Computer Freezes for no real reason

[XiaoLong]

I am having trouble with my computer.

It freezes up for no real reason. I have tried to play many full screen games and about 5 minutes into the game my computer freezes up. It's seems to do this with any full screen program except the internet.

I will also come back to my computer after about 45 minutes of doing nothing and it wil be frozen

So here is my Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:06 AM, on 03/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Valued Customer\Desktop\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\khfecbx.dll (file missing)
O2 - BHO: (no name) - {2EDE6EB6-E920-4FB1-BE81-E3C3CEF6549B} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {6B8A7E96-2E7F-4B31-9560-DE642EB92379} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92C908D2-D596-4359-B460-21F61DC8C6Ba} - C:\WINDOWS\system32\nesapwgd.dll (file missing)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsq2E.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\awtusqp.dll (file missing)
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\tpmkvsgs.dll (file missing)
O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Policies\Explorer\Run: [{A8E5749A-08A3-1033-0512-050412240002}] "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?57d1c96859b64fc1a42ce12bd2f8ad5d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?57d1c96859b64fc1a42ce12bd2f8ad5d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116356882281
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: awtusqp - awtusqp.dll (file missing)
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: khfecbx - khfecbx.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll (file missing)
O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 12943 bytes

[XiaoLong]

Could someone please get back to me?

[TheBruce1]

Hello and welcome to TSF


Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems,follow instructions below.

================================

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean that you are clean.

=========================

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=============================
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

[XiaoLong]

I have tried running DSS a few times, and it shuts down before it finishes. It seems to encounter an error everytime I try to run the program

[TheBruce1]

Ok, we`ll try this another way. My guess would be that Kaspersky is interfering with DSS.

----------------------------

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you at C:\ComboFix.txt. I'll need to see that in your next reply, along with a new HijackThis log.


=================================

Next, run DSS whilst you are still disconnected from the internet, make sure you disable Kaspersky before running DSS(Deckard System Scanner)

--------------------------

Once completed enable Kaspersky and reconnect to the internet and post the required log.

===================================
Logs Required
C:\Combofix.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

[XiaoLong]

Here is Combofix
ComboFix 08-01-09.2 - Valued Customer 2007-01-12 19:33:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.619 [GMT -7:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Valued Customer\Application Data\addon.dat
C:\Documents and Settings\Valued Customer\Application Data\macromedia\Flash Player\#SharedObjects\XFEHQWXH\www.broadcaster.com
C:\Documents and Settings\Valued Customer\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Valued Customer\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Valued Customer\Application Data\searchtoolbarcorp
C:\Documents and Settings\Valued Customer\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Valued Customer\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Program Files\Common Files\{A8E57~1
C:\Program Files\Common Files\dbmmgr32.dll
C:\Program Files\vsadd-in
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nsq2E.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\winio.dll
C:\WINDOWS\system32\winio.vxd

.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2007-12-29 17:29 . 2007-12-29 17:29 <DIR> d-------- C:\Program Files\Adssite Games Collection
2007-12-29 17:29 . 2007-12-29 17:29 79,875 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-12-29 17:29 . 2007-12-29 17:29 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-28 13:56 . 2007-12-28 13:56 <DIR> d-------- C:\Program Files\MSN Games
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iPod
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Apple Computer
2007-12-25 11:29 . 2007-01-12 19:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 11:29 . 2007-12-25 11:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 11:28 . 2007-12-25 11:28 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 11:28 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 11:27 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-12 16:04 . 2007-12-12 16:10 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-12 15:50 . 2007-12-12 15:52 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\GetRightToGo
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 01:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-22 01:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-14 16:45 --------- d-----w C:\Program Files\World of Warcraft
2007-12-12 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 02:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-06 02:30 22,328 ----a-w C:\Documents and Settings\Valued Customer\Application Data\PnkBstrK.sys
2007-12-06 01:04 --------- d-----w C:\Program Files\Activision
2007-11-27 00:13 --------- d-----w C:\Program Files\Autodesk
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 00:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-20 19:48 3,932 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMLayout.dat
2007-05-20 19:48 268 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMCPaper.dat
2005-05-17 18:50 8 --sh--r C:\WINDOWS\system32\38101260C8.sys
2007-02-11 23:15 104 --sh--r C:\WINDOWS\system32\9DCC0A4019.sys
2007-02-11 23:16 11,688 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-12 18:09 750,890 --sha-w C:\WINDOWS\system32\mmllm.bak1
2007-03-14 21:17 750,838 --sha-w C:\WINDOWS\system32\mmllm.bak2
2007-03-28 01:11 6,600 --sha-w C:\WINDOWS\system32\utvwa.bak1
2007-03-27 00:48 6,560 --sha-w C:\WINDOWS\system32\utvwa.bak2
2007-03-28 01:11 6,600 --sha-w C:\WINDOWS\system32\utvwa.ini2
2007-01-08 16:07 16,997,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-01-08 16:07 814,112 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

Code:

<pre>
----a-w           235,839 2007-04-22 22:40:07  C:\WINDOWS\uninstall Flaming .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EDE6EB6-E920-4FB1-BE81-E3C3CEF6549B}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B8A7E96-2E7F-4B31-9560-DE642EB92379}]
C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92C908D2-D596-4359-B460-21F61DC8C6Ba}]
C:\WINDOWS\system32\nesapwgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C47A9554-195A-4769-9B13-04F15B450A39}]
C:\WINDOWS\system32\awtusqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 12:38 1937408]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 03:27 219520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064]
"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 07:50 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-26 13:30 88363 C:\WINDOWS\AGRSMMSG.exe]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"LMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 14:31 45056]
"CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09 139367]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 11:45 36040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lexmark X125 Settings Utility.lnk - C:\Program Files\Lexmark X125\LEX125SU.exe [2006-12-11 11:09:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{A8E5749A-08A3-1033-0512-050412240002}"= "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"= C:\WINDOWS\system32\awtusqp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtusqp]
awtusqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfecbx]
khfecbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm]
C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]
msldr32.dll

R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2004-09-03 13:50]
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\CtxS51.sys [2004-03-12 13:23]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 11:44]
S2 WBUSB;Winbond Generic USB Controller;C:\WINDOWS\system32\Drivers\WBUSB.sys [2003-10-03 21:40]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-01-12 17:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3169ab-2008-11dc-afb8-0013d30c30b5}]
\Shell\Auto\command - RavMon.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a945561-67e2-11db-a2b1-0013d30c30b5}]
\Shell\AutoRun\command - I:\CDCheck.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 04:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-01-13 01:07:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 19:38:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 19:38:43
ComboFix-quarantined-files.txt 2008-01-10 02:38:29
ComboFix2.txt 2006-12-03 20:50:39
.
2007-12-12 10:02:33 --- E O F ---

Here is Main
Deckard's System Scanner v20071014.68
Run by Valued Customer on 2008-01-09 19:44:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-01-10 02:44:13 UTC - RP477 - Deckard's System Scanner Restore Point
86: 2007-01-13 02:32:44 UTC - RP476 - ComboFix created restore point
85: 2007-01-13 00:57:26 UTC - RP475 - System Checkpoint
84: 2007-01-11 16:10:19 UTC - RP474 - Deckard's System Scanner Restore Point
83: 2007-01-11 04:59:28 UTC - RP473 - System Checkpoint


-- First Restore Point --
1: 2007-10-24 05:05:25 UTC - RP391 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Valued Customer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:16 PM, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Valued Customer\Desktop\dss.exe
C:\DOCUME~1\VALUED~1\Desktop\Valued Customer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EDE6EB6-E920-4FB1-BE81-E3C3CEF6549B} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {6B8A7E96-2E7F-4B31-9560-DE642EB92379} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92C908D2-D596-4359-B460-21F61DC8C6Ba} - C:\WINDOWS\system32\nesapwgd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\awtusqp.dll (file missing)
O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Policies\Explorer\Run: [{A8E5749A-08A3-1033-0512-050412240002}] "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?57d1c96859b64fc1a42ce12bd2f8ad5d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?57d1c96859b64fc1a42ce12bd2f8ad5d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116356882281
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: awtusqp - awtusqp.dll (file missing)
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: khfecbx - khfecbx.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll (file missing)
O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 12195 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 WINIO - c:\windows\system32\winio.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys (file missing)
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&13699180&0&3048
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&13699180&0&3048
Service: RT2500

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: PC Camera (6029 CIF)
Device ID: ROOT\IMAGE\0000
Manufacturer:
Name: PC Camera (6029 CIF)
PNP Device ID: ROOT\IMAGE\0000
Service: SNPP106


-- Scheduled Tasks -------------------------------------------------------------

2007-12-28 21:46:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-01-12 18:07:00 376 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2007-12-29 17:29:40 40733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-29 17:29:10 79875 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-12-29 17:29:05 0 d-------- C:\Program Files\Adssite Games Collection
2007-12-28 13:56:13 0 d-------- C:\Program Files\MSN Games
2007-12-25 11:29:39 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Apple Computer
2007-12-25 11:29:25 0 d-------- C:\Program Files\iPod
2007-12-25 11:29:13 0 d-------- C:\Program Files\iTunes
2007-12-25 11:28:19 0 d-------- C:\Program Files\QuickTime
2007-12-25 11:28:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 11:27:51 0 d-------- C:\Program Files\Apple Software Update
2007-12-25 11:27:16 0 d-------- C:\Program Files\Common Files\Apple
2007-12-25 11:27:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-12 16:04:01 0 d-------- C:\Program Files\The All-Seeing Eye
2007-12-12 15:50:55 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\GetRightToGo


-- Find3M Report ---------------------------------------------------------------

2008-01-09 19:37:30 0 d-------- C:\Program Files\Common Files
2007-12-14 09:45:04 0 d-------- C:\Program Files\World of Warcraft
2007-12-12 15:52:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-05 18:04:13 0 d-------- C:\Program Files\Activision
2007-11-27 15:17:56 2544 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 17:13:39 0 d-------- C:\Program Files\Autodesk


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EDE6EB6-E920-4FB1-BE81-E3C3CEF6549B}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B8A7E96-2E7F-4B31-9560-DE642EB92379}]
C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92C908D2-D596-4359-B460-21F61DC8C6Ba}]
C:\WINDOWS\system32\nesapwgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C47A9554-195A-4769-9B13-04F15B450A39}]
C:\WINDOWS\system32\awtusqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [10/08/2004 04:04 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [28/04/2005 09:05 PM]
"Dit"="Dit.exe" [20/07/2004 06:18 PM C:\WINDOWS\Dit.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 07:50 AM]
"AGRSMMSG"="AGRSMMSG.exe" [26/04/2004 01:30 PM C:\WINDOWS\AGRSMMSG.exe]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/12/2007 10:56 AM]
"LMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [11/07/2002 02:31 PM]
"CHotkey"="mHotkey.exe" [24/02/2004 01:05 PM C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [03/02/2004 04:15 PM C:\WINDOWS\CNYHKey.exe]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/11/2006 02:49 PM]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [24/03/2006 06:09 PM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 04:05 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 12:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/12/2004 12:38 PM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/07/2007 03:27 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lexmark X125 Settings Utility.lnk - C:\Program Files\Lexmark X125\LEX125SU.exe [11/12/2006 11:09:01 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{A8E5749A-08A3-1033-0512-050412240002}"="C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"= C:\WINDOWS\system32\awtusqp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtusqp]
awtusqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfecbx]
khfecbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm]
C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]
msldr32.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3169ab-2008-11dc-afb8-0013d30c30b5}]
Auto\command- RavMon.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a945561-67e2-11db-a2b1-0013d30c30b5}]
AutoRun\command- I:\CDCheck.exe




-- End of Deckard's System Scanner: finished at 2008-01-09 19:45:43 ------------

[TheBruce1]

Hello again

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

===================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean that you are clean.

===================

P2P

P2P - I see you have P2P software BitComet 0.93, LimeWire PRO 4.10.9 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

====================

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Browser Optimizer Adssite<--See Here
Browser Optimizer Rightonadz<---Its a ad serving programme that communicates and shares your personal information with a third party server. It does not have any good functions.
Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

========================

Open notepad and copy/paste the text in the quotebox below into it:

Code:

KillAll::

RenV::
----a-w           235,839 2007-04-22 22:40:07  C:\WINDOWS\uninstall Flaming .exe

File::
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EDE6EB6-E920-4FB1-BE81-E3C3CEF6549B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B8A7E96-2E7F-4B31-9560-DE642EB92379}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92C908D2-D596-4359-B460-21F61DC8C6Ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C47A9554-195A-4769-9B13-04F15B450A39}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"= -
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtusqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfecbx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]

Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===========================

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

==========================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========================
Logs Required
C:\Combofix.txt
Kaspersky scan log
Hijackthis log

[XiaoLong]

Here are two logs
ComboFix 08-01-09.2 - Valued Customer 2008-01-10 10:15:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.509 [GMT -7:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Valued Customer\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2007-12-29 17:29 . 2007-12-29 17:29 <DIR> d-------- C:\Program Files\Adssite Games Collection
2007-12-28 13:56 . 2007-12-28 13:56 <DIR> d-------- C:\Program Files\MSN Games
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iPod
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Apple Computer
2007-12-25 11:29 . 2008-01-10 10:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 11:29 . 2007-12-25 11:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 11:28 . 2007-12-25 11:28 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 11:28 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 11:27 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-12 16:04 . 2007-12-12 16:10 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-12 15:50 . 2007-12-12 15:52 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\GetRightToGo
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 17:19 814,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-10 17:19 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-10 17:17 77,420 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-10 17:17 229,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-10 17:17 17,217,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-10 17:15 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-22 01:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-14 16:45 --------- d-----w C:\Program Files\World of Warcraft
2007-12-12 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 02:30 22,328 ----a-w C:\Documents and Settings\Valued Customer\Application Data\PnkBstrK.sys
2007-12-06 01:04 --------- d-----w C:\Program Files\Activision
2007-11-27 00:13 --------- d-----w C:\Program Files\Autodesk
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-20 19:48 3,932 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMLayout.dat
2007-05-20 19:48 268 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMCPaper.dat
2005-05-17 18:50 8 --sh--r C:\WINDOWS\system32\38101260C8.sys
2007-02-11 23:15 104 --sh--r C:\WINDOWS\system32\9DCC0A4019.sys
2007-02-11 23:16 11,688 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_19.38.11.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2007-01-13 02:32:50 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-10 17:13:43 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2007-01-13 02:32:50 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-10 17:13:43 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2007-01-13 02:32:50 7,745,536 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-10 17:13:43 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2007-01-13 02:32:50 90,112 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-10 17:13:43 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2007-01-13 02:32:50 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-10 17:13:43 7,757,824 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2007-01-13 02:32:50 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-10 17:13:43 90,112 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2007-08-05 17:10:44 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-08-05 17:10:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-04-22 22:40:07 235,839 ----a-w C:\WINDOWS\uninstall Flaming.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 12:38 1937408]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 03:27 219520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064]
"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 07:50 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-26 13:30 88363 C:\WINDOWS\AGRSMMSG.exe]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"LMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 14:31 45056]
"CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09 139367]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 11:45 36040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lexmark X125 Settings Utility.lnk - C:\Program Files\Lexmark X125\LEX125SU.exe [2006-12-11 11:09:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{A8E5749A-08A3-1033-0512-050412240002}"= "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032

R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2004-09-03 13:50]
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\CtxS51.sys [2004-03-12 13:23]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 11:44]
S2 WBUSB;Winbond Generic USB Controller;C:\WINDOWS\system32\Drivers\WBUSB.sys [2003-10-03 21:40]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-10 10:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3169ab-2008-11dc-afb8-0013d30c30b5}]
\Shell\Auto\command - RavMon.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a945561-67e2-11db-a2b1-0013d30c30b5}]
\Shell\AutoRun\command - I:\CDCheck.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 04:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 17:07:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 10:19:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\HKCYDLL.dll
.
Completion time: 2008-01-10 10:22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 17:22:40
ComboFix2.txt 2008-01-10 02:38:44
ComboFix3.txt 2006-12-03 20:50:39
.
2008-01-10 17:05:25 --- E O F ---

And

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:50 PM, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Valued Customer\Desktop\HiJackThis(2).exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Policies\Explorer\Run: [{A8E5749A-08A3-1033-0512-050412240002}] "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?57d1c96859b64fc1a42ce12bd2f8ad5d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?57d1c96859b64fc1a42ce12bd2f8ad5d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116356882281
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 11421 bytes


BUt when I try to run Kaspersky online scanner i get this error message
Attention, you must be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21]

[TheBruce1]

Try this scanner instead:

ESET Online Scanner

• Please go to the following link ESET Online Scanner Link
• Tick the box YES, I accept the Terms Of Use
• Click the Start button
• Now click the Install button
• Click Start
  
  The scanner engine will initialise and update
  
• Do Not tick the box Remove found threats
• Click the Scan button
  
  The scan will now run, please be patient
  
• When the scan finishes click the Details tab
• Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

----------------------------------

Before that please enable Windows Firewall.

*Click start and then run
*Type Firewall.cpl and click ok.
*On the General tab, click On (recommended), and then click OK.

[XiaoLong]

I have tried numerous times to get the webpage to load, but am unsuccessful. It will oad fine in firefox, but as you know it must be run in an IE window, is there any other solution?

[TheBruce1]

Try this instead:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar, Go to Options>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to Report
• Next, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

==========
Logs Required
DrWeb.csv
Hijackthis log

[XiaoLong]

The scans are now running, but my computer keeps freezing up before they can finish. I will keep trying and hopefully will be able to post something soon

[TheBruce1]

Did you run Dr.Web Cureit yet, disconnect from the internet and disable Kaspersky as the PDM may interfere with Dr.Web.

[XiaoLong]

I've tried both scans of Dr.Web and the one at eset.com I can't seem to keep my comp running long enough. I have also disabled both the internet and kaspersky, still nothing, my computer keeps freezing up

[TheBruce1]

Hello again

Lets clear some junk first then try Dr.Web in safe mode. When running scans does the scan stop at a certain file and then nothing happens, if so, do you know which file.

=====================

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

======================

Download ATF-Cleaner by Atribune to your desktop.Do not run just yet, we will shortly

=====================

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab

Please remember to close all other windows, including browsers then click Fix checked.


======================

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
C:\WINDOWS\uninstall Flaming.exe

Folder::
C:\Program Files\Adssite Games Collection

Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

==========================

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========================
Safe Mode

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

=========================
Safe Mode Scan

Double-click on cureit.exe to start the program. (ignore any prompts to update or check for a new version).

Follow the instructions as before for running Dr.Web Cureit and save the report, when finished boot back into normal mode and carry on with the rest of the instructions.

Note:Make a note of the file-name if the scan does not complete(if any).

=====================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=======================
Logs Required
C:\Combofix.txt
DrWeb.csv
Hijackthis log

[XiaoLong]

Problems still abound. I cannot seem to get my computer to load in sfe mode. It crashes and freezes on every attempt

I did manage to get some things done, so hwere is what I can post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:14 PM, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valued Customer\Desktop\Valued Customer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Policies\Explorer\Run: [{A8E5749A-08A3-1033-0512-050412240002}] "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116356882281
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8406 bytes

ComboFix 08-01-09.2 - Valued Customer 2008-01-18 18:15:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT -7:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Valued Customer\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\uninstall Flaming.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\uninstall Flaming.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-17 11:48 . 2008-01-17 11:48 3,072 --ahs---- C:\Thumbs.db
2008-01-15 20:30 . 2008-01-15 20:30 <DIR> d-------- C:\Documents and Settings\Valued Customer\DoctorWeb
2008-01-15 14:46 . 2008-01-16 12:02 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-10 14:40 . 2008-01-10 14:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 13:56 . 2008-01-17 17:41 <DIR> d-------- C:\Program Files\MSN Games
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iPod
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Apple Computer
2007-12-25 11:29 . 2008-01-18 18:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 11:29 . 2007-12-25 11:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 11:28 . 2007-12-25 11:28 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 11:28 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 11:27 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 01:04 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-18 00:59 --------- d-----w C:\Program Files\Musicmatch
2008-01-18 00:49 830,752 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-18 00:41 --------- d-----w C:\Program Files\Diablo II
2008-01-18 00:41 --------- d-----w C:\Program Files\Cinemaware
2008-01-18 00:41 --------- d-----w C:\Program Files\Autodesk
2008-01-18 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-16 19:00 --------- d-----w C:\Program Files\Fire2USB
2008-01-15 22:30 19,059,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-10 17:17 77,420 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-10 17:17 229,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-10 17:15 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-22 01:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-22 01:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-14 16:45 --------- d-----w C:\Program Files\World of Warcraft
2007-12-12 23:10 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-12 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 22:52 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\GetRightToGo
2007-12-06 02:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-06 02:30 22,328 ----a-w C:\Documents and Settings\Valued Customer\Application Data\PnkBstrK.sys
2007-12-06 01:04 --------- d-----w C:\Program Files\Activision
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 00:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-20 19:48 3,932 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMLayout.dat
2007-05-20 19:48 268 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMCPaper.dat
2005-05-17 18:50 8 --sh--r C:\WINDOWS\system32\38101260C8.sys
2007-02-11 23:15 104 --sh--r C:\WINDOWS\system32\9DCC0A4019.sys
2007-02-11 23:16 11,688 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-01-10_10.22.20.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 17:13:43 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-19 01:15:05 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 17:13:43 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 01:15:05 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 17:13:43 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-19 01:15:05 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 17:13:43 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 01:15:05 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 17:13:43 7,757,824 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-19 01:15:05 7,757,824 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-10 17:13:43 90,112 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 01:15:05 90,112 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-07-27 22:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 22:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 03:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 20:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-03 01:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-03 01:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 23:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 18:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 12:38 1937408]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 03:27 219520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064]
"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 07:50 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-26 13:30 88363 C:\WINDOWS\AGRSMMSG.exe]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"LMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 14:31 45056]
"CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09 139367]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 11:45 36040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lexmark X125 Settings Utility.lnk - C:\Program Files\Lexmark X125\LEX125SU.exe [2006-12-11 11:09:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{A8E5749A-08A3-1033-0512-050412240002}"= "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032

R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2004-09-03 13:50]
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\CtxS51.sys [2004-03-12 13:23]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 11:44]
S2 WBUSB;Winbond Generic USB Controller;C:\WINDOWS\system32\Drivers\WBUSB.sys [2003-10-03 21:40]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-18 18:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3169ab-2008-11dc-afb8-0013d30c30b5}]
\Shell\Auto\command - RavMon.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a945561-67e2-11db-a2b1-0013d30c30b5}]
\Shell\AutoRun\command - I:\CDCheck.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 04:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 01:07:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:19:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\HKCYDLL.dll
.
Completion time: 2008-01-18 18:19:52
ComboFix-quarantined-files.txt 2008-01-19 01:19:36
ComboFix2.txt 2008-01-10 17:22:44
ComboFix3.txt 2008-01-10 02:38:44
ComboFix4.txt 2006-12-03 20:50:39
.
2008-01-10 17:05:25 --- E O F ---

ComboFix 08-01-09.2 - Valued Customer 2008-01-18 18:15:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT -7:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Valued Customer\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\uninstall Flaming.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\uninstall Flaming.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-17 11:48 . 2008-01-17 11:48 3,072 --ahs---- C:\Thumbs.db
2008-01-15 20:30 . 2008-01-15 20:30 <DIR> d-------- C:\Documents and Settings\Valued Customer\DoctorWeb
2008-01-15 14:46 . 2008-01-16 12:02 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-10 14:40 . 2008-01-10 14:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 13:56 . 2008-01-17 17:41 <DIR> d-------- C:\Program Files\MSN Games
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Program Files\iPod
2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Apple Computer
2007-12-25 11:29 . 2008-01-18 18:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 11:29 . 2007-12-25 11:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 11:28 . 2007-12-25 11:28 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 11:28 . 2007-12-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 11:27 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 01:04 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-18 00:59 --------- d-----w C:\Program Files\Musicmatch
2008-01-18 00:49 830,752 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-18 00:41 --------- d-----w C:\Program Files\Diablo II
2008-01-18 00:41 --------- d-----w C:\Program Files\Cinemaware
2008-01-18 00:41 --------- d-----w C:\Program Files\Autodesk
2008-01-18 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-16 19:00 --------- d-----w C:\Program Files\Fire2USB
2008-01-15 22:30 19,059,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-10 17:17 77,420 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-10 17:17 229,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-10 17:15 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-22 01:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-22 01:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-14 16:45 --------- d-----w C:\Program Files\World of Warcraft
2007-12-12 23:10 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-12 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 22:52 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\GetRightToGo
2007-12-06 02:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-06 02:30 22,328 ----a-w C:\Documents and Settings\Valued Customer\Application Data\PnkBstrK.sys
2007-12-06 01:04 --------- d-----w C:\Program Files\Activision
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 00:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-20 19:48 3,932 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMLayout.dat
2007-05-20 19:48 268 ----a-w C:\Documents and Settings\Valued Customer\Application Data\LMCPaper.dat
2005-05-17 18:50 8 --sh--r C:\WINDOWS\system32\38101260C8.sys
2007-02-11 23:15 104 --sh--r C:\WINDOWS\system32\9DCC0A4019.sys
2007-02-11 23:16 11,688 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-01-10_10.22.20.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 17:13:43 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-19 01:15:05 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 17:13:43 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 01:15:05 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 17:13:43 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-19 01:15:05 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 17:13:43 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 01:15:05 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 17:13:43 7,757,824 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-19 01:15:05 7,757,824 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-10 17:13:43 90,112 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 01:15:05 90,112 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-07-27 22:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 22:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 03:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 20:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-03 01:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-03 01:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 23:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 18:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 12:38 1937408]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 03:27 219520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064]
"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 07:50 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-26 13:30 88363 C:\WINDOWS\AGRSMMSG.exe]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"LMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 14:31 45056]
"CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09 139367]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 11:45 36040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lexmark X125 Settings Utility.lnk - C:\Program Files\Lexmark X125\LEX125SU.exe [2006-12-11 11:09:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{A8E5749A-08A3-1033-0512-050412240002}"= "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032

R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2004-09-03 13:50]
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\CtxS51.sys [2004-03-12 13:23]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 11:44]
S2 WBUSB;Winbond Generic USB Controller;C:\WINDOWS\system32\Drivers\WBUSB.sys [2003-10-03 21:40]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-18 18:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3169ab-2008-11dc-afb8-0013d30c30b5}]
\Shell\Auto\command - RavMon.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a945561-67e2-11db-a2b1-0013d30c30b5}]
\Shell\AutoRun\command - I:\CDCheck.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 04:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 01:07:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:19:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\HKCYDLL.dll
.
Completion time: 2008-01-18 18:19:52
ComboFix-quarantined-files.txt 2008-01-19 01:19:36
ComboFix2.txt 2008-01-10 17:22:44
ComboFix3.txt 2008-01-10 02:38:44
ComboFix4.txt 2006-12-03 20:50:39
.
2008-01-10 17:05:25 --- E O F ---

[TheBruce1]

Hello again

Not really seeing anything bad in your log, are the games you play from CD or online or for that matter both, did you recently install a game just prior to these problems occuring. Most likely this could be a hardware/software or driver conflict.

Follow these instructions:





Please download this tool > System Repair Engineer 2.5.16.900 FREE(from Local Download 2)

1. Extract it to it's own folder & double click SREng.exe to run it
   
   
2. Select 'Smart Scan' & tick "Verify Digital Signatures"
   
   
3. Click on the [Scan] button
   
   
4. When finished, click on the [Save Reports] button & save the log to Desktop
   
   
5. Attach the log in your next reply. Dont post it

Note: You may have to rename SREngLog.log to SREngLog.txt before attaching.

==============
Log Required
SREngLog

[XiaoLong]

Here is the new log you want posted.

As far as games go. I mostly play WOW online, and rarely play anything else.

Something that came to mind, was one day I was trying to copy files from my Mobile Phone Memory card onto my computer. I use a M2 adapter to fit the MS/SD port on my computer. While trying to get the card into the slot I moved it around thinking it did not fit properly. COuld this have caused a problem, since you need to properly eject devices such as this before removing them?



2008-01-19,10:34:15

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<NBJ><"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"> [Ahead Software AG]
<AlcoholAutomount><"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount> [(Verified)Alcohol Soft Code Signing Services]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<{A8E5749A-08A3-1033-0512-050412240002}><"C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ehTray><C:\WINDOWS\ehome\ehtray.exe> [(Verified)Microsoft Windows Publisher]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<Dit><Dit.exe> [ICSI Technology Ltd.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
<LMPDPSRV><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE> [DeviceGuys]
<CHotkey><mHotkey.exe> [Chicony]
<ledpointer><CNYHKey.exe> [Chicony]
<MSKDetectorExe><C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall> [McAfee, Inc.]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]

==================================
Startup Folders
[Lexmark X125 Settings Utility]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk --> C:\PROGRA~1\LEXMAR~1\LEX125SU.exe [Lexmark International]><N>

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[PnkBstrA / PnkBstrA][Running/Auto Start]
<C:\WINDOWS\system32\PnkBstrA.exe><N/A>
[StarWind AE Service / StarWindServiceAE][Running/Auto Start]
<C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe><Rocket Division Software>
[Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start]
<c:\program files\windows media connect\mswmccds.exe><Microsoft Corporation>
[Windows Media Connect (WMC) Helper / WmcCdsLs][Stopped/Manual Start]
<C:\Program Files\Windows Media Connect\mswmcls.exe><Microsoft Corporation>
[WMP54Gv4SVC / WMP54Gv4SVC][Running/Auto Start]
<"C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe"><GEMTEKS>

==================================
Drivers
[AEGIS Protocol (IEEE 802.1x) v3.4.0.1 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Agere Systems Soft Modem / AgereSoftModem][Stopped/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[AMD Processor Driver / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BCM42RLY / BCM42RLY][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\BCM42RLY.SYS><Broadcom Corporation>
[Card Reader Filter / CardReaderFilter][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS><ICSI Technology Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[DgiVecp / DgiVecp][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\DgiVecp.sys><N/A>
[DS1410D / DS1410D][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ds1410d.sys><N/A>
[3Com EtherLink XL 90XB/C Adapter Driver / EL90XBC][Stopped/Manual Start]
<system32\DRIVERS\el90xbc5.sys><3Com Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Hardlock / Hardlock][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[Haspnt / Haspnt][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[Hauppauge WinTV PVR PCI II (26xxx) / hcwPP2][Stopped/Manual Start]
<system32\DRIVERS\hcwPP2.sys><Hauppauge Computer Works, Inc.>
[Hauppauge WinTV-PVR PCI II (Encoder-16) / hcwPVRP2][Running/Manual Start]
<system32\DRIVERS\hcwPVRP2.sys><Hauppauge Computer Works, Inc.>
[Creatix V.9X DSP Data Fax Modem / Intels51][Running/Manual Start]
<system32\DRIVERS\CtxS51.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Linksys Wireless-G PCI Adapter Driver / RT2500][Running/Manual Start]
<system32\DRIVERS\RT2500.sys><Ralink Technology Inc.>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sentinel / Sentinel][Running/Auto Start]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[PC Camera (6029 CIF) / SNPP106][Running/Manual Start]
<system32\DRIVERS\snpp106.sys><>
[Rainbow USB SuperPro / Sntnlusb][Stopped/Manual Start]
<system32\DRIVERS\SNTNLUSB.SYS><Rainbow Technologies Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
<System32\Drivers\usbaapl.sys><Apple, Inc.>
[vaxscsi / vaxscsi][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<system32\DRIVERS\wanatw4.sys><N/A>
[Winbond Generic USB Controller / WBUSB][Stopped/Auto Start]
<System32\Drivers\WBUSB.sys><Winbond Electronics Corp.>
[WINIO / WINIO][Running/System Start]
<\SystemRoot\System32\winio.sys><N/A>
[Logitech Virtual Bus Enumerator Driver / WmBEnum][Running/Manual Start]
<system32\drivers\WmBEnum.sys><Logitech Inc.>
[Logitech WingMan HID Filter Driver / WmFilter][Running/Manual Start]
<system32\drivers\WmFilter.sys><Logitech Inc.>
[Logitech Virtual Hid Device Driver / WmVirHid][Stopped/Manual Start]
<system32\drivers\WmVirHid.sys><Logitech Inc.>
[Logitech WingMan Translation Layer Driver / WmXlCore][Running/Manual Start]
<system32\drivers\WmXlCore.sys><Logitech Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[GTNDIS5 NDIS Protocol Driver / GTNDIS5][Running/Manual Start]
<\??\C:\WINDOWS\system32\GTNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll, BitComet>
[Alcohol Toolbar Helper]
{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Alcohol Toolbar]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Macromedia Authorware Web Player Control]
{15B782AF-55D8-11D1-B477-006097098764} <C:\WINDOWS\system32\macromed\authorwa\awswax.ocx, Macromedia, Inc.>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, N/A>
[OnlineScanner Control]
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} <C:\WINDOWS\system32\ONLINE~1.OCX, Eset>
[Facebook Photo Uploader Control]
{5F8469B4-B055-49DD-83F7-62B522420ECC} <C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[GameLauncher Control]
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} <C:\WINDOWS\DOWNLO~1\GAMELA~1.OCX, N/A>
[imlUCID Class]
{7DFDB8FD-B498-4958-B930-38021B94351D} <C:\WINDOWS\Downloaded Program Files\imlCID.dll, N/A>
[Java Plug-in 1.5.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll, Sun Microsystems, Inc.>
[DVCDownloadControl]
{ABB660B6-6694-407B-950A-EDBA5A159722} <C:\WINDOWS\DOWNLO~1\DVCDOW~1.OCX, N/A>
[MSN Games - Installer]
{B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, N/A>
[CSolidBrowserObj Object]
{BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} <C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll, Solid State Networks>
[Java Plug-in 1.5.0_03]
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll, BitComet>
[OnlineScanner Control]
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} <C:\WINDOWS\system32\ONLINE~1.OCX, Eset>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Alcohol Toolbar Helper]
{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Alcohol Toolbar]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>

==================================
Running Processes
[PID: 584 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4158]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4158]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2510]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2515]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1068 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4158]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2510]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2515]
[C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4158]
[PID: 1216 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\MagicISO\misosh.dll] [MagicISO, Inc., 5, 3, 0, 198]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\system32\qedit.dll] [, ]
[C:\WINDOWS\system32\quartz.dll] [, ]
[C:\WINDOWS\system32\devenum.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\BitComet\tools\RealMediaSplitter.ax] [Gabest, 1, 0, 1, 1]
[C:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax] [Ahead Software AG, 2, 0, 2, 28]
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll] [Ahead Software AG, 1,2,0, 2265]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Ahead\WMPBurn\NeroBurnPlugin.dll] [Ahead Software AG, 1, 2, 0, 1]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\LMPDPMON.DLL] [DeviceGuys, 1.0.0.245]
[C:\WINDOWS\system32\lxbgmdm.dll] [Samsung Electronics, 1, 0, 9, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LMPriNT.DLL] [DeviceGuys, 1.0.0.245]
[C:\WINDOWS\system32\LMLayout.DLL] [DeviceGuys, 1.0.0.245]
[PID: 1688 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0]
[PID: 1732 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2700.2230 built by: private/xpsp_mce_qfe(wmbla)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\quartz.dll] [, ]
[C:\WINDOWS\system32\devenum.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\hcwECP.ax] [Hauppauge Computer Works, Inc., 1.3.22208]
[C:\WINDOWS\system32\mpg2splt.ax] [, ]
[C:\WINDOWS\system32\VBICodec.ax] [, ]
[C:\WINDOWS\system32\encdec.dll] [, ]
[C:\WINDOWS\system32\hcwXDS.dll] [, 1, 4, 0, 20266]
[C:\WINDOWS\system32\hcwCConv.ax] [Hauppauge Computer Works, Inc., 1.17.390.21346]
[C:\Program Files\Home Cinema\PowerProducer\ppAuRsmpl.ax] [CyberLink Corp., 1.0.1817 ]
[PID: 1808 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2700.2180 (private/xpsp_mce.040810-0205)]
[PID: 2016 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 320 / SYSTEM][C:\WINDOWS\system32\PnkBstrA.exe] [N/A, ]
[PID: 488 / Valued Customer][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2700.2180 (private/xpsp_mce.040810-0205)]
[PID: 556 / Valued Customer][C:\WINDOWS\Dit.exe] [ICSI Technology Ltd., V2.12.0720]
[PID: 616 / Valued Customer][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.36 2.1.36 11/19/2003 15:41:01]
[PID: 632 / Valued Customer][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 41, 25]
[C:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.2]
[PID: 644 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe] [Rocket Division Software, 3.2.3 Build 20070527]
[PID: 648 / Valued Customer][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE] [DeviceGuys, 1.0.0.245]
[PID: 668 / Valued Customer][C:\WINDOWS\mHotkey.exe] [Chicony, 3, 0, 0, 8]
[C:\WINDOWS\HIDMNT.dll] [N/A, ]
[PID: 1088 / Valued Customer][C:\Program Files\D-Tools\daemon.exe] [DAEMON'S HOME, 3.47.0.0]
[C:\WINDOWS\daemon.dll] [, 3.47.0.0]
[C:\Program Files\D-Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll] [, 1.0.2.0]
[C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.02.0.0]
[C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.01.0.0]
[C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll] [GENERIC, 1.02.0.0]
[C:\Program Files\D-Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
[PID: 1180 / Valued Customer][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.5.0.20]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.5.0.20]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.5.0.20]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx] [Apple Computer, Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx] [Apple Computer, Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx] [Apple Inc., 7.3.1]
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 7, 5, 108, 0]
[PID: 1000 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256 / Valued Customer][C:\Program Files\Lexmark X125\LEX125SU.exe] [Lexmark International, 1, 0, 0, 8]
[C:\WINDOWS\system32\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.028]
[C:\WINDOWS\system32\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.028]
[C:\WINDOWS\TWAIN_32.dll] [Twain Working Group, 1,7,1,1]
[C:\WINDOWS\system32\LTIMG12n.dll] [LEAD Technologies, Inc., 12.1.0.028]
[C:\WINDOWS\system32\LTDIS12n.dll] [LEAD Technologies, Inc., 12.1.0.028]
[C:\WINDOWS\system32\LXBGMDM.DLL] [Samsung Electronics, 1, 0, 9, 0]
[PID: 1308 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1728 / SYSTEM][C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe] [GEMTEKS, 1, 0, 0, 4]
[PID: 1816 / SYSTEM][C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe] [Linksys, 1.0.0.14]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll] [, 1, 0, 2, 3]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ProcNICs.dll] [GemTek, 1, 0, 0, 7]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\resWMP54Gv4_US.dll] [Linksys, 1.0.0.1]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\aviWMP54Gv4.dll] [Linksys, 1.0.0.0]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL] [, 1, 0, 0, 1]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Ralinktek.DLL] [GemTK, 1, 0, 0, 9]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\SES.dll] [Linksys, 2, 2, 0, 2]
[C:\WINDOWS\system32\GTW32N50.dll] [, 1.0.0.1]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ez54g.dll] [, 1, 0, 0, 1]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ses_cl.dll] [N/A, ]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\0004\AegisE5.dll] [Meetinghouse Data Communications, 3, 2, 5, 0]
[C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\RM_DEV_CODE.dll] [GEMTEKS, 1, 0, 1, 2]
[PID: 3100 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3364 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.5.0.20]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.5.0.20]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.5.0.20]
[PID: 3764 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2396 / Valued Customer][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2700.2180 (private/xpsp_mce.040810-0205)]
[C:\Windows\System32\MSIFPCTL.dll] [MSI, 1, 0, 0, 4]
[PID: 3616 / Valued Customer][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.64]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[PID: 3728 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3132 / Valued Customer][C:\Documents and Settings\Valued Customer\Desktop\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Documents and Settings\Valued Customer\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1688, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 556, C:\WINDOWS\DIT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 648, C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LMPDPSRV.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 668, C:\WINDOWS\MHOTKEY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1088, C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1256, C:\PROGRAM FILES\LEXMARK X125\LEX125SU.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1816, C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI WIRELESS NETWORK MONITOR\WMP54GV4.EXE]

==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
Hidden Process
N/A

==================================

[TheBruce1]

Quote:

Originally Posted by XiaoLong

As far as games go. I mostly play WOW online, and rarely play anything else.

Something that came to mind, was one day I was trying to copy files from my Mobile Phone Memory card onto my computer. I use a M2 adapter to fit the MS/SD port on my computer. While trying to get the card into the slot I moved it around thinking it did not fit properly. COuld this have caused a problem, since you need to properly eject devices such as this before removing them?

Doubt that would cause the problems you are having. I see you have Kaspersky Anti-Virus 6.299 which is about 18 months old, the current version is 7.0.321, you do have a valid license for Kaspersky?

===============================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6u4.
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• In the pull down menu next to Platform select Windows
• Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
• Click Continue
• Click on the link to download Windows Offline Installation and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.

=========================

Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues

Go to Start > Run - type in eventvwr <Press Enter>



This is a picture of what the event viewer looks like.
You will see Application, Security & System listed in the left pane.

1. In the left pane click on Application.
2. Click the gray title “Type” at the top of the source name column in the right pane to sort by type name
   Look for “Error” & double-click on the most recent 10, and evaluate the event description for any indication of the cause of the problem.
3. Make note of the Description, EventID and Source of these Event Properties.
4. From the right pane, doubleclick on the line where it says error & you should get a window like the example below
   
   
   
   
   
   
5. In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down.
   There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
6. Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here

Repeat steps 1-6 for System

=========================

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report into your next reply.

===========================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

===========================
Logs Required
Windows Event Viewer Logs
Panda scan report
Hijackthis Log

[XiaoLong]

As per usual the online scan is not completing. I have tried 3 times, and it has yet to do a scan, it keeps freezing up on me. So I can only post 2/3 scans for you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:18 PM, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valued Customer\Desktop\Valued Customer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Policies\Explorer\Run: [{A8E5749A-08A3-1033-0512-050412240002}] "C:\Program Files\Common Files\{A8E5749A-08A3-1033-0512-050412240002}\Update.exe" mc-110-12-0001032
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116356882281
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9094 bytes