Pankie

I'm not sure how I acquired this malware but spybot has detected Win32.FraudLoad.edt I read up on it and apparently every now and then it opens a connection onto my pc and uses it to download adware / etc. So far I haven't had any further adware problems but AM experiencing random lag spikes.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Sean at 21:38:40.68 on Mon 09/14/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2814.2262 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\Sean\Desktop\Spyware\Techsupportforum\dds.scr

============== Pseudo HJT Report ===============

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.22\RivaTuner.exe" /S
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sean\applic~1\mozilla\firefox\profiles\0lkdb83m.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
UnknownUnknown SASENUM;SASENUM; [x]

=============== Created Last 30 ================

2009-09-14 21:13 <DIR> --d----- c:\program files\LG Electronics
2009-09-14 21:12 1,164,728 a------- c:\windows\system32\NMSDVDXU.dll
2009-09-14 21:12 419,240 a------- c:\windows\system32\Vsflex7L.ocx
2009-09-14 21:12 244,416 a------- c:\windows\system32\Msflxgrd.ocx
2009-09-14 21:12 630,784 a------- c:\windows\system32\vsflex8u.ocx
2009-09-14 21:12 <DIR> --d----- c:\docume~1\sean\applic~1\LG Electronics
2009-09-14 21:12 <DIR> --d----- c:\program files\LG PC Suite II
2009-09-14 21:06 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-09-14 20:28 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-14 20:28 22,328 a------- c:\docume~1\sean\applic~1\PnkBstrK.sys
2009-09-14 20:28 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-09-14 20:28 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-09-14 20:28 319 a------- c:\windows\game.ini
2009-09-14 20:19 <DIR> --d----- c:\program files\Activision
2009-09-14 20:17 <DIR> --dsh--- c:\windows\ftpcache
2009-09-13 17:48 <DIR> a-dshr-- C:\cmdcons
2009-09-13 17:47 229,888 a------- c:\windows\PEV.exe
2009-09-13 17:47 161,792 a------- c:\windows\SWREG.exe
2009-09-13 17:47 98,816 a------- c:\windows\sed.exe
2009-09-13 17:39 <DIR> --d----- c:\docume~1\sean\applic~1\Malwarebytes
2009-09-13 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-13 17:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-13 17:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-13 17:11 <DIR> --d----- c:\docume~1\sean\applic~1\SUPERAntiSpyware.com
2009-09-13 17:05 <DIR> --d----- c:\program files\CCleaner
2009-09-13 17:04 <DIR> --d----- c:\docume~1\sean\applic~1\MSNInstaller
2009-09-13 17:04 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-13 16:41 199 a------- c:\windows\wininit.ini
2009-09-13 16:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-13 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-13 15:55 <DIR> --d----- c:\program files\Dvd-cloner
2009-09-12 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-09-12 20:56 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-09-12 20:56 47,360 a------- c:\docume~1\sean\applic~1\pcouffin.sys
2009-09-12 20:55 217,127 a------- c:\windows\system32\drv43260.dll
2009-09-12 20:55 208,935 a------- c:\windows\system32\drv33260.dll
2009-09-12 20:55 176,165 a------- c:\windows\system32\drv23260.dll
2009-09-12 20:55 102,439 a------- c:\windows\system32\sipr3260.dll
2009-09-12 20:55 65,602 a------- c:\windows\system32\cook3260.dll
2009-09-12 20:55 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-09-12 20:55 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-09-12 20:55 <DIR> --d----- c:\program files\VSO
2009-09-12 19:32 <DIR> --d----- c:\program files\common files\INCA Shared
2009-09-12 19:31 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-09-12 18:35 <DIR> --d----- c:\windows\system32\Adobe
2009-09-11 17:26 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-09-11 17:17 <DIR> --d----- c:\documents and settings\sean\AIMPro
2009-09-11 01:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-09-11 00:40 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-11 00:38 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-09-11 00:23 <DIR> --d----- c:\program files\NCSoft
2009-09-11 00:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-09-11 00:14 <DIR> --d----- c:\program files\VideoLAN
2009-09-11 00:14 <DIR> --d----- c:\docume~1\sean\applic~1\GetRightToGo
2009-09-11 00:09 <DIR> --d----- c:\program files\RivaTuner v2.22
2009-09-11 00:08 <DIR> --d----- c:\windows\pss
2009-09-11 00:07 <DIR> --d----- C:\Downloads
2009-09-11 00:06 <DIR> --d----- c:\documents and settings\sean\Tracing
2009-09-11 00:05 <DIR> --d----- c:\program files\Microsoft
2009-09-11 00:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-11 00:03 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-09-11 00:02 <DIR> --d----- c:\program files\World of Warcraft
2009-09-10 23:58 <DIR> --d----- c:\docume~1\sean\applic~1\AIMPro
2009-09-10 23:58 <DIR> --d----- c:\program files\common files\Nullsoft
2009-09-10 23:58 <DIR> --d----- c:\program files\AIM
2009-09-10 23:54 64,900 a------- c:\windows\system32\DVCState-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
2009-09-10 23:54 54,692 a------- c:\windows\system32\BMXStateBkp-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
2009-09-10 23:54 54,692 a------- c:\windows\system32\BMXState-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
2009-09-10 23:54 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-09-10 23:54 1,080 a------- c:\windows\system32\settings.sfm
2009-09-10 23:53 <DIR> --d----- c:\program files\Ventrilo
2009-09-10 23:53 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-09-10 23:49 7,062 a------- c:\windows\system32\audiopid.vxd
2009-09-10 23:49 647,872 -------- c:\windows\system32\Mscomct2.ocx
2009-09-10 23:49 41,984 -------- c:\windows\Ctregrun.exe
2009-09-10 23:49 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-09-10 23:49 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-09-10 23:49 <DIR> --d----- c:\program files\common files\Creative
2009-09-10 23:48 <DIR> --d-h--- c:\program files\Creative Installation Information
2009-09-10 23:48 90,112 -------- c:\windows\Updreg.EXE
2009-09-10 23:47 <DIR> --ds---- c:\documents and settings\sean\UserData
2009-09-10 23:46 <DIR> --d----- c:\program files\Creative
2009-09-10 23:42 <DIR> --d--r-- c:\program files\Skype
2009-09-10 23:42 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-09-10 23:41 4,984 a------- c:\windows\system32\drivers\nvphy.bin
2009-09-10 23:41 446,464 a------- c:\windows\system32\nvunrm.exe
2009-09-10 23:41 6,045 a------- c:\windows\system32\nvnrm.nvu
2009-09-10 23:41 359,040 a------- c:\windows\system32\drivers\tcpip.sys.flg
2009-09-10 23:41 <DIR> --d----- c:\program files\FlashGet
2009-09-10 23:40 8 a------- c:\windows\system32\nvModes.dat
2009-09-10 23:40 <DIR> --d----- c:\program files\Photoshop
2009-09-10 23:38 <DIR> --d----- c:\windows\system32\AGEIA
2009-09-10 23:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-10 23:37 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-09-10 23:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-09-10 23:35 <DIR> --d----- c:\documents and settings\Sean
2009-09-10 23:34 <DIR> --ds---- c:\windows\system32\Microsoft
2009-09-10 23:34 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-10 23:32 195,618 ac------ c:\windows\system32\dllcache\c_10002.nls
2009-09-10 23:31 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-09-10 23:31 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-09-10 23:30 <DIR> --d----- c:\program files\common files\MSSoap
2009-09-10 23:29 <DIR> --d----- c:\program files\Online Services
2009-09-10 23:29 <DIR> --d----- c:\program files\Messenger
2009-09-10 23:29 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-09-10 23:28 <DIR> --d----- c:\program files\Windows NT
2009-09-10 19:14 <DIR> --d----- c:\program files\common files\ODBC
2009-09-10 19:14 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-09-10 19:13 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-09-10 23:47 409,600 a------- c:\windows\system32\wrap_oal.dll
2009-09-10 23:47 86,016 a------- c:\windows\system32\OpenAL32.dll
2009-09-10 23:31 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-10 23:29 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-21 02:52 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-21 02:52 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-14 14:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 14:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 14:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 14:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 14:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 14:54 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-07-14 14:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 14:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 14:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 14:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE

============= FINISH: 21:38:52.98 ===============

Attached Files

Attach.rar (2.9 KB, 1 views)

Pankie

bump 72 hours

Pankie

bump!!!

Ried

Who instructed you to run ComboFix? Post the log please. You'll find it at C:\ComboFix.txt

Pankie

I originally was going to follow the guidance of experts on Majorgeek. However, after running the prerequisites I ran into issues and decided to use this forum as I have had success in the past. I deleted my combofix logs after using several of the cleaning tools and having no success.

*edit* How can you tell that I used combofix? just wondering.

Ried

I wish you hadn't done that. I'd like to take a look with another scanner. Download rsit.exe and save it to your desktop.

• Double click on RSIT.exe to run it.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

I only need for you to post the log.txt.

Pankie

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sean at 2009-09-20 13:21:35
Microsoft Windows XP Professional Service Pack 2
System drive C: has 424 GB (89%) free of 477 GB
Total RAM: 2814 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:40 PM, on 9/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NCSoft\Launcher\NCLauncher.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Heroes of Newerth\hon.exe
C:\Documents and Settings\Sean\Desktop\RSIT.exe
C:\Program Files\trend micro\Sean.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 3779 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.22\RivaTuner.exe [2008-12-29 2732032]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-09-17 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
C:\Program Files\AIM\AIM Pro\aimpro.exe [2007-10-09 5043528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-05-24 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-05-24 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe [2009-09-19 38184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-09 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"srservice"=2
"Spooler"=3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9683c07d-a53c-11de-b54e-001d605edf9c}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-09-20 13:21:35 ----D---- C:\rsit
2009-09-20 13:21:35 ----D---- C:\Program Files\trend micro
2009-09-19 22:17:29 ----D---- C:\Documents and Settings\Sean\Application Data\Hamachi
2009-09-19 22:17:22 ----D---- C:\Program Files\Hamachi
2009-09-19 18:51:17 ----D---- C:\Program Files\Warcraft III
2009-09-19 13:17:34 ----D---- C:\Program Files\Heroes of Newerth
2009-09-19 00:40:44 ----D---- C:\Program Files\Common Files\Adobe
2009-09-17 21:47:43 ----D---- C:\Program Files\Steam
2009-09-15 23:27:24 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-09-15 23:27:24 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-09-15 23:27:24 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-09-15 23:27:17 ----D---- C:\Program Files\TVersity Codec Pack
2009-09-15 23:27:07 ----D---- C:\Program Files\TVersity
2009-09-15 23:09:37 ----D---- C:\Program Files\MSBuild
2009-09-15 23:09:34 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-15 23:09:32 ----D---- C:\WINDOWS\system32\en-us
2009-09-15 23:09:32 ----D---- C:\Program Files\Reference Assemblies
2009-09-15 23:09:16 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-09-15 23:08:01 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-09-15 23:08:00 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-09-15 23:07:56 ----D---- C:\Program Files\MSXML 6.0
2009-09-15 19:25:30 ----D---- C:\Program Files\abgx360
2009-09-15 19:11:19 ----A---- C:\WINDOWS\system32\MSCOMCTL.exe
2009-09-14 22:18:44 ----D---- C:\Program Files\DVD-Cloner Platinum
2009-09-14 22:18:22 ----D---- C:\Program Files\Dvd-cloner
2009-09-14 21:12:41 ----A---- C:\WINDOWS\system32\NMSDVDXU.dll
2009-09-14 21:12:31 ----D---- C:\Documents and Settings\Sean\Application Data\LG Electronics
2009-09-14 21:12:30 ----D---- C:\Program Files\LG PC Suite II
2009-09-14 20:28:13 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-09-14 20:28:12 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-09-14 20:28:11 ----A---- C:\WINDOWS\game.ini
2009-09-14 20:19:15 ----D---- C:\Program Files\Activision
2009-09-14 20:17:47 ----SHD---- C:\WINDOWS\ftpcache
2009-09-13 23:39:11 ----D---- C:\Documents and Settings\Sean\Application Data\Media Player Classic
2009-09-13 22:00:08 ----SHD---- C:\RECYCLER
2009-09-13 17:52:16 ----D---- C:\WINDOWS\temp
2009-09-13 17:48:32 ----RASHD---- C:\cmdcons
2009-09-13 17:47:58 ----A---- C:\WINDOWS\zip.exe
2009-09-13 17:47:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-13 17:47:58 ----A---- C:\WINDOWS\SWSC.exe
2009-09-13 17:47:58 ----A---- C:\WINDOWS\SWREG.exe
2009-09-13 17:47:58 ----A---- C:\WINDOWS\sed.exe
2009-09-13 17:47:58 ----A---- C:\WINDOWS\PEV.exe
2009-09-13 17:47:58 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-13 17:47:58 ----A---- C:\WINDOWS\grep.exe
2009-09-13 17:47:55 ----D---- C:\WINDOWS\ERDNT
2009-09-13 17:39:22 ----D---- C:\Documents and Settings\Sean\Application Data\Malwarebytes
2009-09-13 17:39:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-13 17:11:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-13 17:11:28 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-13 17:11:28 ----D---- C:\Documents and Settings\Sean\Application Data\SUPERAntiSpyware.com
2009-09-13 17:05:48 ----D---- C:\Program Files\CCleaner
2009-09-13 17:04:57 ----D---- C:\Documents and Settings\Sean\Application Data\MSNInstaller
2009-09-13 17:04:33 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-13 16:41:12 ----A---- C:\WINDOWS\wininit.ini
2009-09-13 16:07:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-13 16:07:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-12 20:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-09-12 20:56:02 ----D---- C:\Documents and Settings\Sean\Application Data\Vso
2009-09-12 20:55:59 ----A---- C:\WINDOWS\system32\sipr3260.dll
2009-09-12 20:55:59 ----A---- C:\WINDOWS\system32\Pncrt.dll
2009-09-12 20:55:59 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-09-12 20:55:59 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-09-12 20:55:59 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-09-12 20:55:59 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-09-12 20:55:58 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-09-12 20:55:58 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-09-12 20:55:57 ----D---- C:\Program Files\VSO
2009-09-12 19:32:20 ----D---- C:\Program Files\Common Files\INCA Shared
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-09-12 19:32:01 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-09-12 19:32:00 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-09-12 19:31:59 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-09-12 19:31:58 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-09-12 19:31:57 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-09-12 19:31:57 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-09-12 19:31:57 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-09-12 19:31:57 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-09-12 19:31:56 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-09-12 19:31:55 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-09-12 19:31:54 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-09-12 19:31:53 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-09-12 19:31:52 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-09-12 19:31:51 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-09-12 19:31:49 ----D---- C:\WINDOWS\Logs
2009-09-12 18:35:05 ----D---- C:\WINDOWS\system32\Adobe
2009-09-11 17:26:43 ----D---- C:\Documents and Settings\Sean\Application Data\skypePM
2009-09-11 01:03:06 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-09-11 00:55:16 ----D---- C:\Documents and Settings\Sean\Application Data\WinRAR
2009-09-11 00:40:57 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-11 00:38:50 ----D---- C:\Program Files\Combined Community Codec Pack
2009-09-11 00:32:38 ----D---- C:\Documents and Settings\Sean\Application Data\dvdcss
2009-09-11 00:32:37 ----D---- C:\Documents and Settings\Sean\Application Data\vlc
2009-09-11 00:30:04 ----D---- C:\Documents and Settings\Sean\Application Data\Ventrilo
2009-09-11 00:23:43 ----D---- C:\Program Files\NCSoft
2009-09-11 00:22:35 ----RSD---- C:\WINDOWS\assembly
2009-09-11 00:22:22 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-11 00:21:26 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-09-11 00:15:38 ----D---- C:\Documents and Settings\Sean\Application Data\InstallShield
2009-09-11 00:14:38 ----D---- C:\Program Files\VideoLAN
2009-09-11 00:14:20 ----D---- C:\Documents and Settings\Sean\Application Data\GetRightToGo
2009-09-11 00:09:28 ----D---- C:\Program Files\RivaTuner v2.22
2009-09-11 00:08:30 ----D---- C:\WINDOWS\pss
2009-09-11 00:07:55 ----D---- C:\Downloads
2009-09-11 00:05:53 ----D---- C:\Program Files\Microsoft
2009-09-11 00:05:21 ----D---- C:\Program Files\Windows Live
2009-09-11 00:04:16 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-11 00:03:46 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-09-11 00:02:33 ----D---- C:\Program Files\World of Warcraft
2009-09-11 00:00:06 ----D---- C:\Documents and Settings\Sean\Application Data\Macromedia
2009-09-11 00:00:06 ----D---- C:\Documents and Settings\Sean\Application Data\Adobe
2009-09-10 23:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-10 23:58:23 ----D---- C:\Documents and Settings\Sean\Application Data\AIMPro
2009-09-10 23:58:23 ----D---- C:\Documents and Settings\Sean\Application Data\acccore
2009-09-10 23:58:15 ----D---- C:\Program Files\Common Files\Nullsoft
2009-09-10 23:58:13 ----D---- C:\Program Files\AIM
2009-09-10 23:58:09 ----D---- C:\Documents and Settings\Sean\Application Data\AIM
2009-09-10 23:53:07 ----D---- C:\Program Files\Ventrilo
2009-09-10 23:53:06 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-09-10 23:49:35 ----N---- C:\WINDOWS\Ctregrun.exe
2009-09-10 23:49:07 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-09-10 23:49:07 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-09-10 23:49:00 ----D---- C:\Program Files\Common Files\Creative
2009-09-10 23:48:59 ----HD---- C:\Program Files\Creative Installation Information
2009-09-10 23:48:53 ----D---- C:\Documents and Settings\Sean\Application Data\Mozilla
2009-09-10 23:48:31 ----D---- C:\Program Files\Mozilla Firefox
2009-09-10 23:48:04 ----N---- C:\WINDOWS\Updreg.EXE
2009-09-10 23:47:36 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-09-10 23:47:34 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-09-10 23:47:34 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-09-10 23:47:32 ----D---- C:\Documents and Settings\Sean\Application Data\Creative
2009-09-10 23:47:04 ----RA---- C:\WINDOWS\system32\instwdm.ini
2009-09-10 23:47:04 ----RA---- C:\WINDOWS\system32\ctzapxx.ini
2009-09-10 23:47:04 ----D---- C:\WINDOWS\system32\Data
2009-09-10 23:47:04 ----A---- C:\WINDOWS\INRES.DLL
2009-09-10 23:47:04 ----A---- C:\WINDOWS\CTXFIRES.DLL
2009-09-10 23:47:04 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-09-10 23:46:49 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2009-09-10 23:46:19 ----D---- C:\Program Files\Creative
2009-09-10 23:45:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-10 23:45:11 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-10 23:43:01 ----D---- C:\Documents and Settings\Sean\Application Data\Skype
2009-09-10 23:42:57 ----D---- C:\Program Files\Common Files\Skype
2009-09-10 23:42:56 ----RD---- C:\Program Files\Skype
2009-09-10 23:42:55 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-09-10 23:42:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-10 23:41:59 ----D---- C:\Program Files\WinRAR
2009-09-10 23:41:54 ----A---- C:\WINDOWS\system32\nvunrm.exe
2009-09-10 23:41:41 ----D---- C:\Program Files\FlashGet
2009-09-10 23:40:29 ----D---- C:\Program Files\Photoshop
2009-09-10 23:40:08 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-09-10 23:38:21 ----D---- C:\WINDOWS\system32\AGEIA
2009-09-10 23:38:21 ----D---- C:\Program Files\AGEIA Technologies
2009-09-10 23:37:37 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-10 23:37:23 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-10 23:37:14 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-10 23:37:06 ----D---- C:\Program Files\NVIDIA Corporation
2009-09-10 23:37:04 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-09-10 23:36:35 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-09-10 23:36:26 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-09-10 23:36:19 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-09-10 23:36:19 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-09-10 23:36:19 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-09-10 23:36:18 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-09-10 23:36:18 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-09-10 23:36:18 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-09-10 23:36:18 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-09-10 23:36:18 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-09-10 23:36:16 ----D---- C:\NVIDIA
2009-09-10 23:35:36 ----D---- C:\Documents and Settings\Sean\Application Data\Identities
2009-09-10 23:35:35 ----HD---- C:\Program Files\Uninstall Information
2009-09-10 23:35:26 ----ASH---- C:\Documents and Settings\Sean\Application Data\desktop.ini
2009-09-10 23:35:25 ----SD---- C:\Documents and Settings\Sean\Application Data\Microsoft
2009-09-10 23:34:51 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-10 23:34:50 ----D---- C:\WINDOWS\Prefetch
2009-09-10 23:34:49 ----SD---- C:\WINDOWS\system32\Microsoft
2009-09-10 23:34:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-10 23:32:42 ----D---- C:\WINDOWS\system32\xircom
2009-09-10 23:32:42 ----D---- C:\Program Files\xerox
2009-09-10 23:32:42 ----D---- C:\Program Files\microsoft frontpage
2009-09-10 23:31:51 ----A---- C:\WINDOWS\control.ini
2009-09-10 23:31:51 ----A---- C:\AUTOEXEC.BAT
2009-09-10 23:31:41 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-09-10 23:31:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-10 23:31:07 ----RD---- C:\WINDOWS\Offline Web Pages
2009-09-10 23:31:07 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-09-10 23:31:03 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-09-10 23:31:00 ----HD---- C:\Program Files\WindowsUpdate
2009-09-10 23:30:46 ----D---- C:\WINDOWS\system32\DirectX
2009-09-10 23:30:33 ----A---- C:\WINDOWS\system32\atrace.dll
2009-09-10 23:30:31 ----A---- C:\WINDOWS\system32\desktop.ini
2009-09-10 23:30:31 ----A---- C:\WINDOWS\desktop.ini
2009-09-10 23:30:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-09-10 23:30:25 ----A---- C:\WINDOWS\system32\acctres.dll
2009-09-10 23:30:24 ----D---- C:\Program Files\Common Files\Services
2009-09-10 23:30:23 ----SD---- C:\WINDOWS\Tasks
2009-09-10 23:30:23 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-09-10 23:30:22 ----D---- C:\Program Files\Common Files\MSSoap
2009-09-10 23:30:20 ----D---- C:\WINDOWS\srchasst
2009-09-10 23:30:19 ----D---- C:\WINDOWS\system32\Macromed
2009-09-10 23:30:17 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wups.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-09-10 23:30:17 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-09-10 23:30:16 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-09-10 23:30:16 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-09-10 23:30:14 ----D---- C:\Program Files\Movie Maker
2009-09-10 23:30:11 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-09-10 23:30:11 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-09-10 23:30:11 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-09-10 23:30:11 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-09-10 23:30:09 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-09-10 23:30:09 ----D---- C:\WINDOWS\system32\Restore
2009-09-10 23:30:09 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-09-10 23:30:09 ----A---- C:\WINDOWS\system32\srclient.dll
2009-09-10 23:30:09 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-09-10 23:30:09 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-09-10 23:30:08 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-09-10 23:30:08 ----A---- C:\WINDOWS\system32\msconf.dll
2009-09-10 23:30:08 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-09-10 23:30:08 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-09-10 23:30:08 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-09-10 23:30:08 ----A---- C:\WINDOWS\system32\ils.dll
2009-09-10 23:30:06 ----D---- C:\Program Files\NetMeeting
2009-09-10 23:30:06 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-09-10 23:30:06 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-09-10 23:30:05 ----A---- C:\WINDOWS\system32\inetres.dll
2009-09-10 23:30:05 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-09-10 23:30:04 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-09-10 23:30:04 ----D---- C:\Program Files\Outlook Express
2009-09-10 23:30:04 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-09-10 23:30:04 ----A---- C:\WINDOWS\system32\mstask.dll
2009-09-10 23:30:04 ----A---- C:\WINDOWS\system32\isign32.dll
2009-09-10 23:30:04 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-09-10 23:30:04 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-09-10 23:30:04 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-09-10 23:30:00 ----D---- C:\Program Files\Common Files\System
2009-09-10 23:29:55 ----D---- C:\Program Files\Internet Explorer
2009-09-10 23:29:29 ----D---- C:\Program Files\ComPlus Applications
2009-09-10 23:29:28 ----A---- C:\WINDOWS\vbaddin.ini
2009-09-10 23:29:28 ----A---- C:\WINDOWS\vb.ini
2009-09-10 23:29:24 ----D---- C:\WINDOWS\Registration
2009-09-10 23:29:18 ----D---- C:\Program Files\Windows Media Player
2009-09-10 23:29:18 ----D---- C:\Program Files\Online Services
2009-09-10 23:29:14 ----D---- C:\Program Files\Messenger
2009-09-10 23:29:11 ----D---- C:\Program Files\MSN Gaming Zone
2009-09-10 23:29:11 ----A---- C:\WINDOWS\system32\write.exe
2009-09-10 23:29:04 ----A---- C:\WINDOWS\system32\winchat.exe
2009-09-10 23:29:04 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-09-10 23:29:04 ----A---- C:\WINDOWS\system32\hticons.dll
2009-09-10 23:29:04 ----A---- C:\WINDOWS\system32\avwav.dll
2009-09-10 23:29:04 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-09-10 23:29:04 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-09-10 23:28:59 ----A---- C:\WINDOWS\system32\getuname.dll
2009-09-10 23:28:59 ----A---- C:\WINDOWS\system32\charmap.exe
2009-09-10 23:28:59 ----A---- C:\WINDOWS\system32\calc.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\winmine.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\tskill.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\sol.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\reset.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-09-10 23:28:58 ----A---- C:\WINDOWS\system32\freecell.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\tscon.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\shadow.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\regini.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\msg.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\logoff.exe
2009-09-10 23:28:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\stclient.dll
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-09-10 23:28:56 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-09-10 23:28:52 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-09-10 23:28:47 ----D---- C:\Program Files\MSN
2009-09-10 23:28:46 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-09-10 23:28:46 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-09-10 23:28:46 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-09-10 23:28:46 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-09-10 23:28:45 ----D---- C:\Program Files\Windows NT
2009-09-10 23:28:45 ----A---- C:\WINDOWS\system32\spider.exe
2009-09-10 23:28:45 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-09-10 23:28:45 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-09-10 23:28:44 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-09-10 23:28:44 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-09-10 23:28:43 ----D---- C:\WINDOWS\system32\MsDtc
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-09-10 23:28:43 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-09-10 23:28:42 ----D---- C:\WINDOWS\system32\Com
2009-09-10 23:28:42 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-09-10 23:28:42 ----A---- C:\WINDOWS\system32\colbact.dll
2009-09-10 23:28:42 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-09-10 23:28:42 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-09-10 23:28:42 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-09-10 23:28:42 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-09-10 23:28:41 ----A---- C:\WINDOWS\system32\comuid.dll
2009-09-10 23:28:41 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-09-10 23:28:37 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-09-10 23:28:37 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-09-10 23:28:37 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-09-10 23:28:37 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-09-10 19:27:30 ----A---- C:\WINDOWS\system32\h323log.txt
2009-09-10 19:16:39 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-09-10 19:15:36 ----A---- C:\WINDOWS\system32\usbui.dll
2009-09-10 19:14:15 ----SHD---- C:\WINDOWS\Installer
2009-09-10 19:14:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-10 19:14:14 ----D---- C:\Program Files\Common Files\ODBC
2009-09-10 19:14:14 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-10 19:14:12 ----RD---- C:\Program Files
2009-09-10 19:14:12 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-09-10 19:14:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-10 19:14:12 ----D---- C:\Program Files\Common Files
2009-09-10 19:14:10 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-09-10 19:14:10 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-09-10 19:14:10 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-09-10 19:14:09 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-09-10 19:14:09 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-09-10 19:14:09 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-09-10 19:14:08 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-09-10 19:14:07 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-09-10 19:14:07 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-09-10 19:14:07 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-09-10 19:14:07 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-09-10 19:14:07 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-09-10 19:14:07 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-09-10 19:14:07 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-09-10 19:14:06 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-09-10 19:14:06 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-09-10 19:14:06 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-09-10 19:14:06 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-09-10 19:14:06 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-09-10 19:14:05 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-09-10 19:14:05 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-09-10 19:14:04 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-09-10 19:14:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-09-10 19:14:03 ----A---- C:\WINDOWS\system32\irclass.dll
2009-09-10 19:14:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-09-10 19:14:03 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-09-10 19:14:02 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-09-10 19:14:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-09-10 19:14:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-09-10 19:14:01 ----A---- C:\WINDOWS\system32\batt.dll
2009-09-10 19:13:56 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-09-10 19:13:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-09-10 19:13:48 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-09-10 19:12:07 ----RA---- C:\WINDOWS\SET8.tmp
2009-09-10 19:12:04 ----RA---- C:\WINDOWS\SET4.tmp
2009-09-10 19:12:03 ----RA---- C:\WINDOWS\SET3.tmp
2009-09-10 19:11:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 19:11:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-10 19:11:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-10 19:11:32 ----SHD---- C:\System Volume Information
2009-09-10 19:11:32 ----D---- C:\Documents and Settings
2009-09-10 19:10:29 ----RASH---- C:\boot.ini
2009-09-10 19:08:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-10 19:08:06 ----RSD---- C:\WINDOWS\Fonts
2009-09-10 19:08:06 ----RD---- C:\WINDOWS\Web
2009-09-10 19:08:06 ----HD---- C:\WINDOWS\inf
2009-09-10 19:08:06 ----D---- C:\WINDOWS\WinSxS
2009-09-10 19:08:06 ----D---- C:\WINDOWS\twain_32
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\wins
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\wbem
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\usmt
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\spool
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\ShellExt
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\Setup
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\ras
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\oobe
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\npp
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\mui
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\IME
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\icsxml
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\ias
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\export
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\drivers
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\dhcp
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\config
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\3com_dmi
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\3076
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\2052
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1054
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1042
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1041
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1037
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1033
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1031
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1028
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32\1025
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system32
2009-09-10 19:08:06 ----D---- C:\WINDOWS\system
2009-09-10 19:08:06 ----D---- C:\WINDOWS\security
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Resources
2009-09-10 19:08:06 ----D---- C:\WINDOWS\repair
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Provisioning
2009-09-10 19:08:06 ----D---- C:\WINDOWS\PeerNet
2009-09-10 19:08:06 ----D---- C:\WINDOWS\pchealth
2009-09-10 19:08:06 ----D---- C:\WINDOWS\mui
2009-09-10 19:08:06 ----D---- C:\WINDOWS\msagent
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Media
2009-09-10 19:08:06 ----D---- C:\WINDOWS\java
2009-09-10 19:08:06 ----D---- C:\WINDOWS\ime
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Help
2009-09-10 19:08:06 ----D---- C:\WINDOWS\ehome
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Driver Cache
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Debug
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Cursors
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Connection Wizard
2009-09-10 19:08:06 ----D---- C:\WINDOWS\Config
2009-09-10 19:08:06 ----D---- C:\WINDOWS\AppPatch
2009-09-10 19:08:06 ----D---- C:\WINDOWS\addins
2009-09-10 19:08:06 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-09-13 17:51:45 ----A---- C:\WINDOWS\system.ini
2009-09-13 17:44:05 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-05-23 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-05-23 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-05-23 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-05-23 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-05-23 78336]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-23 1110016]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-05-23 116224]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-09-12 47360]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.22\RivaTuner32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 catchme;catchme; \??\C:\DOCUME~1\Sean\LOCALS~1\Temp\catchme.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-19 17480]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-14 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-09-20 189104]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2009-09-08 856064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-08-30 3407412]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Ried

I'm not seeing any signs of the infection detected by Spybot. Is it still alerting you? Where did it find it initially?

Pankie

I found it initially in spybot when I made a scan, ill scan again

Ried

Okay, I'd like to see the results of that scan when it has completed.

Pankie

This is what has been showing up from the beginning, very quickly in.

Ried

Can you expand it so I can see the file path or registry key it is flagging?

Pankie

Here we are, rightmedia is defiantly curable, but I think it came from win32.fraudload.edt

I beleive it downloads more adware over time doesn't it?

*edit* .

Sigh, I hit "fix selected problems" just for fun, I didin't think it would solve anything, this being the 20th time I have tried. but this came up afterwords.

Ried

I believe this is a false detection. When was the last time you updated the definitions database?

Pankie

I updated it about a week ago, that is when I reformatted. I picked up this spyware after I reformatted somehow.

Im updating now and will run another scan

Pankie

Okay, I updated and scanned again.



So, is this problem fixed? I dont understand how spybot randomly worked after it failing numerous times

Ried

No worries. False detections will happen with all commercial scanners at some point or another. They've found out about it, and rectified the false detection.

Pankie

Thanks for your help :)

Ried

You're welcome. :)

The only issues I see where you are 'playing with fire', is the fact you have no Anti Virus program installed and you are still using IE6. Please update to at least IE7.

Please download [url=http://www.avast.com/eng/download-avast-home.html]Avast Free AV[url]. Install it, update the database.

I'd also recommend installing WOT - Web of Trust. This is a browser add on that warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.

- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer.

Take care.

Pankie

I don't use iexplorer though.