[SOLVED] rundll.32 + userinit.exe again

[weirdcow]

i had a previous post with this before http://www.techsupportforum.com/sear...archid=3031996 but it only worked for like 1 day then the problem came back again and i cant ask my friend on msn because my clock reset and when i tried to change it it has a rundll.32 app. error what do i do and when i log on the userinit.exe app. error appears aswell and im so pissed off

[Katana]

Quote:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------





Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

[weirdcow]

hello katana this is my

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tyroney at 2008-11-20 16:47:19
Microsoft Windows XP Professional Service Pack 2
System drive C: has 260 MB (1%) free of 20 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:27 PM, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\ad-aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Tyroney\Desktop\RSIT.exe
C:\Program Files\trend micro\Tyroney.exe

O2 - BHO: {c0c22471-3a37-e279-8094-792557b08cd1} - {1dc80b75-5297-4908-972e-73a317422c0c} - C:\WINDOWS\system32\pqfidp.dll
O2 - BHO: (no name) - {3A5809A1-D6DB-43BD-905F-AF7457BD0870} - C:\WINDOWS\system32\ddcaaawu.dll
O2 - BHO: (no name) - {6946A48D-F00B-4AA1-A69C-A8D87FE3D760} - C:\WINDOWS\system32\tuvVLbXr.dll (file missing)
O2 - BHO: Little Fighter 2 Toolbar Helper - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! μ?o?ì? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ecb77060] rundll32.exe "C:\WINDOWS\system32\qkedakcy.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tyrone\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171095531786
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0086292.dat
O20 - Winlogon Notify: tuvVLbXr - tuvVLbXr.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\ad-aware\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8212 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1193899232.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dc80b75-5297-4908-972e-73a317422c0c}]
C:\WINDOWS\system32\pqfidp.dll [2008-11-17 104448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A5809A1-D6DB-43BD-905F-AF7457BD0870}]
C:\WINDOWS\system32\ddcaaawu.dll [2008-11-15 246272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6946A48D-F00B-4AA1-A69C-A8D87FE3D760}]
C:\WINDOWS\system32\tuvVLbXr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE90C38C-97CF-4696-B290-C7973DC9675E}]
Little Fighter 2 Toolbar Helper - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll [2002-01-01 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-02-15 1146880]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 导航条 - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{C3CD744D-2FAE-4640-8297-16B5DA423104} - Little Fighter 2 Toolbar - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll [2002-01-01 806912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-06-26 212992]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"ecb77060"=C:\WINDOWS\system32\qkedakcy.dll [2008-11-19 71168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-03 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\__c0086292.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvVLbXr]
tuvVLbXr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6946A48D-F00B-4AA1-A69C-A8D87FE3D760}"=C:\WINDOWS\system32\tuvVLbXr.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ddcaaawu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"D:\Combat Arms\CombatArms.exe"="D:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Combat Arms\Engine.exe"="D:\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Combat Arms\NMService.exe"="D:\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Combat Arms\CombatArms.exe"="D:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Combat Arms\Engine.exe"="D:\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e36d316-702c-11dd-b742-00146c864271}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c856528e-afc6-11dd-b806-00146c864271}]
shell\AutoRun\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
shell\open\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe


======List of files/folders created in the last 3 months======

2008-11-20 16:47:20 ----D---- C:\Program Files\trend micro
2008-11-20 16:47:19 ----DC---- C:\rsit
2008-11-19 21:31:14 ----A---- C:\WINDOWS\system32\xkiajq.dll
2008-11-19 21:31:11 ----A---- C:\WINDOWS\system32\ngcemyhe.dll
2008-11-19 21:28:11 ----A---- C:\WINDOWS\system32\aepauugv.dll
2008-11-19 21:25:12 ----SH---- C:\WINDOWS\system32\yckadekq.ini
2008-11-19 21:25:11 ----A---- C:\WINDOWS\system32\qkedakcy.dll
2008-11-17 13:46:14 ----SH---- C:\WINDOWS\system32\fcyoctid.ini
2008-11-17 13:46:11 ----A---- C:\WINDOWS\system32\ditcoycf.dll
2008-11-17 13:41:22 ----A---- C:\WINDOWS\system32\pqfidp.dll
2008-11-17 13:41:16 ----A---- C:\WINDOWS\system32\ljupcorx.dll
2008-11-16 11:28:59 ----A---- C:\WINDOWS\system32\gqgpzb.dll
2008-11-16 11:28:50 ----A---- C:\WINDOWS\system32\yfqhjitv.dll
2008-11-16 11:26:43 ----SH---- C:\WINDOWS\system32\suloqsfj.ini
2008-11-16 11:25:48 ----ASH---- C:\WINDOWS\system32\uwaaacdd.ini2
2008-11-16 11:25:48 ----ASH---- C:\WINDOWS\system32\uwaaacdd.ini
2008-11-15 18:44:55 ----A---- C:\WINDOWS\system32\vpsoop.dll
2008-11-15 18:44:53 ----A---- C:\WINDOWS\system32\hucvbbbm.dll
2008-11-15 18:42:53 ----SH---- C:\WINDOWS\system32\rrpsdrru.ini
2008-11-15 18:42:49 ----A---- C:\WINDOWS\system32\urrdsprr.dll
2008-11-15 18:41:42 ----N---- C:\WINDOWS\system32\ddcaaawu.dll
2008-11-15 13:57:21 ----SH---- C:\WINDOWS\system32\ecvdjguu.ini
2008-11-15 13:52:06 ----A---- C:\WINDOWS\system32\immlpz.dll
2008-11-15 13:52:01 ----A---- C:\WINDOWS\system32\hlpmyibr.dll
2008-11-15 13:51:19 ----ASH---- C:\WINDOWS\system32\Efiknnpo.ini2
2008-11-15 13:51:19 ----ASH---- C:\WINDOWS\system32\Efiknnpo.ini
2008-11-15 13:51:12 ----A---- C:\WINDOWS\system32\opnnkifE.dll
2008-11-14 10:50:41 ----A---- C:\WINDOWS\system32\vtUkhgfC.dll
2008-11-14 10:50:40 ----A---- C:\WINDOWS\system32\opnkLdEW.dll
2008-11-14 10:38:20 ----A---- C:\WINDOWS\system32\ljJbCVmM.dll
2008-11-14 10:38:20 ----A---- C:\WINDOWS\system32\iifcBtrr.dll
2008-11-14 10:09:50 ----D---- C:\WINDOWS\pss
2008-11-14 09:37:20 ----A---- C:\WINDOWS\system32\khfebcdC.dll
2008-11-14 09:37:20 ----A---- C:\WINDOWS\system32\awtsTjjg.dll
2008-11-14 06:15:49 ----DC---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-14 0624 ----A---- C:\WINDOWS\system32\gicpyrrc.dll
2008-11-14 0604 ----A---- C:\WINDOWS\system32\mnggadda.dll
2008-11-14 06:02:15 ----A---- C:\WINDOWS\system32\mlJDTkHy.dll
2008-11-14 06:02:14 ----A---- C:\WINDOWS\system32\ddcCRHWQ.dll
2008-11-14 06:02:12 ----C---- C:\is162866.exe
2008-11-14 06:00:52 ----ASH---- C:\WINDOWS\system32\qfdroovt.ini
2008-11-14 06:00:01 ----ASH---- C:\WINDOWS\system32\JTELonnn.ini2
2008-11-14 06:00:01 ----ASH---- C:\WINDOWS\system32\JTELonnn.ini
2008-11-13 11:02:05 ----D---- C:\Documents and Settings\Tyroney\Application Data\Uniblue
2008-11-12 20:16:43 ----A---- C:\WINDOWS\system32\ahyjet.dll
2008-11-12 20:16:42 ----A---- C:\WINDOWS\system32\qkrvblnr.dll
2008-11-12 20:11:51 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-12 16:25:58 ----ASH---- C:\WINDOWS\system32\cgfqsjdf.ini
2008-11-12 14:55:22 ----A---- C:\WINDOWS\system32\e794b41e-.txt
2008-11-03 18:08:33 ----D---- C:\Program Files\Food Force
2008-10-30 16:44:38 ----A---- C:\WINDOWS\unvise32.exe
2008-10-28 16:16:05 ----D---- C:\Documents and Settings\Tyroney\Application Data\Malwarebytes
2008-10-28 16:16:00 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 16:16:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 20:34:15 ----DC---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-27 20:34:14 ----D---- C:\Documents and Settings\Tyroney\Application Data\Spyware Terminator
2008-10-27 20:34:11 ----D---- C:\Program Files\Spyware Terminator
2008-10-24 07:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 20:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 20:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 20:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 20:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 20:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-02 15:52:09 ----A---- C:\WINDOWS\MYOBP.INI
2008-10-02 15:52:09 ----A---- C:\WINDOWS\MYOB.INI
2008-10-02 15:47:39 ----A---- C:\WINDOWS\openrda.ini
2008-10-02 15:47:23 ----A---- C:\WINDOWS\drvxl32.INI
2008-10-02 15:47:22 ----A---- C:\WINDOWS\drvwd32.INI
2008-10-02 15:45:44 ----D---- C:\Program Files\MYOB
2008-09-22 10:09:22 ----DC---- C:\games
2008-09-20 19:49:20 ----A---- C:\WINDOWS\system32\PubPlugin.dll
2008-09-20 08:55:58 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-20 08:55:58 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-11 11:26:00 ----D---- C:\Documents and Settings\Tyroney\Application Data\bang
2008-09-10 19:28:39 ----D---- C:\Documents and Settings\Tyroney\Application Data\Sun
2008-09-10 08:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 08:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 16:43:05 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-30 21:30:21 ----D---- C:\Documents and Settings\Tyroney\Application Data\TVU networks
2008-08-30 21:30:21 ----D---- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-08-22 20:28:51 ----D---- C:\Documents and Settings\Tyroney\Application Data\Apple Computer
2008-08-22 20:27:59 ----D---- C:\Program Files\Bonjour
2008-08-22 20:27:14 ----D---- C:\Program Files\QuickTime
2008-08-22 20:27:10 ----DC---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-22 20:26:20 ----DC---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 3 months======

2008-11-20 16:47:20 ----AD---- C:\Program Files
2008-11-20 16:47:14 ----D---- C:\WINDOWS\Prefetch
2008-11-20 16:43:29 ----D---- C:\Program Files\Mozilla Firefox
2008-11-20 16:42:17 ----D---- C:\WINDOWS
2008-11-20 16:42:15 ----D---- C:\WINDOWS\Temp
2008-11-20 02:24:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-20 01:32:54 ----D---- C:\WINDOWS\system32
2008-11-16 21:20:55 ----A---- C:\WINDOWS\NSSHAFT.INI
2008-11-16 11:36:17 ----A---- C:\WINDOWS\nstower.ini
2008-11-16 11:28:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-16 11:26:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-15 19:08:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-15 09:10:29 ----SD---- C:\WINDOWS\Tasks
2008-10-30 15:59:06 ----HD---- C:\WINDOWS\inf
2008-10-27 20:56:57 ----D---- C:\Program Files\Winferno
2008-10-27 20:56:57 ----D---- C:\Program Files\Internet Explorer
2008-10-24 07:14:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 17:13:09 ----D---- C:\Program Files\Messenger
2008-10-22 17:13:08 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-22 07:37:44 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-20 19:59:48 ----D---- C:\WINDOWS\system32\wbem
2008-10-20 19:59:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-16 03:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 20:49:22 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 20:48:19 ----A---- C:\WINDOWS\win.ini
2008-10-09 08:52:42 ----SD---- C:\Documents and Settings\Tyroney\Application Data\Microsoft
2008-10-04 04:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-02 15:47:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-02 15:46:32 ----D---- C:\WINDOWS\system
2008-09-20 19:49:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-10 08:37:31 ----D---- C:\WINDOWS\WinSxS
2008-09-09 16:43:05 ----D---- C:\WINDOWS\Debug
2008-09-01 18:59:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-27 19:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 18:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 18:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 18:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 18:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 18:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 18:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 18:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 18:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 19:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 19:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 16:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-21 18:40:52 ----D---- C:\Documents and Settings\Tyroney\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 npkcrypt;npkcrypt; \??\E:\npkcrypt.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-10-04 41288]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-14 56832]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-14 74240]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-12-01 61536]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 U81xbus;LGE U8XXX driver (WDM); C:\WINDOWS\system32\DRIVERS\U81xbus.sys [2005-07-15 52352]
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys [2005-07-15 6064]
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\U81xmdm.sys [2005-07-15 84480]
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys [2005-07-15 77472]
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\U81xobex.sys [2005-07-15 75456]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva092;XDva092; \??\C:\WINDOWS\system32\XDva092.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; D:\ad-aware\aawservice.exe [2008-09-10 611664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2002-01-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-06-22 107832]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-27 570880]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-02 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe []
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2004-08-04 26112]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

and my info.txt

info.txt logfile of random's system information tool 1.04 2008-11-20 16:47:30

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AdwareAlert-->MsiExec.exe /X{8698820A-84D2-4BDF-9D0C-743039A2D82E}
Agere Systems PCI Soft Modem-->agrsmdel
AVS Video to GO-->"C:\Program Files\AVS4YOU\AVSVideotoGO\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FlexTk Professional 2.3.36-->"C:\Program Files\Flexense\FlexTk Professional\uninstall.exe"
Food Force 1.0-->C:\PROGRA~1\FOODFO~1\Setup.exe /remove
Free Video Dub version 1.3-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
igLoader-->C:\Program Files\igLoader\uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LG SyncManager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFD25152-1916-4744-BAAF-F2D2EBF38284}\setup.exe" -l0x804 -removeonly
LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 Toolbar-->"C:\WINDOWS\Little_Fighter_2_Toolbar_Uninstaller_8671.exe" _?=C:\Program Files\Little Fighter 2 Toolbar
Little Fighter 2 version 2.0-->D:\LF2_v1.9c\uninst.exe
Little Fighter 2.5 - v2.0-->D:\Uninstal.exe
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech(r) Camera 驱动程序-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{FF493A32-7886-4C6B-8EDD-9387670E4F93}
MapleStoryS-->MsiExec.exe /I{F3FA1536-911A-4458-99FC-D98855FEFD45}
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Encarta Right-Click Dictionary-->MsiExec.exe /I{39A7E646-D7D1-4855-833A-2DEAC9ABD5ED}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MYOB Accounting Plus v17 ED-->C:\Program Files\InstallShield Installation Information\{062D1F01-7D08-46B9-BF87-67E59DCEEFDC}\setup.exe -runfromtemp -l0x0409
MYOB ODBC Direct v7-->C:\Program Files\InstallShield Installation Information\{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}\setup.exe -runfromtemp -l0x0409
Nero 7 Demo-->MsiExec.exe /I{D29092CC-0AD2-7B53-A090-4CC3D33A1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quake 3 Arena Demo-->C:\WINDOWS\unvise32.exe c:\Q3Ademo\uninstal.log
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Ricochet Lost Worlds-->"C:\Program Files\Ricochet Lost Worlds\unins000.exe"
Security Task Manager 1.7g-->D:\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype? 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soldier Front-->"C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Solid State ION Mozilla Plugin-->C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall /uninstall mozilla
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Street Fighter Zero-->C:\WINDOWS\uninst.exe -f"C:\Program Files\CAPCOM\STZERO\DeIsL1.isu"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Winferno Registry Power Cleaner-->"C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! 导航条-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Spyware Doctor with AntiVirus (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

thanks

[Katana]

Quote:

System drive C: has 260 MB (1%) free of 20 GB

I recommend you remove any programs any files that you don't use



IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.14.10

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[weirdcow]

hello again katana recently my computer just blacked out like when it was supposed to be the loading screen with the window xp logo it would just be black and i only recently remembered last known good config. so please just bear with me until i can post you the log because it has just gotten a lot laggier sorry for the wait

[weirdcow]

i kinda did the scan 2 times so this is my 1st one

Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 2

21/11/2008 632 PM
mbam-log-2008-11-21 (18-06-32).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 138794
Time elapsed: 3 hour(s), 20 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 57

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ddcaaawu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nxdpze.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3dca8618-c946-4d85-b283-9770ed8dbc95} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dca8618-c946-4d85-b283-9770ed8dbc95} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6946a48d-f00b-4aa1-a69c-a8d87fe3d760} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvvlbxr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6946a48d-f00b-4aa1-a69c-a8d87fe3d760} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa5797fe-9108-4476-8a8f-d4e5b7b1d42f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{aa5797fe-9108-4476-8a8f-d4e5b7b1d42f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aa5797fe-9108-4476-8a8f-d4e5b7b1d42f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dca8618-c946-4d85-b283-9770ed8dbc95} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eda38fa-e001-443d-bd3f-46590e31e7b9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eda38fa-e001-443d-bd3f-46590e31e7b9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd6e17ff-1e3a-4789-aa22-6d6cee259930} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd6e17ff-1e3a-4789-aa22-6d6cee259930} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecb77060 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcaaawu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcaaawu -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nxdpze.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvVLbXr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcaaawu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uwaaacdd.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uwaaacdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ditcoycf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcyoctid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gytvnexp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxenvtyg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnkifE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Efiknnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Efiknnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otyubdwx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwdbuyto.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkedakcy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yckadekq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urrdsprr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrpsdrru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\89U16HMR\upd[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\K1RVS1NU\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\V1T0JBWW\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ricky\Local Settings\Temporary Internet Files\Content.IE5\DT684029\upd[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ricky\Local Settings\Temporary Internet Files\Content.IE5\DT684029\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ricky\Local Settings\Temporary Internet Files\Content.IE5\LFW31W2D\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ricky\Local Settings\Temporary Internet Files\Content.IE5\USPI9450\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tyroney\Local Settings\Temp\wJQs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tyroney\Local Settings\Temporary Internet Files\Content.IE5\D8G5LF7P\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tyroney\Local Settings\Temporary Internet Files\Content.IE5\TJUO3093\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tyroney\Local Settings\Temporary Internet Files\Content.IE5\TJUO3093\upd[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MW6BRUHK\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP376\A0538758.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP376\A0538759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP376\A0538760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP376\A0538761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP376\A0538762.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP376\A0538763.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP379\A0539079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP380\A0540129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F3479257-A8F7-4A55-AFCC-FFF9F43F5163}\RP383\A0544162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfnyojov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqgpzb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkrvblnr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unrgzb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axtgah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hecxbslt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlpmyibr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljupcorx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngcemyhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hucvbbbm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahyjet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqfidp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xkiajq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yfqhjitv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ygrwglba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vmbwqcag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vpsoop.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\immlpz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


and my 2nd scan which fully completed

Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 2

25/11/2008 4:29:48 AM
mbam-log-2008-11-25 (04-29-48).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 188417
Time elapsed: 4 hour(s), 16 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c007968.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qgldhmx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c007968.dat -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\__c007968.dat -> Delete on reboot.

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\ohphhheb.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\is162866.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0051F1B.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c007968.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0086292.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkLdEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRHWQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsTjjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcBtrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJDTkHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJbCVmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfebcdC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkhgfC.dll (Trojan.vundo) -> Quarantined and deleted successfully.

[weirdcow]

i couldnt find the combofix log and it is all in chinese when i install and stuff. i cant read chinese. also when using combofix it randomly restarted my comp

[Katana]

Please look for C:\Combofix.txt

Please post a fresh RSIT log along with the following.


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

[weirdcow]

my combofix

ComboFix 08-11-24.01 - Tyroney 2008-11-25 4:39:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.147 [GMT 11:00]
执行位置: C:\Documents and Settings\Tyroney\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tyroney\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\__c007968.dat
C:\WINDOWS\system32\gicpyrrc.dll
C:\WINDOWS\system32\JTELonnn.ini
C:\WINDOWS\system32\JTELonnn.ini2
C:\WINDOWS\system32\mnggadda.dll

.
((((((((((((((((((((((((( 2008-10-24 至 2008-11-24 的新的档案 )))))))))))))))))))))))))))))))
.

2008-11-21 14:32 . 2008-11-21 14:32 51,200 --a------ C:\WINDOWS\system32\tyxrfcpv.dll
2008-11-20 21:33 . 2008-11-20 21:33 51,200 --a------ C:\WINDOWS\system32\fybixhwn.dll
2008-11-20 21:30 . 2008-11-20 21:30 51,200 --a------ C:\WINDOWS\system32\cpfshmop.dll
2008-11-20 16:47 . 2008-11-20 16:47 <DIR> d----c--- C:\rsit
2008-11-20 16:47 . 2008-11-20 16:47 <DIR> d-------- C:\Program Files\trend micro
2008-11-19 21:28 . 2008-11-19 21:28 51,200 --a------ C:\WINDOWS\system32\aepauugv.dll
2008-11-16 11:26 . 2008-11-17 13:40 1,562,972 --ahs---- C:\WINDOWS\system32\suloqsfj.ini
2008-11-15 13:57 . 2008-11-15 13:57 1,559,806 --ahs---- C:\WINDOWS\system32\ecvdjguu.ini
2008-11-14 06:15 . 2008-11-14 06:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-14 06:00 . 2008-11-14 06:00 1,559,806 --ahs---- C:\WINDOWS\system32\qfdroovt.ini
2008-11-14 05:55 . 2008-11-14 05:55 <DIR> d-------- C:\Documents and Settings\Ricky\Application Data\Malwarebytes
2008-11-13 11:02 . 2008-11-13 11:02 <DIR> d-------- C:\Documents and Settings\Tyroney\Application Data\Uniblue
2008-11-12 16:25 . 2008-11-12 20:12 1,567,706 --ahs---- C:\WINDOWS\system32\cgfqsjdf.ini
2008-10-30 16:44 . 1999-11-14 15:41 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-10-28 16:16 . 2008-10-28 16:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 16:16 . 2008-10-28 16:16 <DIR> d-------- C:\Documents and Settings\Tyroney\Application Data\Malwarebytes
2008-10-28 16:16 . 2008-10-28 16:16 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 16:16 . 2008-10-22 16:27 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 16:16 . 2008-10-22 16:27 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 20:34 . 2008-11-16 14:43 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-10-27 20:34 . 2008-11-16 14:16 <DIR> d-------- C:\Documents and Settings\Tyroney\Application Data\Spyware Terminator
2008-10-27 20:34 . 2008-11-17 13:39 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-27 20:34 . 2008-10-27 20:34 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 07:06 6,598 ----a-w C:\Program Files\wftui.txt
2008-10-27 09:56 --------- d-----w C:\Program Files\Winferno
2008-10-27 09:51 --------- d-----w C:\Program Files\QuickTime
2008-10-22 06:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-21 20:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-02 04:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-02 04:45 --------- d-----w C:\Program Files\MYOB
2008-09-19 21:55 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-12 01:11 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-12-31 18:36 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

my kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, November 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 26, 2008 02:36:10
Records in database: 1417123
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 109575
Threat name: 19
Infected objects: 32
Suspicious objects: 0
Duration of the scan: 03:09:46


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\SecTaskMan\nnnoLETJ.dll.q_804C003_q Infected: Trojan.Win32.Monder.yvi 1
C:\Documents and Settings\All Users\Application Data\SecTaskMan\xzbodt.dll.q_8049801_q Infected: not-a-virus:AdWare.Win32.SuperJuan.etr 1
C:\Documents and Settings\Andrew\My Documents\My Received Files\img68-r1-JPG.zip Infected: Backdoor.Win32.Agent.ksf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gicpyrrc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.etr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mnggadda.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.etr 1
C:\WINDOWS\system32\aepauugv.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\cpfshmop.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\fybixhwn.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\tyxrfcpv.dll Infected: Trojan.Win32.Monder.gen 1
D:\Documents and Settings\问\Local Settings\Temp\SpamBlockerUtilityU.exe Infected: not-a-virus:AdWare.Win32.HotBar.bi 2
D:\Program Files\Common Files\Oem Common\bayesobj.dll Infected: not-a-virus:AdWare.Win32.Nomeh.e 1
D:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
D:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
D:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
D:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.q 1
D:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
D:\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
D:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
D:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
D:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.v 1
D:\Program Files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1
D:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
D:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1
D:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
D:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ab 1
D:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
D:\RECYCLER\S-1-5-21-436374069-823518204-725345543-1003\Dd108.exe Infected: not-a-virus:AdWare.Win32.Chiem.c 1
D:\RECYCLER\S-1-5-21-436374069-823518204-725345543-1003\Dd63.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\WINDOWS\system32\hcrnfoaj.exe Infected: not-a-virus:AdWare.Win32.HotBar.bi 2
D:\WINDOWS\system32\tnnsauvi.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao 1

The selected area was scanned.

a fresh rsit

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tyroney at 2008-11-26 04:09:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (37%) free of 20 GB
Total RAM: 511 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:09, on 2008-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\ad-aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Tyroney\Desktop\RSIT.exe
C:\Program Files\trend micro\Tyroney.exe

O2 - BHO: Little Fighter 2 Toolbar Helper - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! μ?o?ì? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Little Fighter 2 Toolbar - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tyrone\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171095531786
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\ad-aware\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7679 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1193899232.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE90C38C-97CF-4696-B290-C7973DC9675E}]
Little Fighter 2 Toolbar Helper - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-02-15 1146880]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 导航条 - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []
{C3CD744D-2FAE-4640-8297-16B5DA423104} - Little Fighter 2 Toolbar - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-06-26 212992]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-03 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6946A48D-F00B-4AA1-A69C-A8D87FE3D760}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"D:\Combat Arms\CombatArms.exe"="D:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Combat Arms\Engine.exe"="D:\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Combat Arms\NMService.exe"="D:\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Combat Arms\CombatArms.exe"="D:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Combat Arms\Engine.exe"="D:\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 1 months======

2008-11-25 06:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-25 06:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-25 06:02:17 ----D---- C:\Program Files\MSXML 4.0
2008-11-25 04:43:51 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-11-25 04:42:17 ----D---- C:\WINDOWS\temp
2008-11-25 04:39:26 ----DC---- C:\ComboFix
2008-11-25 04:39:26 ----A---- C:\WINDOWS\system32\CF15960.exe
2008-11-25 04:35:29 ----AC---- C:\Boot.bak
2008-11-25 04:35:19 ----DC---- C:\cmdcons
2008-11-25 04:33:52 ----A---- C:\WINDOWS\zip.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\VFIND.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\SWSC.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\SWREG.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\sed.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\grep.exe
2008-11-25 04:33:52 ----A---- C:\WINDOWS\fdsv.exe
2008-11-25 04:32:48 ----DC---- C:\Qoobox
2008-11-25 04:32:48 ----D---- C:\WINDOWS\ERDNT
2008-11-21 1855 ----A---- C:\Program Files\wftui.txt
2008-11-21 14:32:42 ----A---- C:\WINDOWS\system32\tyxrfcpv.dll
2008-11-20 21:33:02 ----A---- C:\WINDOWS\system32\fybixhwn.dll
2008-11-20 21:30:05 ----A---- C:\WINDOWS\system32\cpfshmop.dll
2008-11-20 16:47:20 ----D---- C:\Program Files\trend micro
2008-11-20 16:47:19 ----DC---- C:\rsit
2008-11-19 21:28:11 ----A---- C:\WINDOWS\system32\aepauugv.dll
2008-11-16 11:26:43 ----ASH---- C:\WINDOWS\system32\suloqsfj.ini
2008-11-15 13:57:21 ----ASH---- C:\WINDOWS\system32\ecvdjguu.ini
2008-11-14 10:09:50 ----D---- C:\WINDOWS\pss
2008-11-14 06:15:49 ----DC---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-14 06:00:52 ----ASH---- C:\WINDOWS\system32\qfdroovt.ini
2008-11-13 11:02:05 ----D---- C:\Documents and Settings\Tyroney\Application Data\Uniblue
2008-11-12 16:25:58 ----ASH---- C:\WINDOWS\system32\cgfqsjdf.ini
2008-11-12 14:55:22 ----A---- C:\WINDOWS\system32\e794b41e-.txt
2008-10-30 16:44:38 ----A---- C:\WINDOWS\unvise32.exe
2008-10-28 16:16:05 ----D---- C:\Documents and Settings\Tyroney\Application Data\Malwarebytes
2008-10-28 16:16:00 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 16:16:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 20:34:15 ----DC---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-27 20:34:14 ----D---- C:\Documents and Settings\Tyroney\Application Data\Spyware Terminator
2008-10-27 20:34:11 ----D---- C:\Program Files\Spyware Terminator

======List of files/folders modified in the last 1 months======

2008-11-26 04:09:21 ----D---- C:\WINDOWS\Prefetch
2008-11-26 01:26:21 ----D---- C:\Program Files\Mozilla Firefox
2008-11-25 22:58:04 ----D---- C:\WINDOWS
2008-11-25 15:47:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 15:36:49 ----D---- C:\WINDOWS\system32
2008-11-25 06:04:15 ----SHD---- C:\WINDOWS\Installer
2008-11-25 06:04:02 ----HD---- C:\WINDOWS\inf
2008-11-25 06:04:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-25 06:04:01 ----D---- C:\WINDOWS\system32\drivers
2008-11-25 06:03:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-25 06:02:59 ----A---- C:\WINDOWS\imsins.BAK
2008-11-25 06:02:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-25 06:02:18 ----D---- C:\WINDOWS\WinSxS
2008-11-25 06:02:17 ----AD---- C:\Program Files
2008-11-25 05:35:26 ----AC---- C:\WINDOWS\system.ini
2008-11-25 04:44:09 ----D---- C:\WINDOWS\system32\config
2008-11-25 04:41:19 ----D---- C:\WINDOWS\AppPatch
2008-11-25 04:41:19 ----D---- C:\Program Files\Common Files
2008-11-25 04:40:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-25 04:35:29 ----RASHC---- C:\boot.ini
2008-11-25 04:29:48 ----SHD---- C:\RECYCLER
2008-11-16 21:20:55 ----A---- C:\WINDOWS\NSSHAFT.INI
2008-11-16 11:36:17 ----A---- C:\WINDOWS\nstower.ini
2008-11-16 11:28:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-15 09:10:29 ----SD---- C:\WINDOWS\Tasks
2008-10-27 20:56:57 ----D---- C:\Program Files\Winferno
2008-10-27 20:56:57 ----D---- C:\Program Files\Internet Explorer
2008-10-27 20:51:57 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 npkcrypt;npkcrypt; \??\E:\npkcrypt.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 catchme;catchme; \??\C:\DOCUME~1\Tyroney\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-10-04 41288]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-14 56832]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-14 74240]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-12-01 61536]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 U81xbus;LGE U8XXX driver (WDM); C:\WINDOWS\system32\DRIVERS\U81xbus.sys [2005-07-15 52352]
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys [2005-07-15 6064]
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\U81xmdm.sys [2005-07-15 84480]
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys [2005-07-15 77472]
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\U81xobex.sys [2005-07-15 75456]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva092;XDva092; \??\C:\WINDOWS\system32\XDva092.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; D:\ad-aware\aawservice.exe [2008-09-10 611664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2002-01-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-06-22 107832]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-27 570880]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-02 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe []
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2004-08-04 26112]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


and when i try go add/remove progs. it has rundll32.exe error which you are currently helping me fix same goes for when i try to change my clock thnxs

[Katana]

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  File::
  C:\WINDOWS\system32\tyxrfcpv.dll
  C:\WINDOWS\system32\fybixhwn.dll
  C:\WINDOWS\system32\cpfshmop.dll
  C:\WINDOWS\system32\aepauugv.dll
  C:\WINDOWS\system32\suloqsfj.ini
  C:\WINDOWS\system32\ecvdjguu.ini
  C:\WINDOWS\system32\qfdroovt.ini
  C:\WINDOWS\system32\cgfqsjdf.ini
  C:\Documents and Settings\All Users\Application Data\SecTaskMan\nnnoLETJ.dll.q_804C003_q
  C:\Documents and Settings\All Users\Application Data\SecTaskMan\xzbodt.dll.q_8049801_q
  C:\Documents and Settings\Andrew\My Documents\My Received Files\img68-r1-JPG.zip
  C:\WINDOWS\system32\aepauugv.dll
  C:\WINDOWS\system32\cpfshmop.dll
  C:\WINDOWS\system32\fybixhwn.dll
  C:\WINDOWS\system32\tyxrfcpv.dll
  D:\Documents and Settings\?\Local Settings\Temp\SpamBlockerUtilityU.exe
  D:\Program Files\Common Files\Oem Common\bayesobj.dll
  D:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
  D:\WINDOWS\system32\hcrnfoaj.exe
  D:\WINDOWS\system32\tnnsauvi.ini
  Folder::
  D:\Program Files\MyWebSearch
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{6946A48D-F00B-4AA1-A69C-A8D87FE3D760}"=-
  ADS::

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




How are things running now,
If you still have errors, please can you describe them in detail

[weirdcow]

hey guess wat UR AWESOME ITS FIXED

and heres the combofix log

ComboFix 08-11-24.01 - Tyroney 2008-11-27 5:56:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.304 [GMT 11:00]
执行位置: c:\documents and settings\Tyroney\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tyroney\Desktop\CFScript.txt
* 成功创造新还原点

FILE ::
c:\documents and settings\All Users\Application Data\SecTaskMan\nnnoLETJ.dll.q_804C003_q
c:\documents and settings\All Users\Application Data\SecTaskMan\xzbodt.dll.q_8049801_q
c:\documents and settings\Andrew\My Documents\My Received Files\img68-r1-JPG.zip
c:\windows\system32\aepauugv.dll
c:\windows\system32\cgfqsjdf.ini
c:\windows\system32\cpfshmop.dll
c:\windows\system32\ecvdjguu.ini
c:\windows\system32\fybixhwn.dll
c:\windows\system32\qfdroovt.ini
c:\windows\system32\suloqsfj.ini
c:\windows\system32\tyxrfcpv.dll
d:\program files\Common Files\Oem Common\bayesobj.dll
d:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
d:\windows\system32\hcrnfoaj.exe
d:\windows\system32\tnnsauvi.ini
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SecTaskMan\nnnoLETJ.dll.q_804C003_q
c:\documents and settings\All Users\Application Data\SecTaskMan\xzbodt.dll.q_8049801_q
c:\documents and settings\Andrew\My Documents\My Received Files\img68-r1-JPG.zip
c:\windows\system32\aepauugv.dll
c:\windows\system32\cgfqsjdf.ini
c:\windows\system32\cpfshmop.dll
c:\windows\system32\ecvdjguu.ini
c:\windows\system32\fybixhwn.dll
c:\windows\system32\qfdroovt.ini
c:\windows\system32\suloqsfj.ini
c:\windows\system32\tyxrfcpv.dll
d:\program files\Common Files\Oem Common\bayesobj.dll
d:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
d:\program files\MyWebSearch
d:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
d:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
d:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
d:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
d:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
d:\program files\MyWebSearch\bar\3.bin\F3BROVLY.DLL
d:\program files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
d:\program files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
d:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
d:\program files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL
d:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
d:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
d:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
d:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
d:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
d:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
d:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
d:\program files\MyWebSearch\bar\3.bin\M3SKIN.DLL
d:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL
d:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
d:\program files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
d:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
d:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
d:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\close.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
d:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
d:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
d:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
d:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
d:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\login.htm
d:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\max.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\min.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
d:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
d:\program files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
d:\program files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
d:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
d:\program files\MyWebSearch\bar\budyicon\fwpbuddy.png
d:\program files\MyWebSearch\bar\Cache\00016368
d:\program files\MyWebSearch\bar\Cache\0001ADB0
d:\program files\MyWebSearch\bar\Cache\0005CC40.bin
d:\program files\MyWebSearch\bar\Cache\0005CE63.bin
d:\program files\MyWebSearch\bar\Cache\0005D0B5.bin
d:\program files\MyWebSearch\bar\Cache\0005D2B9.bin
d:\program files\MyWebSearch\bar\Cache\0005E5C4.bin
d:\program files\MyWebSearch\bar\Cache\0005E7C7.bin
d:\program files\MyWebSearch\bar\Cache\0005E9DA.bin
d:\program files\MyWebSearch\bar\Cache\0005F709.bin
d:\program files\MyWebSearch\bar\Cache\0005F8FD.bin
d:\program files\MyWebSearch\bar\Cache\000DC489
d:\program files\MyWebSearch\bar\Cache\00339736.bin
d:\program files\MyWebSearch\bar\Cache\0033A8CA.bin
d:\program files\MyWebSearch\bar\Cache\0033B175.bin
d:\program files\MyWebSearch\bar\Cache\00399351.bin
d:\program files\MyWebSearch\bar\Cache\00399564.bin
d:\program files\MyWebSearch\bar\Cache\00399758.bin
d:\program files\MyWebSearch\bar\Cache\0046C56E
d:\program files\MyWebSearch\bar\Cache\006B4F9E
d:\program files\MyWebSearch\bar\Cache\00F57334.bin
d:\program files\MyWebSearch\bar\Cache\files.ini
d:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
d:\program files\MyWebSearch\bar\Game\CHESS.F3S
d:\program files\MyWebSearch\bar\Game\REVERSI.F3S
d:\program files\MyWebSearch\bar\History\search
d:\program files\MyWebSearch\bar\History\search2
d:\program files\MyWebSearch\bar\MSNBackgrounds\00042A39.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\0007BEC9.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\000E53E8.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\001C8370.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\001E30B2.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\0024D448.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\00276D52.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\002B36CE.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\00318C92.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\0036C9F0.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\00710E62.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\007F28CB.jpeg
d:\program files\MyWebSearch\bar\MSNBackgrounds\009F9296.jpeg
d:\program files\MyWebSearch\bar\Settings\prevcfg.htm
d:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
d:\program files\MyWebSearch\bar\Settings\puzzlepirates.exe
d:\program files\MyWebSearch\bar\Settings\s_pid.dat
d:\program files\MyWebSearch\bar\Settings\setting2.htm
d:\program files\MyWebSearch\bar\Settings\settings.dat
d:\program files\MyWebSearch\bar\Settings\settings.dat.bak
d:\program files\MyWebSearch\bar\Settings\settings.htm
d:\program files\MyWebSearch\bar\Settings\settings.htm.bak
d:\windows\system32\hcrnfoaj.exe
d:\windows\system32\tnnsauvi.ini
.
---- Previous Run -------
.
c:\documents and settings\Tyroney\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\user\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
c:\windows\Downloaded Program Files\setup.inf
c:\windows\search_res.txt
c:\windows\system32\__c007968.dat
c:\windows\system32\gicpyrrc.dll
c:\windows\system32\JTELonnn.ini
c:\windows\system32\JTELonnn.ini2
c:\windows\system32\mnggadda.dll

.
((((((((((((((((((((((((( 2008-10-26 至 2008-11-26 的新的档案 )))))))))))))))))))))))))))))))
.

2008-11-25 06:02 . 2008-11-25 06:02 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-20 16:47 . 2008-11-20 16:47 <DIR> d----c--- C:\rsit
2008-11-20 16:47 . 2008-11-26 04:09 <DIR> d-------- c:\program files\trend micro
2008-11-14 06:15 . 2008-11-27 05:56 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-11-14 05:55 . 2008-11-14 05:55 <DIR> d-------- c:\documents and settings\Ricky\Application Data\Malwarebytes
2008-11-13 11:02 . 2008-11-13 11:02 <DIR> d-------- c:\documents and settings\Tyroney\Application Data\Uniblue
2008-10-30 16:44 . 1999-11-14 15:41 86,016 --a------ c:\windows\unvise32.exe
2008-10-28 16:16 . 2008-10-28 16:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-28 16:16 . 2008-10-28 16:16 <DIR> d-------- c:\documents and settings\Tyroney\Application Data\Malwarebytes
2008-10-28 16:16 . 2008-10-28 16:16 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-28 16:16 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-28 16:16 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-27 20:34 . 2008-11-16 14:43 <DIR> d-------- c:\program files\Spyware Terminator
2008-10-27 20:34 . 2008-11-16 14:16 <DIR> d-------- c:\documents and settings\Tyroney\Application Data\Spyware Terminator
2008-10-27 20:34 . 2008-11-17 13:39 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-10-27 20:34 . 2008-10-27 20:34 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 07:06 6,598 ----a-w c:\program files\wftui.txt
2008-10-27 09:56 --------- d-----w c:\program files\Winferno
2008-10-27 09:51 --------- d-----w c:\program files\QuickTime
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 06:13 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-21 20:37 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-02 04:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-02 04:45 --------- d-----w c:\program files\MYOB
2008-09-30 05:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-12 01:11 774,144 ----a-w c:\program files\RngInterstitial.dll
2007-12-31 18:36 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YVU9"= c:\windows\system32\iyvu9_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\combat arms\CombatArms.exe"= d:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"d:\combat arms\Engine.exe"= d:\combat arms\Engine.exe:*Enabled:Engine.exe
"d:\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13057:TCP"= 13057:TCP:SolidNetworkManager
"13057:UDP"= 13057:UDP:SolidNetworkManager
"58469:TCP"= 58469:TCP:*:Disabled:SolidNetworkManager
"58469:UDP"= 58469:UDP:*:Disabled:SolidNetworkManager
"21249:TCP"= 21249:TCP:*:Disabled:SolidNetworkManager
"21249:UDP"= 21249:UDP:*:Disabled:SolidNetworkManager

S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2008-08-14 61536]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
.
‘计划任务’ 文件夹 里的内容

2008-11-01 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1193899232.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]

2008-11-03 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{AE90C38C-97CF-4696-B290-C7973DC9675E} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
Notify-NavLogon - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 05:59:12
Windows 5.1.2600 Service Pack 2 NTFS

扫描被隐藏的进程。。。 ...

扫描被隐藏的启动组。。。

扫描被隐藏的文件。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
完成时间: 2008-11-27 6:00:36
ComboFix-quarantined-files.txt 2008-11-26 18:59:48

Pre-Run: 7,495,774,208 bytes free
Post-Run: 7,535,427,584 bytes free

270 --- E O F --- 2008-11-24 19:04:15

and should i keep combofix, rsit and all that

[Katana]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Now download and install Java Runtime Environment (JRE) .


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• Click Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.


----------------------------------------------------------- -----------------------------------------------------------


Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe along with C:\RSIT folder

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

You can also delete any logs we have produced, and empty your Recycle bin.





The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/par...avwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

[weirdcow]

yeh everything is fine now thanks again =)