22:52:16 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2008-10-27 22:52:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
2008-10-27 22:52:16 ----D---- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy
2008-10-27 22:35:23 ----D---- C:\Program Files\Common Files\Digidesign
2008-10-27 21:58:01 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-27 21:58:00 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-27 21:57:40 ----D---- C:\Program Files\xerox
2008-10-27 21:57:38 ----D---- C:\WINDOWS\system32\xircom
2008-10-27 21:57:38 ----D---- C:\Program Files\microsoft frontpage
2008-10-27 21:57:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-27 21:56:55 ----D---- C:\WINDOWS\Prefetch
2008-10-27 21:51:09 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-27 21:51:09 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-27 21:50:56 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-10-27 21:50:56 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-10-27 21:50:55 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slserv.exe
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slgen.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-27 21:50:48 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-27 21:50:48 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-27 21:50:48 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-27 21:50:47 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-27 21:50:47 ----N---- C:\WINDOWS\slrundll.exe
2008-10-27 21:50:47 ----D---- C:\WINDOWS\system32\scripting
2008-10-27 21:50:47 ----D---- C:\WINDOWS\system32\en-us
2008-10-27 21:50:46 ----D---- C:\WINDOWS\system32\en
2008-10-27 21:50:46 ----D---- C:\WINDOWS\l2schemas
2008-10-27 21:50:45 ----D---- C:\WINDOWS\system32\bits
2008-10-27 21:48:36 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-27 21:46:33 ----D---- C:\WINDOWS\network diagnostic
2008-10-27 21:45:41 ----A---- C:\WINDOWS\002555_.tmp
2008-10-27 21:43:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-25 08:48:21 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-10-15 23:53:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-10-15 23:42:50 ----D---- C:\Program Files\Common Files\Apple
2008-10-15 23:42:46 ----D---- C:\Program Files\QuickTime
2008-10-15 23:42:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-10-15 23:42:35 ----D---- C:\Program Files\Apple Software Update
2008-10-15 23:42:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

======List of files/folders modified in the last 1 months======

2008-11-08 18:40:55 ----RD---- C:\Program Files
2008-11-08 18:35:14 ----D---- C:\WINDOWS\Temp
2008-11-08 18:30:01 ----D---- C:\WINDOWS
2008-11-08 18:30:00 ----D---- C:\WINDOWS\system32\drivers
2008-11-08 14:17:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-08 12:55:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Any Video Converter
2008-11-07 20:38:32 ----D---- C:\AudioConverter
2008-11-07 20:38:23 ----A---- C:\WINDOWS\AudioConverter.INI
2008-11-07 20:38:07 ----A---- C:\WINDOWS\aceg.ini
2008-11-07 19:53:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-07 11:28:33 ----D---- C:\Program Files\Steam
2008-11-07 10:40:48 ----D---- C:\WINDOWS\system32
2008-11-07 10:00:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-11-07 07:00:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-06 21:36:43 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-11-06 18:28:44 ----D---- C:\Program Files\McAfee
2008-11-06 18:28:40 ----HD---- C:\WINDOWS\inf
2008-11-06 09:26:28 ----D---- C:\WINDOWS\Debug
2008-11-06 09:26:24 ----D---- C:\WINDOWS\system32\DllCache
2008-11-05 20:26:03 ----ASD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-11-03 20:12:30 ----D---- C:\Downloads
2008-10-28 19:17:35 ----AD---- C:\Program Files\Common Files\System
2008-10-28 19:05:00 ----D---- C:\Program Files\Outlook Express
2008-10-28 19:04:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-28 19:02:19 ----SHD---- C:\WINDOWS\Installer
2008-10-28 19:02:19 ----SHD---- C:\Config.Msi
2008-10-28 19:02:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-28 18:42:02 ----D---- C:\WINDOWS\system32\config
2008-10-28 18:41:48 ----D---- C:\WINDOWS\system32\wbem
2008-10-28 18:41:48 ----D---- C:\WINDOWS\Registration
2008-10-28 18:18:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 22:52:16 ----D---- C:\Program Files\Common Files
2008-10-27 22:10:56 ----D---- C:\WINDOWS\$hf_mig$
2008-10-27 21:58:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-27 21:57:53 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-27 21:57:36 ----A---- C:\WINDOWS\setuplog.txt
2008-10-27 21:56:33 ----D---- C:\WINDOWS\system32\Setup
2008-10-27 21:56:33 ----D---- C:\WINDOWS\AppPatch
2008-10-27 21:56:31 ----RSD---- C:\WINDOWS\Fonts
2008-10-27 21:55:36 ----D---- C:\WINDOWS\security
2008-10-27 21:53:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-27 21:51:16 ----D---- C:\WINDOWS\WinSxS
2008-10-27 21:51:13 ----D---- C:\Program Files\Messenger
2008-10-27 21:51:09 ----D---- C:\Program Files\Windows Media Player
2008-10-27 21:50:55 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-27 21:50:55 ----D---- C:\WINDOWS\ime
2008-10-27 21:50:55 ----D---- C:\WINDOWS\Help
2008-10-27 21:50:47 ----D---- C:\WINDOWS\system32\usmt
2008-10-27 21:50:46 ----D---- C:\Program Files\Internet Explorer
2008-10-27 21:50:45 ----D---- C:\WINDOWS\PeerNet
2008-10-27 21:50:45 ----D---- C:\Program Files\Movie Maker
2008-10-27 21:48:22 ----D---- C:\WINDOWS\system32\Restore
2008-10-27 21:48:22 ----D---- C:\WINDOWS\system32\npp
2008-10-27 21:48:22 ----D---- C:\WINDOWS\mui
2008-10-27 21:48:21 ----D---- C:\WINDOWS\msagent
2008-10-27 21:48:20 ----D---- C:\WINDOWS\srchasst
2008-10-27 21:48:19 ----D---- C:\Program Files\NetMeeting
2008-10-27 21:48:18 ----D---- C:\WINDOWS\system32\Com
2008-10-27 21:48:15 ----D---- C:\Program Files\Windows NT
2008-10-27 21:47:57 ----D---- C:\WINDOWS\system32\oobe
2008-10-27 21:47:54 ----D---- C:\WINDOWS\system
2008-10-27 21:43:52 ----D---- C:\WINDOWS\ehome
2008-10-25 08:49:36 ----D---- C:\WINDOWS\Minidump
2008-10-25 08:23:51 ----A---- C:\WINDOWS\win.ini
2008-10-25 08:20:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-25 03:51:04 ----D---- C:\WINDOWS\nview
2008-10-24 22:58:27 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-23 09

34 ----D---- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 DigiNet;Digidesign Ethernet Support; C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 16400]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-27 4395008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 dalwdmservice;dal service; C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 97808]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-08 85969]
S3 MBX2DFU;MBX2DFU; C:\WINDOWS\SYSTEM32\DRIVERS\MBX2DFU.sys [2007-10-31 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver; C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 21904]
S3 MusCAudio;MusCAudio; C:\WINDOWS\system32\drivers\MusCAudio.sys [2008-10-24 23096]
S3 MusCVideo;MusCVideo; C:\WINDOWS\system32\DRIVERS\MusCVideo.sys [2008-10-24 3768]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-26 507904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-06-26 345376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 digiSPTIService;digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [2007-10-30 159744]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

I hope this is enough to give you clues. I will wait patiently for your response. Thankyou.

Peter

11-08-2008, 01:56 AM	#1 (permalink)
Siphonblaster Registered User Join Date: Nov 2008 Posts: 8 OS: Windows XP Service Pack 3	Windows Keeps Restarting Hi, i have a serious suspected malware problem. Everytime i click the computer to shut down, it keeps restarting, not shutting down. I have a Windows XP Service Pack 3 operating system. This problem started only 2 days ago. I believe the cause of the problem was i opened a email postcard on Facebook from somebody else (who had their identity hacked) & viruses came out including trojans like a Win 32/BHO. NJE TROJAN on file C:\WINDOWS\Temp\win23CF.tmp Another cause could be i installed trial Video joiner software, then uninstalled it, but it came up with popups telling whether i should delete certain share files on System 32. However i don't bleieve it is the actual cause because i answered 'No' to all popups. I believe there is a certain file in my system that periodically spams out more than 10 files on the registry key that is trying to attack system 32 files such as the windows cmd. I am currently stalling it using Antivirus programs NOD 32 & a free edition of SuperAntiSpyware which keeps picking up files such as: HKLM\SOFTWARE\Microsoft\MSSMGR & HKLM\SOFTWARE\Microsoft\MSSMGR#Data (presumably inside the registry key) I have run the RSIT & GMER scans as advised. I have also uninstalled P2P software including Limewire & Bitcomet as advised. I have both the gmer.txt logs & info.txt logs with the log.txt in them. Please note, some of these logs contain information regarding Eset & Digidesign. This is because i have Protools on my computer. However, they are not part of the virus cause. the following is the gmer log: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-08 18:40:37 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6693F20] ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.) AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset ) Device \FileSystem\Fastfat \Fat B55D7D20 AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.) AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset ) ---- EOF - GMER 1.0.14 ---- NOW THE INFO LOG: info.txt logfile of random's system information tool 1.04 2008-11-08 18:40:56 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly BA Installer-->MsiExec.exe /I{EDA0FFC5-7964-4E2F-9014-693F04695933} Canon PIXMA iP1000-->C:\WINDOWS\system32\CNMCP6e.exe "-PRINTERNAMECanon PIXMA iP1000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmi0409.dll" Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240 Digidesign Free Bomb Factory Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly Digidesign Pro Tools LE 7.4-->C:\Program Files\InstallShield Installation Information\{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}\setup.exe -runfromtemp -l0x0009 -removeonly Digidesign Shared Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly Digidesign Structure Free 1.0.5316-->"C:\Program Files\Digidesign\Structure\unins000.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER Ease Audio Converter 4.80-->"C:\Program Files\easetech\EaseAudioConverter\unins000.exe" Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE} Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe McAfee SiteAdvisor-->C:\Program Files\SiteAdvisor\6261\uninstall.exe Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Nero 8 Essentials-->MsiExec.exe /X{523DF39E-DF7D-488F-8022-783946571033} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe" Sibelius 5-->MsiExec.exe /I{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xpand!-->"C:\Program Files\Digidesign\unins000.exe" ======Security center information====== AV: Eset NOD32 antivirus system 2.51 ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.04 (written by random/random) Run by Administrator at 2008-11-08 18:40:54 Microsoft Windows XP Professional Service Pack 3 System drive C: has 116 GB (76%) free of 153 GB Total RAM: 2047 MB (82% free) HijackThis download failed ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}] C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-17 927008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-21 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-06-03 121632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-17 927008] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-06-03 121632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "SiteAdvisor"=C:\Program Files\SiteAdvisor\6261\SiteAdv.exe [2008-05-17 36640] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-22 16126464] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208] "OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe -r C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini [] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-26 921600] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] "DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrkp32] C:\WINDOWS\system32\winrkp32.dll [2008-11-07 32256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceClassicControlPanel"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\Steam\steamapps\hoplite1000\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\hoplite1000\counter-strike source\hl2.exe::Enabled:hl2" "C:\Program Files\Steam\steamapps\spectrum_domain\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\spectrum_domain\counter-strike source\hl2.exe::Disabled:hl2" "C:\Program Files\Steam\steamapps\common\dawn of war soulstorm demo\Soulstorm.exe"="C:\Program Files\Steam\steamapps\common\dawn of war soulstorm demo\Soulstorm.exe::Enabled:Soulstorm" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe::Disabled:BitComet - a BitTorrent Client" "C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe::Enabled:BitLord" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe::Enabled:winver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2008-11-08 18:40:55 ----D---- C:\Program Files\trend micro 2008-11-08 18:40:54 ----D---- C:\rsit 2008-11-08 18:30:01 ----A---- C:\WINDOWS\gmer.ini 2008-11-08 18:30:00 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-11-08 18:30:00 ----A---- C:\WINDOWS\gmer.exe 2008-11-08 18:30:00 ----A---- C:\WINDOWS\gmer.dll 2008-11-07 10:40:48 ----A---- C:\WINDOWS\system32\AVERM.dll 2008-11-07 10:40:48 ----A---- C:\WINDOWS\system32\AVEQT.dll 2008-11-07 06:53:25 ----A---- C:\WINDOWS\system32\winrkp32.dll 2008-10-29 19:51:29 ----D---- C:\PROTOOLS LOOPS 2008-10-28 19:23:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software 2008-10-28 19:23:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software 2008-10-28 19:23:43 ----A---- C:\WINDOWS\system32\ReWire.dll 2008-10-28 19:22:52 ----D---- C:\Program Files\Propellerhead 2008-10-28 19:02:14 ----D---- C:\Program Files\InterLok 2008-10-28 19:02:12 ----D---- C:\WINDOWS\Downloaded Installations 2008-10-28 19:00:56 ----A---- C:\WINDOWS\system32\Digi32.dll 2008-10-28 19:00:08 ----A---- C:\WINDOWS\system32\msvcr70.dll 2008-10-28 19:00:08 ----A---- C:\WINDOWS\system32\msvcp70.dll 2008-10-28 19:00:07 ----N---- C:\WINDOWS\system32\ilinet.dll 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\REX Shared Library.dll 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\qtmlClient.dll 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71u.dll 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71FRA.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\mfc70.dll 2008-10-28 19:00:07 ----A---- C:\WINDOWS\system32\atl71.dll 2008-10-28 19:00:02 ----A---- C:\WINDOWS\system32\mbx2midu.dll 2008-10-28 19:00:02 ----A---- C:\WINDOWS\system32\dgfwdio.dll 2008-10-28 18:59:55 ----D---- C:\Program Files\Digidesign 2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\WinMMFix.dll 2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\DSI.dll 2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\DirectIO.dll 2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\Diomidi.DLL 2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\DigiPlatformSupport.dll 2008-10-28 18:59:55 ----A---- C:\WINDOWS\system32\digicoin.dll 2008-10-28 10:48:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Structure 2008-10-27 22:52:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Digidesign 2008-10-27 22:52:33 ----D---- C:\Digidesign Databases 2008-10-27 22:52:16 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy 2008-10-27 22:52:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy 2008-10-27 22:52:16 ----D---- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy 2008-10-27 22:35:23 ----D---- C:\Program Files\Common Files\Digidesign 2008-10-27 21:58:01 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-10-27 21:58:00 ----A---- C:\WINDOWS\system32\mucltui.dll 2008-10-27 21:57:40 ----D---- C:\Program Files\xerox 2008-10-27 21:57:38 ----D---- C:\WINDOWS\system32\xircom 2008-10-27 21:57:38 ----D---- C:\Program Files\microsoft frontpage 2008-10-27 21:57:24 ----A---- C:\WINDOWS\system32\wmpns.dll 2008-10-27 21:56:55 ----D---- C:\WINDOWS\Prefetch 2008-10-27 21:51:09 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-10-27 21:51:09 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-10-27 21:50:56 ----N---- C:\WINDOWS\system32\rwnh.dll 2008-10-27 21:50:56 ----N---- C:\WINDOWS\system32\comsdupd.exe 2008-10-27 21:50:55 ----N---- C:\WINDOWS\system32\smtpapi.dll 2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-10-27 21:50:54 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\credssp.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\azroles.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-10-27 21:50:53 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-10-27 21:50:52 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\mdmxsdk.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-10-27 21:50:51 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\onex.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\napstat.exe 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mssha.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-10-27 21:50:50 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\verclsid.exe 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\tzchange.exe 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slserv.exe 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slgen.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\setupn.exe 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qutil.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-10-27 21:50:49 ----N---- C:\WINDOWS\system32\qagent.dll 2008-10-27 21:50:48 ----N---- C:\WINDOWS\system32\xmllite.dll 2008-10-27 21:50:48 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-10-27 21:50:48 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-10-27 21:50:47 ----N---- C:\WINDOWS\system32\xpsp3res.dll 2008-10-27 21:50:47 ----N---- C:\WINDOWS\slrundll.exe 2008-10-27 21:50:47 ----D---- C:\WINDOWS\system32\scripting 2008-10-27 21:50:47 ----D---- C:\WINDOWS\system32\en-us 2008-10-27 21:50:46 ----D---- C:\WINDOWS\system32\en 2008-10-27 21:50:46 ----D---- C:\WINDOWS\l2schemas 2008-10-27 21:50:45 ----D---- C:\WINDOWS\system32\bits 2008-10-27 21:48:36 ----D---- C:\WINDOWS\ServicePackFiles 2008-10-27 21:46:33 ----D---- C:\WINDOWS\network diagnostic 2008-10-27 21:45:41 ----A---- C:\WINDOWS\002555_.tmp 2008-10-27 21:43:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-10-25 08:48:21 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-10-15 23:53:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-10-15 23:42:50 ----D---- C:\Program Files\Common Files\Apple 2008-10-15 23:42:46 ----D---- C:\Program Files\QuickTime 2008-10-15 23:42:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer 2008-10-15 23:42:35 ----D---- C:\Program Files\Apple Software Update 2008-10-15 23:42:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple ======List of files/folders modified in the last 1 months====== 2008-11-08 18:40:55 ----RD---- C:\Program Files 2008-11-08 18:35:14 ----D---- C:\WINDOWS\Temp 2008-11-08 18:30:01 ----D---- C:\WINDOWS 2008-11-08 18:30:00 ----D---- C:\WINDOWS\system32\drivers 2008-11-08 14:17:12 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-08 12:55:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Any Video Converter 2008-11-07 20:38:32 ----D---- C:\AudioConverter 2008-11-07 20:38:23 ----A---- C:\WINDOWS\AudioConverter.INI 2008-11-07 20:38:07 ----A---- C:\WINDOWS\aceg.ini 2008-11-07 19:53:46 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-07 11:28:33 ----D---- C:\Program Files\Steam 2008-11-07 10:40:48 ----D---- C:\WINDOWS\system32 2008-11-07 10:00:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor 2008-11-07 07:00:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-06 21:36:43 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-11-06 18:28:44 ----D---- C:\Program Files\McAfee 2008-11-06 18:28:40 ----HD---- C:\WINDOWS\inf 2008-11-06 09:26:28 ----D---- C:\WINDOWS\Debug 2008-11-06 09:26:24 ----D---- C:\WINDOWS\system32\DllCache 2008-11-05 20:26:03 ----ASD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft 2008-11-03 20:12:30 ----D---- C:\Downloads 2008-10-28 19:17:35 ----AD---- C:\Program Files\Common Files\System 2008-10-28 19:05:00 ----D---- C:\Program Files\Outlook Express 2008-10-28 19:04:59 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-10-28 19:02:19 ----SHD---- C:\WINDOWS\Installer 2008-10-28 19:02:19 ----SHD---- C:\Config.Msi 2008-10-28 19:02:18 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-10-28 18:42:02 ----D---- C:\WINDOWS\system32\config 2008-10-28 18:41:48 ----D---- C:\WINDOWS\system32\wbem 2008-10-28 18:41:48 ----D---- C:\WINDOWS\Registration 2008-10-28 18:18:07 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-27 22:52:16 ----D---- C:\Program Files\Common Files 2008-10-27 22:10:56 ----D---- C:\WINDOWS\$hf_mig$ 2008-10-27 21:58:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-27 21:57:53 ----A---- C:\WINDOWS\OEWABLog.txt 2008-10-27 21:57:36 ----A---- C:\WINDOWS\setuplog.txt 2008-10-27 21:56:33 ----D---- C:\WINDOWS\system32\Setup 2008-10-27 21:56:33 ----D---- C:\WINDOWS\AppPatch 2008-10-27 21:56:31 ----RSD---- C:\WINDOWS\Fonts 2008-10-27 21:55:36 ----D---- C:\WINDOWS\security 2008-10-27 21:53:01 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-27 21:51:16 ----D---- C:\WINDOWS\WinSxS 2008-10-27 21:51:13 ----D---- C:\Program Files\Messenger 2008-10-27 21:51:09 ----D---- C:\Program Files\Windows Media Player 2008-10-27 21:50:55 ----D---- C:\WINDOWS\system32\inetsrv 2008-10-27 21:50:55 ----D---- C:\WINDOWS\ime 2008-10-27 21:50:55 ----D---- C:\WINDOWS\Help 2008-10-27 21:50:47 ----D---- C:\WINDOWS\system32\usmt 2008-10-27 21:50:46 ----D---- C:\Program Files\Internet Explorer 2008-10-27 21:50:45 ----D---- C:\WINDOWS\PeerNet 2008-10-27 21:50:45 ----D---- C:\Program Files\Movie Maker 2008-10-27 21:48:22 ----D---- C:\WINDOWS\system32\Restore 2008-10-27 21:48:22 ----D---- C:\WINDOWS\system32\npp 2008-10-27 21:48:22 ----D---- C:\WINDOWS\mui 2008-10-27 21:48:21 ----D---- C:\WINDOWS\msagent 2008-10-27 21:48:20 ----D---- C:\WINDOWS\srchasst 2008-10-27 21:48:19 ----D---- C:\Program Files\NetMeeting 2008-10-27 21:48:18 ----D---- C:\WINDOWS\system32\Com 2008-10-27 21:48:15 ----D---- C:\Program Files\Windows NT 2008-10-27 21:47:57 ----D---- C:\WINDOWS\system32\oobe 2008-10-27 21:47:54 ----D---- C:\WINDOWS\system 2008-10-27 21:43:52 ----D---- C:\WINDOWS\ehome 2008-10-25 08:49:36 ----D---- C:\WINDOWS\Minidump 2008-10-25 08:23:51 ----A---- C:\WINDOWS\win.ini 2008-10-25 08:20:12 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-25 03:51:04 ----D---- C:\WINDOWS\nview 2008-10-24 22:58:27 ----D---- C:\WINDOWS\SoftwareDistribution 2008-10-23 0934 ----D---- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 DigiNet;Digidesign Ethernet Support; C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 16400] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-27 4395008] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 dalwdmservice;dal service; C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 97808] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-08 85969] S3 MBX2DFU;MBX2DFU; C:\WINDOWS\SYSTEM32\DRIVERS\MBX2DFU.sys [2007-10-31 21648] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver; C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 21904] S3 MusCAudio;MusCAudio; C:\WINDOWS\system32\drivers\MusCAudio.sys [2008-10-24 23096] S3 MusCVideo;MusCVideo; C:\WINDOWS\system32\DRIVERS\MusCVideo.sys [2008-10-24 3768] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-26 507904] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936] R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-06-26 345376] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 digiSPTIService;digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [2007-10-30 159744] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- I hope this is enough to give you clues. I will wait patiently for your response. Thankyou. Peter