Infected by TrojanDownloader.Zlob.BXN trojan and a variant of Win32/AutoRun.ABH worm

[plasma.d00d]

Hey there , greetings all :)

I have a couple of probs really, unsure if they are linked.

I randomly get IE7 locking up , freezing (spinning blue circle icon) when I click on links in IE7. Can only close window with ctrl/alt/delete.

But my main problem seems to be that I have on my system the following...

c:\windows\temp\9d5.tmp - a variant of Win32/TrojanDownloader.Zlob.BXN trojan
c:\users\*MY USER ACCOUNT*\AppData\Local\Temp\tmp5AFB.tmp a variant of Win32/AutoRun.ABH worm

I may also have other infections that I am not aware of (unsure really). I have done the following ...

Quote:

1. Double-click gmer.exe. The program will begin to run.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
Click the Scan button and let the program do its work. GMER will produce a log.......

gmer.exe starts scanning but when it gets to \Cdfs I get black screen on my laptop , then a BSOD, memory dump then shutdown.

Quote:

2. Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt. You will be attaching the info.txt.

I have both those files.

Contents of log.txt ....

Logfile of random's system information tool 1.04 (written by random/random)
Run by kracken at 2008-11-08 12:35:32
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 104 GB (57%) free of 180 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:36, on 08/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\kracken\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\kracken.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows

Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll

(file missing)
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF

Professional 5\bin\ZeonIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart

Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5

\bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -

Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe"

-r "C:\ProgramData\Nuance\PDF Professional 5\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PhoneDaemon] C:\Users\kracken\Downloads\iphone\iPhone PC Suite\PhoneDaemon.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK

SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program

Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program

Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5

\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5

\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF

Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF

Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional

5\cnvres_eng.dll /100
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1

\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12

\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2

\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {22055A00-27C0-438B-BF53-44E973A4C48A} (VPlayer Control) -

http://video.vividas.com/CDN1/5403_s...vivid_ocx.jpeg
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://83.104.226.142/kxhcm10.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -

http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w3/pr01...PUplden-gb.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -

http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} (DigiMeldOcx Control) -

http://www.digimeld.com/download/digimeldOcx.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

http://212.181.20.126/activex/AxisCamControl.cab
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) -

https://www.mesh.com/Install/win32/TSWeb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{178F0DCD-9624-4319-AF9D-F2DD0CC4F31F}: NameServer =

85.255.112.143;85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{C63BC921-57D1-437B-855F-BA788028AF6A}: NameServer =

85.255.112.143;85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{178F0DCD-9624-4319-AF9D-F2DD0CC4F31F}: NameServer =

85.255.112.143;85.255.112.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{178F0DCD-9624-4319-AF9D-F2DD0CC4F31F}: NameServer =

85.255.112.143;85.255.112.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common

Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5

\PDFProFiltSrv.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle

Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation -

C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation -

C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation -

C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program

Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdeaj.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 19912 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb

-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283

-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11

75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4

-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22

-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24

2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C

-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF

-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f

-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

[2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E

-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\PROGRA~1\GOOGLE~1\BAE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2

-84FE-BFA1549BEBF9}]
ZeonIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053

-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B

-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-06-27 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{E3286BF1-E654-42FF-B4A6-5E111731DF6B} - Nuance PDF - C:\Program Files\Nuance\PDF Professional 5

\bin\ZeonIEFavClient.dll [2008-02-20 299008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-10 118784]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-06-12 317560]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-01-24 949376]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-11-29 55824]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-07 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-07 8534560]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-07 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-

03 111936]
"PDFHook"=C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe [2008-02-27 795936]
"PDF5 Registry Controller"=C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe [2008-02-27 58656]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2007-03-26 210472]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"Nuance PDF Professional 5-reminder"=C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe [2007-08-31 328992]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Evidence Eliminator"=C:\Program Files\Evidence Eliminator\ee.exe /m []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[2007-12-13 1688872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Privacy Suite RiskMonitor"=C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe [2007-11-22 1777296]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-07-18 4608]
"PhoneDaemon"=C:\Users\kracken\Downloads\iphone\iPhone PC Suite\PhoneDaemon.exe []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-12 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

[2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\autho

rizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authori

zedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"

======List of files/folders created in the last 1 months======

2008-11-08 12:35:32 ----D---- C:\rsit
2008-11-08 11:58:52 ----A---- C:\Windows\gmer.ini
2008-11-08 11:58:50 ----A---- C:\Windows\gmer_uninstall.cmd
2008-11-08 11:58:50 ----A---- C:\Windows\gmer.exe
2008-11-08 11:58:50 ----A---- C:\Windows\gmer.dll
2008-11-08 10:59:48 ----D---- C:\Program Files\Trend Micro
2008-11-08 10:10:11 ----D---- C:\Program Files\Common Files\INCA Shared
2008-11-08 10:07:40 ----D---- C:\Program Files\G4box
2008-11-06 18:17:27 ----RSHD---- C:\resycled
2008-10-30 19:00:29 ----A---- C:\Windows\system32\wersvc.dll
2008-10-30 19:00:29 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-30 19:00:23 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 20:57:29 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-10-28 20:57:29 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-10-28 20:57:27 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-10-28 20:57:26 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-10-28 20:57:26 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-10-28 20:57:26 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-10-28 20:57:25 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-10-28 20:57:25 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-10-28 20:57:22 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-10-28 20:57:22 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-10-28 20:57:22 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-10-28 20:57:22 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-10-28 20:57:22 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-10-28 20:57:22 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-10-28 20:57:21 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-10-28 20:57:21 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-10-28 20:57:21 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-10-28 20:57:21 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-10-28 20:57:20 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-10-28 20:57:20 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-10-28 20:57:19 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-10-28 20:57:19 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-10-28 20:57:19 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-10-28 20:57:19 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-10-28 20:57:18 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-10-28 20:57:18 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-10-28 20:57:17 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-10-28 20:57:17 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-10-28 20:56:16 ----HD---- C:\Windows\msdownld.tmp
2008-10-28 20:56:13 ----D---- C:\Windows\system32\directx
2008-10-26 21:23:56 ----A---- C:\Windows\system32\EncDec.dll
2008-10-26 21:23:55 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-26 21:23:51 ----A---- C:\Windows\system32\netapi32.dll
2008-10-26 21:23:49 ----A---- C:\Windows\system32\mshtml.dll
2008-10-26 21:23:48 ----A---- C:\Windows\system32\wininet.dll
2008-10-26 21:23:48 ----A---- C:\Windows\system32\urlmon.dll
2008-10-26 21:23:48 ----A---- C:\Windows\system32\ieframe.dll
2008-10-26 21:23:47 ----A---- C:\Windows\system32\mstime.dll
2008-10-26 21:23:47 ----A---- C:\Windows\system32\iertutil.dll
2008-10-26 21:23:46 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-26 21:23:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-26 21:23:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-25 11:33:17 ----D---- C:\Nexon
2008-10-25 11:33:16 ----D---- C:\ProgramData\NexonEU
2008-10-22 11:33:51 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-22 11:33:07 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-10-22 11:33:07 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-10-22 11:31:42 ----D---- C:\Program Files\Microsoft
2008-10-22 11:28:39 ----D---- C:\Program Files\Common Files\Windows Live
2008-10-20 19:57:19 ----D---- C:\Users\kracken\AppData\Roaming\Mozilla
2008-10-11 12:13:26 ----D---- C:\Program Files\Active Data Recovery Software
2008-10-11 12:09:05 ----D---- C:\Program Files\Data Doctor Recovery FAT+NTFS
2008-10-11 11:54:27 ----D---- C:\Program Files\Ontrack

======List of files/folders modified in the last 1 months======

2008-11-08 12:35:36 ----D---- C:\Windows\Prefetch
2008-11-08 12:35:35 ----D---- C:\Windows\Temp
2008-11-08 12:19:27 ----D---- C:\Windows\Minidump
2008-11-08 12:19:21 ----D---- C:\Windows
2008-11-08 11:58:50 ----D---- C:\Windows\system32\drivers
2008-11-08 10:59:48 ----RD---- C:\Program Files
2008-11-08 10:25:09 ----D---- C:\Windows\System32
2008-11-08 10:25:08 ----D---- C:\Windows\inf
2008-11-08 10:25:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-08 10:23:48 ----SHD---- C:\System Volume Information
2008-11-08 10:10:11 ----D---- C:\Program Files\Common Files
2008-11-08 09:45:30 ----A---- C:\Windows\system32\zlib.dll
2008-11-07 19:49:13 ----D---- C:\Users\kracken\AppData\Roaming\IGN_DLM
2008-11-06 18:03:59 ----D---- C:\Users\kracken\AppData\Roaming\Adobe
2008-11-03 12:38:48 ----SD---- C:\Windows\Downloaded Program Files
2008-11-03 12:38:47 ----D---- C:\Windows\system32\Macromed
2008-10-31 18:25:22 ----D---- C:\@TempNG@
2008-10-31 18:24:28 ----D---- C:\Users\kracken\AppData\Roaming\GrabIt
2008-10-31 16:08:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-31 16:08:04 ----SHD---- C:\Windows\Installer
2008-10-30 19:03:00 ----D---- C:\Windows\system32\catroot2
2008-10-30 19:01:02 ----D---- C:\Windows\winsxs
2008-10-30 19:00:26 ----D---- C:\Windows\system32\catroot
2008-10-28 21:07:50 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-28 20:56:13 ----D---- C:\Windows\Logs
2008-10-28 20:43:16 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-27 07:02:26 ----D---- C:\Program Files\Sony
2008-10-26 22:59:36 ----D---- C:\Windows\Microsoft.NET
2008-10-26 22:59:21 ----RSD---- C:\Windows\assembly
2008-10-26 21:38:48 ----D---- C:\Update
2008-10-26 21:32:53 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-26 21:31:45 ----D---- C:\Windows\ehome
2008-10-26 21:31:44 ----D---- C:\Program Files\Windows Mail
2008-10-26 21:31:41 ----D---- C:\Windows\system32\migration
2008-10-26 21:30:09 ----D---- C:\ProgramData\Microsoft Help
2008-10-26 15:41:48 ----D---- C:\My Music
2008-10-25 14:22:12 ----HD---- C:\ProgramData
2008-10-25 14:16:19 ----D---- C:\Program Files\Axialis
2008-10-25 09:51:39 ----D---- C:\Program Files\Download Manager
2008-10-22 11:34:09 ----D---- C:\Program Files\Windows Live
2008-10-22 11:31:27 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-22 11:26:26 ----SD---- C:\ProgramData\Microsoft
2008-10-20 20:01:45 ----RSD---- C:\Windows\Fonts
2008-10-20 19:57:01 ----D---- C:\Program Files\iTunes
2008-10-19 19:45:41 ----D---- C:\MP3 Library
2008-10-11 12:13:27 ----D---- C:\Windows\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-06-28 10216]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2004-07-30 31654]
R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2008-01-24 15424]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2007-11-06 131672]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2007-11-06 32080]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2008-01-24 512096]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-06-05 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-05 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-10 140800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-05 207360]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-11-29

36368]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32

\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-07 8231584]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-11-06 27520]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-05 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys

[2007-05-19 240128]
S2 MaxImIO;MaxIm Port I/O; C:\Windows\System32\Drivers\maximio.sys []
S3 a20bz1y1;a20bz1y1; C:\Windows\system32\drivers\a20bz1y1.sys []
S3 apqktzr0;apqktzr0; C:\Windows\system32\drivers\apqktzr0.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-07-03 80936]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-03 98608]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-03 17712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\G4box\CrossFire\GameGuard\dump_wmimmc.sys []
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver; C:\Windows\System32\Drivers\FTD2XX.sys [2005-12-15 34639]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-08 85969]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32

\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RDPDISPM;RDPDISPM; C:\Windows\system32\DRIVERS\rdpdispm.sys [2008-05-27 12288]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-09-10 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02

11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2005-09-09 73728]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-01-24 552064]
R2 PDFProFiltSrv;PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-20 66872]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\stacsv.exe [2007-09-13 102400]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-07-12 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCdb\VzCdbSvc.exe [2008-02-15 184320]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCdb\VzFw.exe [2008-02-15 147456]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-05 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13

447784]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VCSW\VCSW.exe [2008-02-15 274432]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h

ccCommon []
S2 PinnacleUpdateSvc;PinnacleUpdate Service; C:\Program Files\KALiNKOsoft\Pinnacle Game

Profiler\pinnacle_updater.exe [2008-10-28 262144]
S2 Windows Tribute Service;Windows Tribute Service; C:\Windows\system32\kdeaj.exe -srv []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe [2008-08-08 651720]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32

\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-01-09

121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft

Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

[2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26

145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program

Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-02-15 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media

Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media

Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media

Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated

Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing

Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony

Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]

-----------------EOF-----------------


Many thanks

[plasma.d00d]

*bump*

[plasma.d00d]

*UPDATE*

Additional problems from this morning ...

I am unable to use windows update (first time ever ) , whilst updating Windows Defender....

Code 8024402C Windows Update encountered an unknown error

Also when I boot Vista , I get a strange "Transition" type error on my desktop. I will, upload a screen capture shortly.

BTW are the popups I get from www.techsupportforum.com , revenue ads or are they not meant to be there (ironic if they are meant to be there) ?

[plasma.d00d]

*bump*

Well its been 8 days since my original post and no replies (apart from mine).

[plasma.d00d]

*bump yet again*

My post / problem may not seem important to you , but it is very important to me and a speedy solution would be greatfull

[Angelfire777]

Hi, welcome to TSF!

Sorry for the long wait. You are very patient and we appreciate that. :)

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.
• Make sure wordwrap is turned off so the log won't be ugly when you paste it here just like what happened in your first post.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach Attach.txt to your post by clicking the Manage Attachments button under Additional Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

[plasma.d00d]

Hi Angelfire777, many thanks for your reply.

I do understand there are lots and lots of people in a similar situation to me and that this is a *free* service the board offers and I am eternally greatfull for any help I can receive.

Here is the scan info you require (p.s. appologies for word wrap being left on in my original post ..... I did have other things on my mind :)) ....


DDS (Version 1.0) - NTFSx86
Run by kracken at 17:46:29.47 on 26/11/2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.1059 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\crypserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kracken\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\progra~1\google~1\BAE.dll
BHO: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Evidence Eliminator] c:\program files\evidence eliminator\ee.exe /m
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Privacy Suite RiskMonitor] c:\program files\cyberscrub privacy suite\CSRiskMon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [PhoneDaemon] c:\users\kracken\downloads\iphone\iphone pc suite\PhoneDaemon.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [PDFHook] c:\program files\nuance\pdf professional 5\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf professional 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Nuance PDF Professional 5-reminder] "c:\program files\nuance\pdf professional 5\ereg\ereg.exe" -r "c:\programdata\nuance\pdf professional 5\ereg\Ereg.ini"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - c:\program files\nuance\pdf professional 5\cnvres_eng.dll /100
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\imon.dll
TCP: {178F0DCD-9624-4319-AF9D-F2DD0CC4F31F} = 85.255.112.143;85.255.112.94
TCP: {C63BC921-57D1-437B-855F-BA788028AF6A} = 85.255.112.143;85.255.112.94
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-2-13 39472]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-27 144672]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-7-20 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-7-20 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-7-20 812544]
S2 Windows Tribute Service;Windows Tribute Service;c:\windows\system32\kdeaj.exe -srv []
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-7-20 28464]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2008-2-7 34639]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2008-5-27 12288]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-8-11 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe" /service=vaiomediaplatform-ucls-http /regroot="software\sony corporation\vaio media platform\2.0" /regext="\applications\ucls\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-8-11 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe" [2008-9-27 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe" [2008-9-27 87328]

=============== Created Last 30 ================

2008-11-24 19:25 15,430,656 a------- c:\windows\system32\imageres.dll
2008-11-24 19:11 <DIR> --d----- c:\programdata\Stardock
2008-11-24 19:11 <DIR> --d----- c:\progra~2\Stardock
2008-11-24 19:11 567,040 a------- c:\windows\system32\wbocx.ocx
2008-11-24 19:11 56,496 a------- c:\windows\system32\wbhelp2.dll
2008-11-24 19:11 <DIR> --d----- c:\program files\Stardock
2008-11-23 12:13 <DIR> --d----- c:\program files\iPod
2008-11-23 12:13 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 12:13 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:04 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-08 11:58 250 a------- c:\windows\gmer.ini
2008-11-08 10:59 <DIR> --d----- c:\program files\Trend Micro
2008-11-08 10:15 5,174 a------- c:\windows\system32\nppt9x.vxd
2008-11-08 10:15 4,682 a------- c:\windows\system32\npptNT2.sys
2008-11-08 10:10 <DIR> --d----- c:\program files\common files\INCA Shared
2008-11-08 10:07 <DIR> --d----- c:\program files\G4box
2008-11-06 18:17 <DIR> --dshr-- C:\resycled
2008-11-06 18:17 103 ---shr-- C:\autorun.inf
2008-10-30 19:00 147,456 a------- c:\windows\system32\Faultrep.dll
2008-10-30 19:00 125,952 a------- c:\windows\system32\wersvc.dll
2008-10-30 19:00 443,392 a------- c:\windows\system32\win32spl.dll
2008-10-28 20:56 <DIR> --d-h--- c:\windows\msdownld.tmp
2008-10-28 20:56 <DIR> --d----- c:\windows\system32\directx

==================== Find3M ====================

2008-11-26 17:34 53,248 a------- c:\windows\system32\zlib.dll
2008-11-23 12:13 <DIR> --d----- c:\program files\iTunes
2008-11-11 20:37 <DIR> --d----- c:\users\kracken\appdata\roaming\GrabIt
2008-11-07 19:49 <DIR> --d----- c:\users\kracken\appdata\roaming\IGN_DLM
2008-10-28 21:07 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-10-28 20:43 682,280 a------- c:\windows\system32\pbsvc.exe
2008-10-28 12:01 <DIR> --d----- c:\progra~2\NexonEU
2008-10-27 07:02 <DIR> --d----- c:\program files\Sony
2008-10-25 14:16 <DIR> --d----- c:\program files\Axialis
2008-10-25 09:51 <DIR> --d----- c:\program files\Download Manager
2008-10-22 11:33 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-10-22 11:31 <DIR> --d----- c:\program files\Microsoft
2008-10-22 11:28 <DIR> --d----- c:\program files\common files\Windows Live
2008-10-11 12:13 <DIR> --d----- c:\program files\Active Data Recovery Software
2008-10-11 12:09 <DIR> --d----- c:\program files\Data Doctor Recovery FAT+NTFS
2008-10-11 11:54 <DIR> --d----- c:\program files\Ontrack
2008-10-02 03:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-28 19:47 <DIR> --d----- c:\program files\Visual MP3 Splitter & Joiner
2008-09-27 19:21 <DIR> --d----- c:\program files\common files\Sony Shared
2008-09-27 14:51 <DIR> --d----- c:\progra~2\Sony Corporation
2008-09-26 12:23 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-09-26 11:59 <DIR> --d----- c:\progra~2\Electronic Arts
2008-09-26 11:58 3,586 a------- c:\windows\system32\ealregsnapshot1.reg
2008-09-22 16:53 <DIR> --d----- c:\users\kracken\appdata\roaming\uTorrent
2008-09-18 05:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-09-17 20:36 <DIR> --d----- c:\users\kracken\appdata\roaming\Zeon
2008-09-17 20:25 <DIR> --d----- c:\progra~2\Nuance
2008-09-17 20:23 <DIR> --d----- c:\progra~2\zeon
2008-09-09 17:33 <DIR> --d----- c:\users\kracken\appdata\roaming\Thinstall
2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll
2008-09-05 21:16 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2008-09-05 17:48 <DIR> --d----- c:\users\kracken\appdata\roaming\BPFTP
2008-09-05 14:56 287,744 a------- c:\windows\WLXPGSS.SCR
2008-08-30 08:35 <DIR> --d----- c:\users\kracken\appdata\roaming\cmw
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-08-19 22:21 <DIR> --d----- c:\users\kracken\appdata\roaming\Allume Systems
2008-08-19 21:59 <DIR> --d----- c:\progra~2\Protexis
2008-08-07 11:18 <DIR> --d----- c:\users\kracken\appdata\roaming\Red Alert 3 Beta
2008-07-26 10:39 <DIR> --d----- c:\progra~2\GlobalSCAPE
2008-07-24 11:11 <DIR> --d----- c:\users\kracken\appdata\roaming\iPhoneRingToneMaker
2008-07-16 23:02 <DIR> --d----- c:\progra~2\eSellerate
2008-07-14 17:29 <DIR> --d----- c:\users\kracken\appdata\roaming\Move Networks
2008-05-27 10:24 <DIR> --d----- c:\progra~2\Autodesk
2008-05-26 22:15 <DIR> --d----- c:\users\kracken\appdata\roaming\Autodesk
2008-05-25 09:11 <DIR> --d----- c:\users\kracken\appdata\roaming\CyberScrub
2008-04-12 19:16 <DIR> --d----- c:\users\kracken\appdata\roaming\Sony Corporation
2008-04-08 19:22 <DIR> --d----- c:\users\kracken\appdata\roaming\Jasc Software Inc
2008-03-23 20:21 <DIR> --d----- c:\progra~2\FlashFXP
2008-03-18 22:24 <DIR> --d----- c:\progra~2\NCH Swift Sound
2008-03-18 22:24 <DIR> --d----- c:\users\kracken\appdata\roaming\NCH Swift Sound
2008-03-18 22:24 <DIR> --d----- c:\users\kracken\appdata\roaming\Recordpad
2008-03-18 20:58 <DIR> --d----- c:\progra~2\River Past G5
2008-03-17 22:05 <DIR> --d----- c:\users\kracken\appdata\roaming\River Past G5
2008-03-17 20:52 <DIR> --d----- c:\users\kracken\appdata\roaming\Jasc
2008-03-12 19:19 <DIR> --d----- c:\progra~2\eBay
2008-02-18 21:33 <DIR> --d----- c:\progra~2\Nero
2008-02-02 11:31 <DIR> --d----- c:\users\kracken\appdata\roaming\vlc
2008-01-26 16:01 <DIR> --d----- c:\users\kracken\appdata\roaming\PeerNetworking
2008-01-23 18:10 <DIR> --d----- c:\progra~2\Microsoft Corporation
2008-01-22 21:27 <DIR> --d----- c:\users\kracken\appdata\roaming\KALiNKOsoft
2008-01-20 22:20 <DIR> --d----- c:\progra~2\Symantec
2008-01-20 16:30 <DIR> --d----- c:\users\kracken\appdata\roaming\DAEMON Tools
2008-01-20 13:04 <DIR> --d----- c:\progra~2\InterVideo
2007-08-11 22:25 <DIR> --d----- c:\progra~2\VAIO Media Platform
2007-07-23 18:50 <DIR> --d----- c:\progra~2\Sony

============= FINISH: 17:46:51.72 ===============

Also attatched is the file you requested (zipped , as stated in D.D.S.)

Many thanks , I look forward to your reply / help :)

[Angelfire777]

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

Please remove all your cracked programs now including your cracked Nod32.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[plasma.d00d]

Hi Angelre777, thanks for your reply.

I have uninstalled Nod32 as instructed and I ran combofix. It got to about stage 45 and Vista reported an error and closed it down.It gave BSOD with a KERNEL_ error and a memory dump followed.

When it rebooted it seemed to go into a type of "recovery console" and tried to fix errors.

It gave me the option of restoring to an earlier time or cancelling and trying to let it fix the errors itself.

I cancelled and chose it to fix them itself.

Once it rebooted I got no log form combofix.exe



Is this normal ? I guess not.

I await further instruction(s)

Regards
plasma.d00d

[Angelfire777]

Hi, can you try running it once more?

If you have any active protection right now, please close all of them before running combofix.

[plasma.d00d]

Combofix seemed to run better this time , although it did give an error at about stage 10 which was something like ....

"windows command processor has stopped working"

I guess that was combofix shutting that process down and not actually an error ? (or I could be wrong)

Here is the combofix log you requested...

ComboFix 08-11-27.01 - kracken 2008-11-27 18:33:54.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1231 [GMT 0:00]
Running from: c:\users\kracken\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
C:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Tribute Service
-------\Service_Windows Tribute Service


((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-24 19:25 . 2008-11-24 19:25 15,430,656 --a------ c:\windows\System32\imageres.dll
2008-11-24 19:11 . 2008-11-24 19:11 <DIR> d-------- c:\programdata\Stardock
2008-11-24 19:11 . 2008-11-24 19:11 <DIR> d-------- c:\program files\Stardock
2008-11-24 19:11 . 2007-06-05 11:26 567,040 --a------ c:\windows\System32\wbocx.ocx
2008-11-24 19:11 . 2007-06-05 11:26 56,496 --a------ c:\windows\System32\wbhelp2.dll
2008-11-23 12:13 . 2008-11-23 12:13 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 12:13 . 2008-11-23 12:13 <DIR> d-------- c:\program files\iPod
2008-11-23 11:04 . 2008-11-23 11:04 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-08 12:35 . 2008-11-08 12:35 <DIR> d-------- C:\rsit
2008-11-08 11:58 . 2008-11-17 18:36 250 --a------ c:\windows\gmer.ini
2008-11-08 10:59 . 2008-11-08 10:59 <DIR> d-------- c:\program files\Trend Micro
2008-11-08 10:15 . 2003-07-17 09:17 5,174 --a------ c:\windows\System32\nppt9x.vxd
2008-11-08 10:15 . 2005-01-01 00:43 4,682 --a------ c:\windows\System32\npptNT2.sys
2008-11-08 10:10 . 2008-11-08 10:10 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-11-08 10:07 . 2008-11-08 10:07 <DIR> d-------- c:\program files\G4box
2008-10-30 19:00 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-30 19:00 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-30 19:00 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 20:56 . 2008-10-28 20:56 <DIR> d--h----- c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 17:31 --------- d-----w c:\program files\ESET
2008-11-27 17:19 53,248 ----a-w c:\windows\System32\zlib.dll
2008-11-23 12:13 --------- d-----w c:\program files\iTunes
2008-11-23 12:13 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 12:11 --------- d-----w c:\program files\QuickTime
2008-11-23 12:06 --------- d-----w c:\program files\Safari
2008-11-23 11:04 --------- d-----w c:\program files\Java
2008-11-15 20:45 107,789 ----a-w c:\users\kracken\AppData\Roaming\nvModes.dat
2008-11-11 20:37 --------- d-----w c:\users\kracken\AppData\Roaming\GrabIt
2008-11-07 19:49 --------- d-----w c:\users\kracken\AppData\Roaming\IGN_DLM
2008-10-31 16:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 21:07 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-28 21:07 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-28 20:43 682,280 ----a-w c:\windows\System32\pbsvc.exe
2008-10-28 20:43 22,328 ----a-w c:\users\kracken\AppData\Roaming\PnkBstrK.sys
2008-10-28 12:01 --------- d-----w c:\programdata\NexonEU
2008-10-27 07:02 --------- d-----w c:\program files\Sony
2008-10-26 21:32 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-26 21:31 --------- d-----w c:\program files\Windows Mail
2008-10-26 21:30 --------- d-----w c:\programdata\Microsoft Help
2008-10-25 14:16 --------- d-----w c:\program files\Axialis
2008-10-25 09:51 --------- d-----w c:\program files\Download Manager
2008-10-22 11:34 --------- d-----w c:\program files\Windows Live
2008-10-22 11:33 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-22 11:31 --------- d-----w c:\program files\Microsoft
2008-10-22 11:28 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-11 12:13 --------- d-----w c:\program files\Active Data Recovery Software
2008-10-11 12:09 --------- d-----w c:\program files\Data Doctor Recovery FAT+NTFS
2008-10-11 11:54 --------- d-----w c:\program files\Ontrack
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 12:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-28 19:47 --------- d-----w c:\program files\Visual MP3 Splitter & Joiner
2008-09-27 19:21 --------- d-----w c:\program files\Common Files\Sony Shared
2008-09-27 14:51 --------- d-----w c:\programdata\Sony Corporation
2008-09-26 12:23 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-09-26 11:58 3,586 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-08 23:03 51,712 ----a-w c:\windows\System32\sirenacm.dll
2008-09-05 21:16 1,900,544 ----a-w c:\windows\System32\usbaaplrc.dll
2008-09-05 14:56 287,744 ----a-w c:\windows\WLXPGSS.SCR
2008-08-29 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-03-19 09:55 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Privacy Suite RiskMonitor"="c:\program files\CyberScrub Privacy Suite\CSRiskMon.exe" [2007-11-22 1777296]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-18 4608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-02-27 795936]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-02-27 58656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-03-02 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 15:33 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
"vidc.K3CC"= K3CCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"c:\\Nexon\\Combat Arms EU\\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms EU\\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1C0EA9C8-F40A-4316-AE8B-074DB7442A97}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{F4F15440-9D6E-4164-B884-DBE0D51F4153}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{5BD90F18-8578-4455-BDB3-4C404C8B30B7}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{757FAD04-FD69-4F2C-A230-3F2F7C5277F0}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1755C92B-CD48-40DC-A3E6-2112A76442F6}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E31D3A90-91B5-4E40-B8AA-E25CACFCB7CD}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9782B203-50AF-43D2-A719-E4475017EC5F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{103AB14C-5435-48E1-958F-3AE89E9A4455}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{48DA0F95-E764-41E4-A6F3-2C869813A59D}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{684DB13A-20FB-41E3-B7ED-169125FB31B6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E064D5C0-0A2E-4A4F-AA82-AA66060E8529}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{177354BF-5DB7-418D-BB5B-89EE39CE4B36}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{24149533-7C19-4594-AD4C-F33A4281F9AD}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{4285FC47-311A-42EA-B537-7F7EE1631B3C}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{924BEE4F-E37B-4D3D-AF20-67800D35811B}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{87DBB311-754D-43FA-B97B-B17995D27585}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{005FF211-7668-4A1D-9EA0-6361439816F0}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{C6A61FAB-DAE4-4073-B304-63F00E68B45B}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{46CC18FE-6C31-42D0-B6E4-78838D27052E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F4F6E96-B9FD-439D-89D0-DF1DBAB9126E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4102A73C-970F-4159-8F39-EFCBECADF94C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F6347CA5-F525-4864-AA2F-C37A4479A1B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5ECB6C1B-A62E-46CB-A38C-001941120A11}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{1B04C0F2-A054-4521-B04C-41F2BDD7844C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D35ED7E9-7ED7-471A-B1A2-6BFF1DB28FE9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BE7FF93A-B804-42A5-806E-BB88E05EEBD3}"= UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{994E2142-A38C-4CEF-A381-B039DD0FB711}"= TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{882E6BE4-7CC6-47F7-8109-8C936140C151}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1ADB9DFE-1E26-4F4A-8343-4651A2782907}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B3D54BBE-BB73-422C-9F19-7905AB6EE248}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E95F184F-7A84-4A3F-8A75-D193FFAE4747}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{CC82B24D-BEE0-4EE3-B48B-EE5FC3C4473A}c:\\users\\kracken\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\kracken\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{99E7B492-0428-4819-A6F1-AFDDDE77FE03}c:\\users\\kracken\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\kracken\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{2FC7322F-1CCD-4CBA-86CC-E67708512DCB}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.2\\ra3game.dat"= UDP:c:\program files\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat:Command and Conquer Red Alert 3™
"UDP Query User{C74CC50F-1565-4093-AB9C-F214A10CA9E7}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.2\\ra3game.dat"= TCP:c:\program files\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat:Command and Conquer Red Alert 3™
"{AEC67399-44B9-4AE2-B629-6568920F9E46}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EFDE9374-25E8-4974-834F-F9E0B9AC8D77}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{BF3CC7EF-D893-4F56-8FDD-B839DB5CE745}f:\\somexploreru.exe"= UDP:F:\somexploreru.exe:SomExploreru
"UDP Query User{E05327D1-CF5E-4925-AD8F-3766032D59DE}f:\\somexploreru.exe"= TCP:F:\somexploreru.exe:SomExploreru
"{F0B8B1D9-4401-40CC-BA29-A0CA7B6FAC5A}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{1BCDC98C-27FA-42BC-8476-EADD1FA55C97}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{66DCAF23-7711-4149-A9E2-DEBF1FBD5D84}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{33F888EE-4915-47AF-ABE6-493A26097BFA}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{8014B67D-C07C-4FC0-AA58-8CDDC8919D0F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7EB3E4CC-B1A8-4CBE-A943-C41180358640}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A65AC947-421E-41A7-A5C3-233D05F09F19}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{5B1CAC68-FEE0-48B3-BCE0-94425C66D50F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F7BEC0B0-0048-42AF-B72A-C54B30EB6D3D}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{EBCD269D-42D9-4AC3-84B8-FCFD4988F139}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"{A5308325-5F69-4B56-B78B-3380703AA4C6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BD39BE57-6A31-47B9-B5C6-8DAA540A0C12}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"c:\\Nexon\\Combat Arms EU\\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms EU\\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-02-13 39472]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-07-20 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-07-20 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-07-20 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-07-20 28464]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2008-02-07 34639]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2008-05-27 12288]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-11 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-11 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2008-09-27 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2008-09-27 87328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - i:\autorun\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abe0dc7-1513-11dd-935f-001a801849ec}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\website\index.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Evidence Eliminator - c:\program files\Evidence Eliminator\ee.exe
HKCU-Run-PhoneDaemon - c:\users\kracken\Downloads\iphone\iPhone PC Suite\PhoneDaemon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

c:\windows\System32\msvcrt.dll - c:\windows\System32\mfc42.dll
c:\windows\Downloaded Program Files\playershim.dll
c:\windows\Downloaded Program Files\ocx_play.ocx
O16 -: {22055A00-27C0-438B-BF53-44E973A4C48A}
hxxp://video.vividas.com/CDN1/5403_sony_bluray/web/player/vivid_ocx.jpeg
c:\windows\Downloaded Program Files\cab.inf

c:\windows\Downloaded Program Files\kxhcm10.ocx - O16 -: {2E28242B-A689-11D4-80F2-0040266CBB8D}
hxxp://83.104.226.142/kxhcm10.ocx

c:\windows\Downloaded Program Files\Core.dll - c:\windows\Downloaded Program Files\DigiMeldOcx.ocx
O16 -: {8ACDC08B-DC64-4613-97F2-299B65F66E1D}
hxxp://www.digimeld.com/download/digimeldOcx.CAB
c:\windows\Downloaded Program Files\install.inf

c:\windows\Downloaded Program Files\utilclasses.dll - c:\windows\Downloaded Program Files\rdpstream.dll
c:\windows\Downloaded Program Files\wlcmstscax.dll
c:\windows\Downloaded Program Files\rdpapi.dll
c:\windows\Downloaded Program Files\lkrhwlc.dll
c:\windows\Downloaded Program Files\encoders.dll
c:\windows\Downloaded Program Files\commengine.dll
c:\windows\Downloaded Program Files\blackpipe.dll
c:\windows\Downloaded Program Files\WLCTSCCtl.dll
O16 -: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1}
hxxps://www.mesh.com/Install/win32/TSWeb.cab
c:\windows\Downloaded Program Files\TSWeb.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 18:42:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = acaptuser32.dll???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\Crypserv.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\windows\System32\rundll32.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\System32\rundll32.exe
c:\program files\Nuance\PDF Professional 5\bin\PDFDirect.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-11-27 18:48:09 - machine was rebooted [kracken]
ComboFix-quarantined-files.txt 2008-11-27 18:48:05

Pre-Run: 99,267,272,704 bytes free
Post-Run: 99,230,040,064 bytes free

311 --- E O F --- 2008-10-31 16:06:25

Regards
plasma.d00d

[Angelfire777]

Do you know what this file is? h:\website\index.html


Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Make sure you run Internet explorer as administrator

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


*Since you don't have any antivirus now, you can download a free one:

Avira Antivir: http://www.free-av.com

[plasma.d00d]

Quote:

Originally Posted by Angelfire777

Do you know what this file is? h:\website\index.html

I cannot find that file on any of my external hardrives anymore (although it was a backup of my personal website index file)

Here is the log you requested after the online scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 28, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, November 28, 2008 03:48:42
Records in database: 1422714
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 261426
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 05:23:49


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.nuu 1
C:\Users\kracken\Downloads\kaspersky\Kaspersky_Solution.rar Infected: Trojan.Win32.Agent.rzw 1

The selected area was scanned.

Please note that the Kaspersky_Solution.rar file listed above is just downloaded and has not been opened or extracted

[Angelfire777]

Please delete it. As you can see, cracks like that are the source of infections.

Please post a fresh DDS log and let us know how your machine is running.

[plasma.d00d]

Quote:

Originally Posted by Angelfire777

Please delete it. As you can see, cracks like that are the source of infections.

Please post a fresh DDS log and let us know how your machine is running.

Thanks for the reply and you keeping up with my posts :)

I have securely deleted the .rar file in question and here is the DDS.log you requested (I only ran the standard scan and not the optional (?) one)


DDS (Version 1.0) - NTFSx86
Run by kracken at 17:26:43.54 on 28/11/2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.1170 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\crypserv.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskMon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kracken\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\progra~1\google~1\BAE.dll
BHO: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Privacy Suite RiskMonitor] c:\program files\cyberscrub privacy suite\CSRiskMon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRunOnce: [Privacy Suite] "c:\program files\cyberscrub privacy suite\cspseraser.exe" "/r:c:\users\kracken\appdata\roaming\cyberscrub\Privacy Suite"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [PDFHook] c:\program files\nuance\pdf professional 5\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf professional 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Nuance PDF Professional 5-reminder] "c:\program files\nuance\pdf professional 5\ereg\ereg.exe" -r "c:\programdata\nuance\pdf professional 5\ereg\Ereg.ini"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - c:\program files\nuance\pdf professional 5\cnvres_eng.dll /100
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-2-13 39472]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-27 144672]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-7-20 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-7-20 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-7-20 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-7-20 28464]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2008-2-7 34639]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2008-5-27 12288]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-8-11 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe" /service=vaiomediaplatform-ucls-http /regroot="software\sony corporation\vaio media platform\2.0" /regext="\applications\ucls\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-8-11 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe" [2008-9-27 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe" [2008-9-27 87328]

=============== Created Last 30 ================

2008-11-27 17:37 161,792 a------- c:\windows\SWREG.exe
2008-11-27 17:37 98,816 a------- c:\windows\sed.exe
2008-11-24 19:25 15,430,656 a------- c:\windows\system32\imageres.dll
2008-11-24 19:11 <DIR> --d----- c:\programdata\Stardock
2008-11-24 19:11 <DIR> --d----- c:\progra~2\Stardock
2008-11-24 19:11 567,040 a------- c:\windows\system32\wbocx.ocx
2008-11-24 19:11 56,496 a------- c:\windows\system32\wbhelp2.dll
2008-11-24 19:11 <DIR> --d----- c:\program files\Stardock
2008-11-23 12:13 <DIR> --d----- c:\program files\iPod
2008-11-23 12:13 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 12:13 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:04 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-08 11:58 250 a------- c:\windows\gmer.ini
2008-11-08 10:59 <DIR> --d----- c:\program files\Trend Micro
2008-11-08 10:15 5,174 a------- c:\windows\system32\nppt9x.vxd
2008-11-08 10:15 4,682 a------- c:\windows\system32\npptNT2.sys
2008-11-08 10:10 <DIR> --d----- c:\program files\common files\INCA Shared
2008-11-08 10:07 <DIR> --d----- c:\program files\G4box
2008-10-30 19:00 147,456 a------- c:\windows\system32\Faultrep.dll
2008-10-30 19:00 125,952 a------- c:\windows\system32\wersvc.dll
2008-10-30 19:00 443,392 a------- c:\windows\system32\win32spl.dll

==================== Find3M ====================

2008-11-28 07:02 53,248 a------- c:\windows\system32\zlib.dll
2008-11-27 17:31 <DIR> --d----- c:\program files\ESET
2008-11-23 12:13 <DIR> --d----- c:\program files\iTunes
2008-11-11 20:37 <DIR> --d----- c:\users\kracken\appdata\roaming\GrabIt
2008-11-07 19:49 <DIR> --d----- c:\users\kracken\appdata\roaming\IGN_DLM
2008-10-28 21:07 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-10-28 20:43 682,280 a------- c:\windows\system32\pbsvc.exe
2008-10-28 12:01 <DIR> --d----- c:\progra~2\NexonEU
2008-10-27 07:02 <DIR> --d----- c:\program files\Sony
2008-10-25 14:16 <DIR> --d----- c:\program files\Axialis
2008-10-25 09:51 <DIR> --d----- c:\program files\Download Manager
2008-10-22 11:33 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-10-22 11:31 <DIR> --d----- c:\program files\Microsoft
2008-10-22 11:28 <DIR> --d----- c:\program files\common files\Windows Live
2008-10-11 12:13 <DIR> --d----- c:\program files\Active Data Recovery Software
2008-10-11 12:09 <DIR> --d----- c:\program files\Data Doctor Recovery FAT+NTFS
2008-10-11 11:54 <DIR> --d----- c:\program files\Ontrack
2008-10-02 03:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-27 14:51 <DIR> --d----- c:\progra~2\Sony Corporation
2008-09-26 12:23 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-09-26 11:59 <DIR> --d----- c:\progra~2\Electronic Arts
2008-09-26 11:58 3,586 a------- c:\windows\system32\ealregsnapshot1.reg
2008-09-22 16:53 <DIR> --d----- c:\users\kracken\appdata\roaming\uTorrent
2008-09-18 05:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-09-17 20:36 <DIR> --d----- c:\users\kracken\appdata\roaming\Zeon
2008-09-17 20:25 <DIR> --d----- c:\progra~2\Nuance
2008-09-17 20:23 <DIR> --d----- c:\progra~2\zeon
2008-09-09 17:33 <DIR> --d----- c:\users\kracken\appdata\roaming\Thinstall
2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll
2008-09-05 21:16 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2008-09-05 17:48 <DIR> --d----- c:\users\kracken\appdata\roaming\BPFTP
2008-09-05 14:56 287,744 a------- c:\windows\WLXPGSS.SCR
2008-08-30 08:35 <DIR> --d----- c:\users\kracken\appdata\roaming\cmw
2008-08-19 22:21 <DIR> --d----- c:\users\kracken\appdata\roaming\Allume Systems
2008-08-19 21:59 <DIR> --d----- c:\progra~2\Protexis
2008-08-07 11:18 <DIR> --d----- c:\users\kracken\appdata\roaming\Red Alert 3 Beta
2008-07-26 10:39 <DIR> --d----- c:\progra~2\GlobalSCAPE
2008-07-24 11:11 <DIR> --d----- c:\users\kracken\appdata\roaming\iPhoneRingToneMaker
2008-07-16 23:02 <DIR> --d----- c:\progra~2\eSellerate
2008-07-14 17:29 <DIR> --d----- c:\users\kracken\appdata\roaming\Move Networks
2008-05-27 10:24 <DIR> --d----- c:\progra~2\Autodesk
2008-05-26 22:15 <DIR> --d----- c:\users\kracken\appdata\roaming\Autodesk
2008-05-25 09:11 <DIR> --d----- c:\users\kracken\appdata\roaming\CyberScrub
2008-04-12 19:16 <DIR> --d----- c:\users\kracken\appdata\roaming\Sony Corporation
2008-04-08 19:22 <DIR> --d----- c:\users\kracken\appdata\roaming\Jasc Software Inc
2008-03-23 20:21 <DIR> --d----- c:\progra~2\FlashFXP
2008-03-18 22:24 <DIR> --d----- c:\progra~2\NCH Swift Sound
2008-03-18 22:24 <DIR> --d----- c:\users\kracken\appdata\roaming\NCH Swift Sound
2008-03-18 22:24 <DIR> --d----- c:\users\kracken\appdata\roaming\Recordpad
2008-03-18 20:58 <DIR> --d----- c:\progra~2\River Past G5
2008-03-17 22:05 <DIR> --d----- c:\users\kracken\appdata\roaming\River Past G5
2008-03-17 20:52 <DIR> --d----- c:\users\kracken\appdata\roaming\Jasc
2008-03-12 19:19 <DIR> --d----- c:\progra~2\eBay
2008-02-18 21:33 <DIR> --d----- c:\progra~2\Nero
2008-02-02 11:31 <DIR> --d----- c:\users\kracken\appdata\roaming\vlc
2008-01-26 16:01 <DIR> --d----- c:\users\kracken\appdata\roaming\PeerNetworking
2008-01-23 18:10 <DIR> --d----- c:\progra~2\Microsoft Corporation
2008-01-22 21:27 <DIR> --d----- c:\users\kracken\appdata\roaming\KALiNKOsoft
2008-01-20 22:20 <DIR> --d----- c:\progra~2\Symantec
2008-01-20 16:30 <DIR> --d----- c:\users\kracken\appdata\roaming\DAEMON Tools
2008-01-20 13:04 <DIR> --d----- c:\progra~2\InterVideo
2007-08-11 22:25 <DIR> --d----- c:\progra~2\VAIO Media Platform
2007-07-23 18:50 <DIR> --d----- c:\progra~2\Sony

============= FINISH: 17:27:00.21 ===============


So was the source of my infection from that file you got me to delete ?

I will report on how my laptop is running in the next couple of days (if not before)

[Angelfire777]

Not really but had you used it, you would've been badly infected.

I shall be standing by here.

[plasma.d00d]

Thankyou , you help and advice so far has been great :)

As for virus and internet security protection , could I have your thoughts on Kaspersky Internet Security 2009 ?

[Angelfire777]

Kaspersky's detections are one of the best and I think it is great.

Are you planning on purchasing it? You need to have protection ASAP.

You can download antivir as I've said in my previous posts while you don't have a protection.

[plasma.d00d]

Quote:

Originally Posted by Angelfire777

Kaspersky's detections are one of the best and I think it is great.

Are you planning on purchasing it? You need to have protection ASAP.

You can download antivir as I've said in my previous posts while you don't have a protection.

I download the free version of Avira (thanks for the link) and ran it. Nothing reported although it reports some files not accessible ...

<snip>
Begin scan in 'C:\' <Cleo>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
</snip>

But I am hoping that is normal.

About KIS2009, yes I was planning on purchasing it and wondered if it was a good choice for internet security and virus / malware detection and removal.

Regards
plasma.d00d

[Angelfire777]

Yes, it's a good choice.

Those three warnings are okay. Antivir just can't open them because they're in use.