Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Error loading C:\Windows\system32\vtUIJyVP.dll

This is a discussion on Error loading C:\Windows\system32\vtUIJyVP.dll within the Resolved HJT Threads forums, part of the Tech Support Forum category. I keep getting this message when windows boots up. And I've also noticed my internet is slow. I've tried everything


 
 
Thread Tools Search this Thread
Old 09-15-2008, 03:46 PM   #1
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



I keep getting this message when windows boots up. And I've also noticed my internet is slow. I've tried everything other than the hijack help. So here's my log.


Logfile of HijackThis v1.99.1
Scan saved at 22:38:52, on 15/09/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: {a93eb228-4745-b979-5524-804987e20020} - {02002e78-9408-4255-979b-5474822be39a} - C:\Windows\system32\zduxyr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8974D595-8B00-412A-83D3-349BC2D307D8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B26E071D-06C0-4DE4-B0CD-A9DE281CEEB7} - C:\Windows\system32\pmnkLCRi.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUlJyVP.dll,#1
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinClicker.exe] "C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: zduxyr.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

I'm runnin vista 32 Business with all updates installed.
Dell vostro 1710 Laptop

Plz help its making the internet unbearable.(Its Like Dial Up)

Thanks for your help!
doinbox is offline  
Sponsored Links
Advertisement
 
Old 09-18-2008, 12:01 AM   #2
TSF Team, Emeritus
 
Join Date: Feb 2005
Location: Eire
Posts: 2,009
OS: Vista, Ubuntu 8.04



Hi doinbox

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

=================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

https://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
__________________
Retired member of


Member of UNITE

Go raibh maith agat
alba is offline  
Old 09-19-2008, 06:53 PM   #3
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



Ok here is Combofix Log

ComboFix 08-09-19.06 - Dion 2008-09-20 1:45:18.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2232 [GMT 1:00]
Running from: C:\Users\Dion\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Users\Dion\AppData\Roaming\inst.exe
C:\Windows\System32\iRCLknmp.ini
C:\Windows\System32\iRCLknmp.ini2
C:\Windows\System32\mcmnjcrg.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.

2008-12-22 05:59 . 2008-12-22 05:59 447,200 --a------ C:\Windows\System32\OpenQuicktimeLib.dll
2008-12-22 05:59 . 2008-12-22 05:59 332,512 --a------ C:\Windows\System32\3ivxVfWCodec.dll
2008-12-22 05:59 . 2008-12-22 05:59 25,312 --a------ C:\Windows\System32\SamsungVfWCodec.dll
2008-12-22 05:59 . 2008-12-22 05:59 25,312 --a------ C:\Windows\System32\DivXVfWCodec.dll
2008-12-22 05:58 . 2008-12-22 05:58 1,155,808 --a------ C:\Windows\System32\3ivx.dll
2008-12-22 05:52 . 2008-12-22 05:52 66,272 --a------ C:\Windows\System32\libfaac.dll
2008-09-17 21:24 . 2008-09-17 21:24 772,296 --a------ C:\Windows\System32\oem23.inf
2008-09-17 21:23 . 2008-09-17 21:23 <DIR> d-------- C:\dell
2008-09-17 21:23 . 2008-06-02 11:44 163,840 --a------ C:\Windows\System32\bcmwlapi.dll
2008-09-17 21:23 . 2008-06-02 11:44 18,424 --a------ C:\Windows\System32\drivers\bcm42rly.sys
2008-09-17 16:17 . 2008-09-17 16:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-17 16:17 . 2008-07-19 15:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-17 15:24 . 2008-07-19 06:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 15:24 . 2008-07-19 04:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 15:24 . 2008-07-19 06:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 15:24 . 2008-07-19 06:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 15:23 . 2008-07-19 06:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 15:23 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 15:23 . 2008-07-19 04:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 15:23 . 2008-07-19 06:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 15:23 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-16 22:48 . 2008-09-16 22:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-16 22:48 . 2008-09-16 22:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-16 22:31 . 2008-09-16 22:31 <DIR> d-------- C:\Program Files\Synaptics
2008-09-16 22:31 . 2008-09-16 22:31 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-09-16 19:14 . 2008-09-16 19:14 <DIR> d-------- C:\Users\Dion\AppData\Roaming\Malwarebytes
2008-09-16 19:14 . 2008-09-16 19:14 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-16 19:14 . 2008-09-16 19:14 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-16 19:14 . 2008-09-16 19:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 19:14 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-16 19:14 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-16 09:15 . 2008-09-16 21:33 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-16 00:35 . 2008-09-16 00:35 95 --a------ C:\Windows\wininit.ini
2008-09-16 00:25 . 2008-09-16 00:26 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-16 00:25 . 2008-09-16 00:26 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-15 23:16 . 2008-09-15 23:16 <DIR> d-------- C:\Windows\Sun
2008-09-15 23:14 . 2008-09-15 23:14 <DIR> d-------- C:\Program Files\Java
2008-09-15 23:13 . 2008-09-15 23:13 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-15 21:48 . 2008-09-15 21:48 <DIR> d-------- C:\Program Files\Wondershare
2008-09-15 21:32 . 2008-09-15 21:32 <DIR> d-------- C:\Users\All Users\TEMP
2008-09-15 21:32 . 2008-09-15 21:32 <DIR> d-------- C:\ProgramData\TEMP
2008-09-15 21:32 . 2008-09-15 21:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-15 21:32 . 2005-08-25 19:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL
2008-09-15 21:25 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-09-15 21:24 . 2008-09-15 21:24 <DIR> d-------- C:\Program Files\Panda Security
2008-09-15 20:07 . 2008-09-15 20:07 <DIR> d-------- C:\Program Files\CCleaner
2008-09-15 18:50 . 2008-09-15 18:50 <DIR> d-------- C:\Users\All Users\ESET
2008-09-15 18:50 . 2008-09-15 18:50 <DIR> d-------- C:\ProgramData\ESET
2008-09-15 18:45 . 2008-09-15 18:45 <DIR> d-------- C:\Users\All Users\Avg8
2008-09-15 18:45 . 2008-09-15 18:45 <DIR> d-------- C:\ProgramData\Avg8
2008-09-15 18:36 . 2008-09-15 18:36 <DIR> d-------- C:\VundoFix Backups
2008-09-15 17:50 . 2008-09-15 17:50 <DIR> d-------- C:\Program Files\Zeallsoft
2008-09-15 17:27 . 2008-09-15 17:27 0 --a------ C:\Windows\nsreg.dat
2008-09-15 15:49 . 2008-09-15 15:49 <DIR> d-------- C:\Users\All Users\vsosdk
2008-09-15 15:49 . 2008-09-15 15:49 <DIR> d-------- C:\ProgramData\vsosdk
2008-09-15 15:15 . 2008-09-15 15:15 <DIR> d-------- C:\Users\Dion\AppData\Roaming\Applied Acoustics Systems
2008-09-15 15:15 . 2008-09-15 15:15 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-09-15 15:15 . 2008-09-15 18:12 <DIR> d-------- C:\Program Files\AAS
2008-09-13 21:45 . 2008-09-17 19:33 162,816 --a------ C:\Windows\System32\fmod.dll
2008-09-13 21:36 . 2008-09-13 21:36 <DIR> d-------- C:\Program Files\Astraware
2008-09-13 20:59 . 2008-09-13 20:59 <DIR> d-------- C:\Program Files\Resco
2008-09-13 20:59 . 2008-09-13 20:59 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-13 20:59 . 2006-12-08 12:23 90,112 --a------ C:\Windows\RSetupCE.exe
2008-09-13 18:37 . 2008-09-13 18:37 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-09-11 23:52 . 2008-09-17 19:23 <DIR> d-------- C:\Program Files\PocketRAR
2008-09-11 19:31 . 2008-09-11 19:31 <DIR> d-------- C:\Users\Dion\AppData\Roaming\Nero
2008-09-10 16:55 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-09-10 16:55 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-09-10 16:55 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-09-10 00:45 . 2008-09-10 00:46 <DIR> d-------- C:\Windows\System32\Adobe
2008-09-10 00:14 . 2008-09-10 00:14 <DIR> d-------- C:\Users\Dion\AppData\Roaming\Salling Software AB
2008-09-10 00:13 . 2008-09-10 00:13 <DIR> d-------- C:\Users\All Users\eSellerate
2008-09-10 00:13 . 2008-09-10 00:13 <DIR> d-------- C:\ProgramData\eSellerate
2008-09-09 19:33 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 19:33 . 2008-08-02 02:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 19:33 . 2008-06-26 04:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 19:33 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 19:33 . 2008-05-08 20:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 19:33 . 2008-05-20 03:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 19:33 . 2008-06-26 04:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 19:33 . 2008-08-02 04:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 19:33 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-08 23:11 . 2008-09-08 23:11 <DIR> d-------- C:\Program Files\3ivx
2008-09-08 22:33 . 2008-09-08 22:55 <DIR> d-------- C:\Program Files\ID Security Suite
2008-09-08 00:24 . 2008-09-08 00:24 <DIR> d-------- C:\Users\Dion\AppData\Roaming\cmw
2008-09-08 00:22 . 2008-09-08 00:41 <DIR> d-------- C:\Program Files\winpwn-2.5
2008-09-08 00:20 . 2008-09-08 00:20 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-08 00:19 . 2008-09-08 01:06 <DIR> d-------- C:\Users\Dion\AppData\Roaming\Apple Computer
2008-09-08 00:19 . 2008-09-08 00:19 <DIR> d-------- C:\Program Files\iTunes
2008-09-08 00:19 . 2008-09-08 00:19 <DIR> d-------- C:\Program Files\iPod
2008-09-08 00:19 . 2008-09-08 00:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-08 00:18 . 2008-09-08 00:18 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-08 00:17 . 2008-09-08 00:17 <DIR> d-------- C:\Users\All Users\Apple
2008-09-08 00:17 . 2008-09-08 00:17 <DIR> d-------- C:\ProgramData\Apple
2008-09-08 00:17 . 2008-09-08 00:17 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-07 23:07 . 2008-09-07 23:07 <DIR> d-------- C:\Windows\Intelliremote
2008-09-07 23:07 . 2008-09-07 23:11 <DIR> d-------- C:\Users\Dion\AppData\Roaming\Intelliremote
2008-09-07 19:01 . 2008-09-07 19:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-09-07 19:01 . 2008-09-07 19:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-09-07 19:01 . 2008-09-07 19:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-09-07 19:01 . 2008-09-07 19:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-09-07 19:01 . 2008-09-07 19:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-09-07 19:01 . 2008-09-07 19:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-09-07 19:01 . 2008-09-07 19:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-09-07 19:00 . 2008-09-07 19:00 <DIR> d-------- C:\Users\Dion\AppData\Roaming\MixMeister Technology
2008-09-07 19:00 . 2008-09-07 19:00 <DIR> d-------- C:\Program Files\MixMeister Fusion
2008-09-06 22:21 . 2008-09-20 00:56 12 --a------ C:\Windows\bthservsdp.dat
2008-09-06 22:21 . 2008-09-06 22:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2008-09-06 22:05 . 2008-09-06 22:05 <DIR> d-------- C:\Program Files\Sianix
2008-09-06 21:36 . 2008-09-06 21:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-06 19:17 . 2008-09-06 19:17 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-09-06 17:49 . 2008-09-06 17:49 244 --ah----- C:\sqmnoopt01.sqm
2008-09-06 17:49 . 2008-09-06 17:49 232 --ah----- C:\sqmdata01.sqm
2008-09-06 17:42 . 2008-09-15 16:21 <DIR> d-------- C:\Users\Dion\AppData\Roaming\Ableton
2008-09-06 17:41 . 2008-09-15 18:14 <DIR> d-------- C:\Program Files\Ableton
2008-09-06 17:23 . 2008-09-15 18:12 <DIR> d-------- C:\Program Files\VstPlugins
2008-09-06 17:23 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm
2008-09-06 17:22 . 2008-09-06 17:22 <DIR> d-------- C:\Program Files\Outsim
2008-09-06 17:21 . 2008-09-06 17:23 <DIR> d-------- C:\Program Files\Image-Line
2008-09-06 17:14 . 2008-09-06 17:14 <DIR> d-------- C:\Program Files\Pro Pinball
2008-09-06 16:50 . 2008-09-06 16:55 <DIR> d-------- C:\Program Files\AudioSurf
2008-09-04 23:27 . 2008-09-04 14:32 <DIR> d-------- C:\Windows\Panther
2008-09-04 23:27 . 2008-09-16 21:22 <DIR> d--hs---- C:\Boot
2008-09-04 23:27 . 2008-01-21 03:25 333,203 -rahs---- C:\bootmgr
2008-09-04 23:27 . 2008-09-04 23:27 8,192 -ra-s---- C:\BOOTSECT.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 13:59 --------- d-----w C:\Program Files\Windows Mail
2008-09-04 12:39 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-09-04 12:39 315,392 ----a-w C:\Windows\HideWin.exe
2008-08-06 07:26 9,728 ----a-w C:\Windows\System32\RtNicProp32.dll
2008-08-06 07:26 124,928 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-22 19:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-06-20 06:36 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2008-06-20 06:18 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2008-06-20 06:07 200,704 ----a-w C:\Windows\System32\SynCtrl.dll
2008-06-20 06:06 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-01 166432]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-01 13515296]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-01 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-03-01 92704]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1406376905-590658031-3480489769-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{03CA5005-5B06-4072-BFD8-D0541A74628D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E644F490-C874-4260-9238-33CEC67093F2}"= C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{585F47BD-9065-4D58-B3B0-0B00127D8BCF}"= C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"TCP Query User{17A4F514-925B-4D94-BD24-0674DB902914}C:\\program files\\melloware\\intelliremote\\intelliremote.exe"= UDP:C:\program files\melloware\intelliremote\intelliremote.exe:Intelliremote remote control replacement application
"UDP Query User{2E5E65E1-AD0D-4601-925D-75ED26D5F49E}C:\\program files\\melloware\\intelliremote\\intelliremote.exe"= TCP:C:\program files\melloware\intelliremote\intelliremote.exe:Intelliremote remote control replacement application
"{4D01206F-29E4-4324-88C4-19674DDC5C98}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7B5661EC-CC4F-44E7-97B8-D023788D0060}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3316A493-7511-49B0-9344-A5147240CE03}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3A73232B-CF22-4DF3-B28F-3A32B5FC5B54}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{F07695A7-066B-4F6A-97F8-99CF6EC8BB33}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{77DC86D6-0009-4F08-B196-1831A976C486}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{DF1AF2AB-0FCD-4580-9F78-044A0BD0E778}"= UDP:63331:Windows Live OneCare
"TCP Query User{800D8B67-45EE-40C5-9544-533DEAF28DBE}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2D5FD1D8-9B70-430D-81D7-312C32A7C786}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2008-02-04 77824]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-02-14 48472]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-14 43480]
S3 RDID1027;EDIROL PCR;C:\Windows\system32\Drivers\rdwm1027.sys [2008-09-04 56832]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

BHO-{8974D595-8B00-412A-83D3-349BC2D307D8} - (no file)
BHO-{B26E071D-06C0-4DE4-B0CD-A9DE281CEEB7} - C:\Windows\system32\pmnkLCRi.dll
MSConfigStartUp-WinClicker - C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Dion\AppData\Roaming\Mozilla\Firefox\Profiles\crfgvxb1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-09-20 01:47:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 1:48:59
ComboFix-quarantined-files.txt 2008-09-20 00:48:36

Pre-Run: 176,574,496,768 bytes free
Post-Run: 176,549,335,040 bytes free

264 --- E O F --- 2008-09-18 17:13:29
doinbox is offline  
Sponsored Links
Advertisement
 
Old 09-19-2008, 06:54 PM   #4
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



And the Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 01:51:35, on 20/09/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8974D595-8B00-412A-83D3-349BC2D307D8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B26E071D-06C0-4DE4-B0CD-A9DE281CEEB7} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
doinbox is offline  
Old 09-20-2008, 09:16 AM   #5
TSF Team, Emeritus
 
Join Date: Feb 2005
Location: Eire
Posts: 2,009
OS: Vista, Ubuntu 8.04



Hi doinbox

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Upload this file

C:\Windows\System32\bcmwlapi.dll

to https://virusscan.jotti.org and report back what it found.

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

**If the site is too busy, upload it to https://www.virustotal.com/en/indexf.html

=================

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :


O2 - BHO: (no name) - {8974D595-8B00-412A-83D3-349BC2D307D8} - (no file)
O2 - BHO: (no name) - {B26E071D-06C0-4DE4-B0CD-A9DE281CEEB7} - (no file)




Please remember to close all other windows, including browsers then click Fix checked.


================================================

Establish an internet connection & perform an online scan with Internet Explorer at one of the following linksAnswer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


=================

Please Run a scan with HiJackThis and save the log

=================

In your next post, please include fresh logs from:
  • Jotti Report
  • Kaspersky report
  • HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________
Retired member of


Member of UNITE

Go raibh maith agat
alba is offline  
Old 09-21-2008, 09:13 AM   #6
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



Hi Alba first let me say thanks for your help so far.

But i've got a major problem!

My laptop keeps restarting and booting up with the message "windows has recovered from a serious error".

You don't need the jotti log coz nothing at all was found.

I can't finish the kaspersky scan coz of my restarting prob. I've tried numerous times to complete it but only reached 60%

Here's my l8st hijack log

Logfile of HijackThis v1.99.1
Scan saved at 1653, on 21/09/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
doinbox is offline  
Old 09-21-2008, 10:08 AM   #7
TSF Team, Emeritus
 
Join Date: Feb 2005
Location: Eire
Posts: 2,009
OS: Vista, Ubuntu 8.04



Hi Ya doinbox

Nothing we removed could cause a serious error, restore your system to the last restore point by doing the following

1. Go to Start
2. Select Control Panel
3. Select System and Maintenance
4. Select System
5. Select System Protection from the left pane

Then let me know how your system is
__________________
Retired member of


Member of UNITE

Go raibh maith agat
alba is offline  
Old 09-21-2008, 10:20 AM   #8
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



I can't restore i have it disabled. Never use it. Never will. Should i do a repair.
doinbox is offline  
Old 09-21-2008, 10:40 AM   #9
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



Just so you know Alba i'm using a 4gb memory card in my built in reader for readyboost. Could that be causing a problem
doinbox is offline  
Old 09-21-2008, 11:44 AM   #10
TSF Team, Emeritus
 
Join Date: Feb 2005
Location: Eire
Posts: 2,009
OS: Vista, Ubuntu 8.04



Quote:
I can't restore i have it disabled. Never use it. Never will. Should i do a repair.
Why? Yep do a repair but remove the ready boost first. When did you start using it. How much ram do you have in the laptop, To be honest I dont think 4GB of ram would give you much of a boost I actually looked at my 4 gig mem stick today and decided not to bother
__________________
Retired member of


Member of UNITE

Go raibh maith agat
alba is offline  
Old 09-21-2008, 12:50 PM   #11
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



ok i'll do a repair and i'll get rid of the readyboost. I didn't notice much difference anyway. And this time i'll make sure i don't turn off system restore. should i post a hijack after repair?

Thanks m8
doinbox is offline  
Old 09-21-2008, 01:33 PM   #12
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



Hi cant do a startup repair and i have no backup to do a restore I dont want to wipe the drive clean. what should i do now. Its not crashed for a couple of hours now. Do U think it could just be the kaspersky scan causing the crash.
doinbox is offline  
Old 09-21-2008, 01:47 PM   #13
TSF Team, Emeritus
 
Join Date: Feb 2005
Location: Eire
Posts: 2,009
OS: Vista, Ubuntu 8.04



Hi doinbox

It could have been a combination of Kaspersky and readyboost. Combofix also makes back ups so there is no need to worry yet
Lets give it 24 hrs and see how it behaves You are almost clean anyway but I don't want to close off yet until we are sure your system is stable, so when you have time tomorrow,
I'd like to see a more comprehensive set of logs. Please download RSIT.exe and save it to your desktop.
  • Double click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
__________________
Retired member of


Member of UNITE

Go raibh maith agat
alba is offline  
Old 09-21-2008, 03:49 PM   #14
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



OK managed to complete kaspersky scan nothing was found.

Everything seems fine except Firefox seems to be taking longer loadin pages.

Here are the logs from RSIT

info.txt logfile of random's system information tool 1.02 2008-09-21 22:39:59

======Uninstall list======

3ivx MPEG-4 5.0.2 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.2\uninstaller.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Astraware Casino v1.10-->"C:\Windows\WindowsMobile\Astraware Casino\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{6D3963B0-E13B-4FC3-B0FF-506A304BB043}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ConvertXtoDVD 3.2.0.52-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EDIROL PCR Driver-->C:\Program Files\RdDrv001\RDID0027\UnInstal.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Fun Factory-->C:\Windows\WindowsMobile\Fun Factory\Uninstall.exe Fun Factory
GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
GrabIt 1.7.2 Beta 2 (build 994)-->"C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Live 7.0.3-->C:\PROGRA~1\Ableton\LIVE70~1.3\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE70~1.3\Install\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MixMeister Fusion 7.3.2-->"C:\Program Files\MixMeister Fusion\unins000.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 Lite-->"C:\Program Files\Nero\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
O2Micro Flash Memory Card Reader Driver (x86)-->MsiExec.exe /X{372B31CF-77FB-4E29-860C-A0EA2985AB7F}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
QT Lite 2.6.0-->"C:\Program Files\QT Lite\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Reason 4.0.1-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Resco Brain Games-->C:\Windows\RSetupCE.exe -uninstC:\Program Files\Resco\Brain Games\_Install.log
Sianix GPS Compass-->MsiExec.exe /I{237B091C-1D96-4F46-8321-041BA9CC0CA6}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinMobile Torrent-->C:\Windows\WindowsMobile\WinMobile Torrent\Uninstall.exe WinMobile Torrent
winpwn-2.5 2.5.0.0-->C:\Program Files\winpwn-2.5\uninstall winpwn-2.5.exe
WinRAR-->"C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
Wondershare YouTube Downloader(Build 1.3.1.16)-->"C:\Program Files\Wondershare\YouTube Downloader\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080921-0]
AS: Spybot - Search and Destroy
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 080921-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QT Lite\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\QT Lite\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QT Lite\QTSystem\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.02 (written by random/random)
Run by Dion at 2008-09-21 22:39:42
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 187 GB (78%) free of 238 GB
Total RAM: 3070 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:57, on 21/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Users\Dion\Downloads\RSIT.exe
C:\Program Files\trend micro\Dion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7371 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-04 4907008]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-06-02 3563520]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-03-01 166432]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-03-01 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-03-01 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-03-01 92704]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QT Lite\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe -h []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-22 05:59:26 ----A---- C:\Windows\system32\DivXVfWCodec.dll
2008-12-22 05:59:24 ----A---- C:\Windows\system32\SamsungVfWCodec.dll
2008-12-22 05:59:08 ----A---- C:\Windows\system32\OpenQuicktimeLib.dll
2008-12-22 05:59:00 ----A---- C:\Windows\system32\3ivxVfWCodec.dll
2008-12-22 05:58:56 ----A---- C:\Windows\system32\3ivx.dll
2008-12-22 05:52:02 ----A---- C:\Windows\system32\libfaac.dll
2008-09-21 22:39:42 ----D---- C:\rsit
2008-09-21 22:39:42 ----D---- C:\Program Files\trend micro
2008-09-21 16:40:32 ----D---- C:\Users\Dion\AppData\Roaming\Comodo
2008-09-21 16:40:31 ----D---- C:\ProgramData\comodo
2008-09-21 16:40:31 ----A---- C:\Windows\system32\guard32.dll
2008-09-21 16:40:30 ----D---- C:\Program Files\COMODO
2008-09-20 01:49:01 ----D---- C:\Windows\temp
2008-09-20 01:47:14 ----A---- C:\Windows\PSEXESVC.EXE
2008-09-20 01:44:53 ----A---- C:\Windows\swreg.exe
2008-09-17 21:23:54 ----A---- C:\Windows\system32\bcmwlapi.dll
2008-09-17 21:23:05 ----D---- C:\dell
2008-09-17 16:17:08 ----A---- C:\Windows\system32\aswBoot.exe
2008-09-17 16:17:06 ----D---- C:\Program Files\Alwil Software
2008-09-17 15:24:03 ----A---- C:\Windows\system32\wups2.dll
2008-09-17 15:24:03 ----A---- C:\Windows\system32\wucltux.dll
2008-09-17 15:24:03 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-17 15:24:03 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-17 15:23:53 ----A---- C:\Windows\system32\wups.dll
2008-09-17 15:23:53 ----A---- C:\Windows\system32\wudriver.dll
2008-09-17 15:23:53 ----A---- C:\Windows\system32\wuapi.dll
2008-09-17 15:23:48 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-17 15:23:48 ----A---- C:\Windows\system32\wuapp.exe
2008-09-16 22:48:36 ----D---- C:\Program Files\Lavasoft
2008-09-16 22:48:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-16 22:31:37 ----D---- C:\Program Files\Synaptics
2008-09-16 21:19:27 ----D---- C:\Windows\erdnt
2008-09-16 21:19:21 ----D---- C:\QooBox
2008-09-16 21:19:20 ----A---- C:\Windows\zip.exe
2008-09-16 21:19:20 ----A---- C:\Windows\VFind.exe
2008-09-16 21:19:20 ----A---- C:\Windows\swsc.exe
2008-09-16 21:19:20 ----A---- C:\Windows\sed.exe
2008-09-16 21:19:20 ----A---- C:\Windows\Nircmd.exe
2008-09-16 21:19:20 ----A---- C:\Windows\grep.exe
2008-09-16 21:19:20 ----A---- C:\Windows\fdsv.exe
2008-09-16 21:19:13 ----A---- C:\Windows\swxcacls.exe
2008-09-16 19:14:53 ----D---- C:\Users\Dion\AppData\Roaming\Malwarebytes
2008-09-16 19:14:49 ----D---- C:\ProgramData\Malwarebytes
2008-09-16 19:14:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 09:34:05 ----D---- C:\Windows\pss
2008-09-16 09:15:31 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-16 09:13:15 ----HD---- C:\Config.Msi
2008-09-16 00:35:24 ----A---- C:\Windows\wininit.ini
2008-09-16 00:25:25 ----D---- C:\ProgramData\Lavasoft
2008-09-15 23:16:26 ----D---- C:\Windows\Sun
2008-09-15 23:14:49 ----A---- C:\Windows\system32\javaws.exe
2008-09-15 23:14:49 ----A---- C:\Windows\system32\javaw.exe
2008-09-15 23:14:48 ----A---- C:\Windows\system32\java.exe
2008-09-15 23:14:16 ----D---- C:\Program Files\Java
2008-09-15 23:13:42 ----D---- C:\Program Files\Common Files\Java
2008-09-15 21:48:13 ----D---- C:\Program Files\Wondershare
2008-09-15 21:32:31 ----D---- C:\ProgramData\TEMP
2008-09-15 21:32:24 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2008-09-15 21:32:20 ----D---- C:\Program Files\SpywareBlaster
2008-09-15 21:24:54 ----D---- C:\Program Files\Panda Security
2008-09-15 20:07:52 ----D---- C:\Program Files\CCleaner
2008-09-15 19:53:44 ----D---- C:\Program Files\HijackThis
2008-09-15 18:50:13 ----D---- C:\ProgramData\ESET
2008-09-15 18:45:35 ----D---- C:\ProgramData\Avg8
2008-09-15 18:36:01 ----D---- C:\VundoFix Backups
2008-09-15 18:36:01 ----A---- C:\VundoFix.txt
2008-09-15 17:57:42 ----A---- C:\ProgramData\pskt.ini
2008-09-15 17:57:42 ----A---- C:\ProgramData\BMa509e895.txt
2008-09-15 17:57:16 ----A---- C:\Windows\system32\ad191f77-.txt
2008-09-15 17:50:44 ----D---- C:\Program Files\Zeallsoft
2008-09-15 17:27:20 ----D---- C:\Users\Dion\AppData\Roaming\Mozilla
2008-09-15 17:26:50 ----D---- C:\Program Files\Mozilla Firefox
2008-09-15 15:49:40 ----D---- C:\ProgramData\vsosdk
2008-09-15 15:15:39 ----D---- C:\Users\Dion\AppData\Roaming\Applied Acoustics Systems
2008-09-15 15:15:38 ----D---- C:\Program Files\Common Files\Digidesign
2008-09-15 15:15:38 ----D---- C:\Program Files\AAS
2008-09-13 21:45:01 ----A---- C:\Windows\system32\fmod.dll
2008-09-13 21:36:16 ----D---- C:\Program Files\Astraware
2008-09-13 20:59:53 ----A---- C:\Windows\RSetupCE.exe
2008-09-13 20:59:50 ----D---- C:\Program Files\Resco
2008-09-13 20:59:43 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-13 18:37:58 ----D---- C:\Program Files\Combined Community Codec Pack
2008-09-11 23:52:17 ----D---- C:\Program Files\PocketRAR
2008-09-11 19:31:00 ----D---- C:\Users\Dion\AppData\Roaming\Nero
2008-09-10 16:55:48 ----A---- C:\Windows\system32\wvc1dmod.dll
2008-09-10 16:55:48 ----A---- C:\Windows\system32\vp7vfw.dll
2008-09-10 16:55:48 ----A---- C:\Windows\gdiplus.dll
2008-09-10 00:45:46 ----D---- C:\Windows\system32\Adobe
2008-09-10 00:44:03 ----D---- C:\Windows\system32\appmgmt
2008-09-10 00:14:03 ----D---- C:\Users\Dion\AppData\Roaming\Salling Software AB
2008-09-10 00:13:44 ----D---- C:\ProgramData\eSellerate
2008-09-09 19:33:51 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-09 19:33:50 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-09 19:33:47 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 19:33:44 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-09 19:33:44 ----A---- C:\Windows\system32\dataclen.dll
2008-09-09 19:33:44 ----A---- C:\Windows\system32\cdd.dll
2008-09-08 23:11:41 ----D---- C:\Program Files\3ivx
2008-09-08 22:33:45 ----A---- C:\Windows\system32\BASSMOD.dll
2008-09-08 22:33:35 ----D---- C:\Program Files\ID Security Suite
2008-09-08 00:24:06 ----D---- C:\Users\Dion\AppData\Roaming\cmw
2008-09-08 00:22:40 ----D---- C:\Program Files\winpwn-2.5
2008-09-08 00:19:34 ----D---- C:\Users\Dion\AppData\Roaming\Apple Computer
2008-09-08 00:19:22 ----D---- C:\Program Files\iPod
2008-09-08 00:19:21 ----D---- C:\Program Files\iTunes
2008-09-08 00:19:09 ----D---- C:\Program Files\Bonjour
2008-09-08 00:18:15 ----D---- C:\Program Files\Apple Software Update
2008-09-08 00:17:50 ----D---- C:\Program Files\Common Files\Apple
2008-09-08 00:17:49 ----D---- C:\ProgramData\Apple
2008-09-07 23:07:20 ----D---- C:\Users\Dion\AppData\Roaming\Intelliremote
2008-09-07 23:07:19 ----D---- C:\Windows\Intelliremote
2008-09-07 19:00:45 ----D---- C:\Users\Dion\AppData\Roaming\MixMeister Technology
2008-09-07 19:00:31 ----D---- C:\Program Files\MixMeister Fusion
2008-09-07 12:58:01 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-09-06 22:05:08 ----D---- C:\Program Files\Sianix
2008-09-06 21:36:11 ----D---- C:\Program Files\Microsoft.NET
2008-09-06 17:42:17 ----D---- C:\Users\Dion\AppData\Roaming\Ableton
2008-09-06 17:41:51 ----D---- C:\Program Files\Ableton
2008-09-06 17:23:19 ----D---- C:\Program Files\VstPlugins
2008-09-06 17:22:46 ----D---- C:\Program Files\Outsim
2008-09-06 17:21:58 ----D---- C:\Program Files\Image-Line
2008-09-06 17:14:58 ----D---- C:\Program Files\Pro Pinball
2008-09-06 16:50:43 ----D---- C:\Program Files\AudioSurf
2008-09-05 13:08:43 ----D---- C:\Windows\Minidump
2008-09-05 10:42:06 ----A---- C:\Windows\system32\msshooks.dll
2008-09-05 10:42:06 ----A---- C:\Windows\system32\msscb.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-05 10:42:05 ----A---- C:\Windows\system32\propsys.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\propdefs.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\msstrc.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\msshsq.dll
2008-09-05 10:42:05 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\wsepno.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-05 10:42:03 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-05 10:42:03 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\offfilt.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-05 10:42:03 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-05 10:42:02 ----A---- C:\Windows\system32\tquery.dll
2008-09-05 10:42:02 ----A---- C:\Windows\system32\mssvp.dll
2008-09-05 10:42:02 ----A---- C:\Windows\system32\mssrch.dll
2008-09-05 10:42:02 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-05 10:42:02 ----A---- C:\Windows\system32\mssph.dll
2008-09-04 23:27:15 ----D---- C:\Windows\Panther
2008-09-04 23:27:03 ----RAS---- C:\BOOTSECT.BAK
2008-09-04 23:27:01 ----SHD---- C:\Boot
2008-09-04 23:26:43 ----D---- C:\Windows\system32\OEM
2008-09-04 21:17:01 ----D---- C:\Users\Dion\AppData\Roaming\DivX
2008-09-04 21:16:05 ----D---- C:\Users\Dion\AppData\Roaming\Vso
2008-09-04 21:16:02 ----A---- C:\Windows\system32\Pncrt.dll
2008-09-04 21:16:02 ----A---- C:\Windows\system32\drv43260.dll
2008-09-04 21:16:02 ----A---- C:\Windows\system32\drv33260.dll
2008-09-04 21:16:02 ----A---- C:\Windows\system32\drv23260.dll
2008-09-04 21:16:02 ----A---- C:\Windows\system32\cook3260.dll
2008-09-04 21:16:00 ----D---- C:\Program Files\VSO
2008-09-04 17:50:01 ----D---- C:\Program Files\ASIO4ALL v2
2008-09-04 17:14:50 ----A---- C:\Windows\system32\REX Shared Library.dll
2008-09-04 17:14:49 ----A---- C:\Windows\system32\ReWire.dll
2008-09-04 17:07:07 ----D---- C:\Users\Dion\AppData\Roaming\Propellerhead Software
2008-09-04 17:07:07 ----D---- C:\ProgramData\Propellerhead Software
2008-09-04 1732 ----D---- C:\Program Files\Propellerhead
2008-09-04 17:05:13 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-04 16:58:18 ----D---- C:\Users\Dion\AppData\Roaming\DAEMON Tools
2008-09-04 16:38:14 ----D---- C:\Users\Dion\AppData\Roaming\Macromedia
2008-09-04 16:38:13 ----D---- C:\Users\Dion\AppData\Roaming\Adobe
2008-09-04 16:38:12 ----D---- C:\Windows\system32\Macromed
2008-09-04 16:33:17 ----D---- C:\Users\Dion\AppData\Roaming\CyberLink
2008-09-04 16:33:17 ----D---- C:\ProgramData\CyberLink
2008-09-04 16:16:21 ----A---- C:\Windows\NeroDigital.ini
2008-09-04 15:51:34 ----D---- C:\ProgramData\Apple Computer
2008-09-04 15:51:30 ----D---- C:\Program Files\QT Lite
2008-09-04 15:46:54 ----D---- C:\Program Files\DivX
2008-09-04 15:37:58 ----D---- C:\Users\Dion\AppData\Roaming\WinRAR
2008-09-04 15:37:45 ----D---- C:\Windows\WinRAR
2008-09-04 15:37:44 ----D---- C:\Program Files\WinRAR
2008-09-04 15:37:08 ----A---- C:\Windows\system32\TwnLib4.dll
2008-09-04 15:37:08 ----A---- C:\Windows\system32\imagXRA7.dll
2008-09-04 15:37:08 ----A---- C:\Windows\system32\imagXR7.dll
2008-09-04 15:37:08 ----A---- C:\Windows\system32\imagXpr7.dll
2008-09-04 15:37:08 ----A---- C:\Windows\system32\imagX7.dll
2008-09-04 15:37:06 ----D---- C:\ProgramData\Nero
2008-09-04 15:37:06 ----D---- C:\Program Files\Nero
2008-09-04 15:37:06 ----D---- C:\Program Files\Common Files\Nero
2008-09-04 15:22:34 ----D---- C:\Program Files\RdDrv001
2008-09-04 15:22:34 ----A---- C:\Windows\system32\RdCi1027.dll
2008-09-04 15:17:08 ----D---- C:\Users\Dion\AppData\Roaming\GrabIt
2008-09-04 15:10:58 ----D---- C:\Program Files\GrabIt
2008-09-04 14:55:53 ----A---- C:\Windows\system32\tzres.dll
2008-09-04 14:49:05 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-04 14:49:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-04 14:46:28 ----D---- C:\Program Files\AVG
2008-09-04 14:44:51 ----D---- C:\Windows\PCHEALTH
2008-09-04 14:40:51 ----D---- C:\Program Files\BitLord
2008-09-04 14:35:05 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-04 14:35:03 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-04 14:34:50 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-04 14:34:07 ----A---- C:\Windows\system32\mshtml.dll
2008-09-04 14:34:06 ----A---- C:\Windows\system32\wininet.dll
2008-09-04 14:34:06 ----A---- C:\Windows\system32\urlmon.dll
2008-09-04 14:34:06 ----A---- C:\Windows\system32\mstime.dll
2008-09-04 14:34:06 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-04 14:34:06 ----A---- C:\Windows\system32\ieframe.dll
2008-09-04 14:34:01 ----A---- C:\Windows\system32\shell32.dll
2008-09-04 14:33:26 ----D---- C:\Windows\Debug
2008-09-04 14:33:22 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-04 14:33:22 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-04 14:33:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-04 14:33:20 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-04 14:33:19 ----A---- C:\Windows\system32\gdi32.dll
2008-09-04 14:33:16 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-04 14:33:12 ----A---- C:\Windows\system32\winresume.exe
2008-09-04 14:33:12 ----A---- C:\Windows\system32\winload.exe
2008-09-04 14:33:12 ----A---- C:\Windows\system32\srcore.dll
2008-09-04 14:33:12 ----A---- C:\Windows\system32\srclient.dll
2008-09-04 14:33:12 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-09-04 14:33:12 ----A---- C:\Windows\system32\rstrui.exe
2008-09-04 14:33:12 ----A---- C:\Windows\system32\kd1394.dll
2008-09-04 14:33:12 ----A---- C:\Windows\system32\ci.dll
2008-09-04 14:33:11 ----A---- C:\Windows\system32\srdelayed.exe
2008-09-04 14:33:11 ----A---- C:\Windows\system32\kbd106n.dll
2008-09-04 14:33:04 ----A---- C:\Windows\system32\es.dll
2008-09-04 14:33:03 ----A---- C:\Windows\system32\wshext.dll
2008-09-04 14:33:03 ----A---- C:\Windows\system32\wscript.exe
2008-09-04 14:33:03 ----A---- C:\Windows\system32\vbscript.dll
2008-09-04 14:33:03 ----A---- C:\Windows\system32\scrrun.dll
2008-09-04 14:33:03 ----A---- C:\Windows\system32\scrobj.dll
2008-09-04 14:33:03 ----A---- C:\Windows\system32\jscript.dll
2008-09-04 14:33:03 ----A---- C:\Windows\system32\cscript.exe
2008-09-04 14:32:57 ----A---- C:\Windows\system32\gameux.dll
2008-09-04 14:30:59 ----D---- C:\Windows\SoftwareDistribution
2008-09-04 14:29:50 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-04 14:29:35 ----D---- C:\Windows\CSC
2008-09-04 14:29:27 ----A---- C:\Windows\system32\quartz.dll
2008-09-04 14:28:32 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-04 14:28:06 ----D---- C:\Windows\Prefetch
2008-09-04 14:28:05 ----D---- C:\Program Files\Windows Live
2008-09-04 14:27:55 ----SHD---- C:\System Volume Information
2008-09-04 14:27:36 ----D---- C:\ProgramData\WLInstaller
2008-09-04 14:25:29 ----D---- C:\ProgramData\Dell
2008-09-04 14:25:07 ----D---- C:\Program Files\CyberLink
2008-09-04 14:25:07 ----A---- C:\Windows\system32\msvcr71.dll
2008-09-04 14:25:07 ----A---- C:\Windows\system32\msvcp71.dll
2008-09-04 14:25:07 ----A---- C:\Windows\system32\MFC71u.dll
2008-09-04 14:25:07 ----A---- C:\Windows\system32\MFC71.dll
2008-09-04 14:25:07 ----A---- C:\Windows\system32\atl71.dll
2008-09-04 14:24:13 ----D---- C:\ProgramData\NVIDIA
2008-09-04 14:21:24 ----A---- C:\Windows\system32\nvexpbar.dll
2008-09-04 14:21:24 ----A---- C:\Windows\system32\nvcpluir.dll
2008-09-04 14:21:24 ----A---- C:\Windows\system32\nvcplui.exe
2008-09-04 14:20:45 ----A---- C:\Windows\system32\NVUNINST.EXE
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvmccssr.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvmccss.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvmccs.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvhotkey.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvgamesr.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvgames.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvdispsr.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvdisps.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvd3dum.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvcpl.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvcod100.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvcod.dll
2008-09-04 14:20:36 ----A---- C:\Windows\system32\nvapi.dll
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvwssr.dll
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvwss.dll
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvvitvs.dll
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvudisp.exe
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvsvc.dll
2008-09-04 14:20:35 ----A---- C:\Windows\system32\nvcolor.exe
2008-09-04 14:20:35 ----A---- C:\Windows\system32\dpinst.exe
2008-09-04 14:20:34 ----A---- C:\Windows\system32\nvoglv32.dll
2008-09-04 14:20:34 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-09-04 14:20:34 ----A---- C:\Windows\system32\nvmobls.dll
2008-09-04 14:20:34 ----A---- C:\Windows\system32\nvmctray.dll
2008-09-04 14:03:49 ----D---- C:\Program Files\Cisco
2008-09-04 14:02:28 ----A---- C:\Windows\system32\BCMLogon.dll
2008-09-04 14:02:27 ----A---- C:\Windows\system32\vcredist_x86.exe
2008-09-04 14:02:27 ----A---- C:\Windows\system32\vcredist_x86.bat
2008-09-04 14:02:27 ----A---- C:\Windows\system32\Uninst_EAPModules.bat
2008-09-04 14:02:27 ----A---- C:\Windows\system32\bcmwlu00.exe
2008-09-04 14:02:27 ----A---- C:\Windows\system32\bcmttls.dll
2008-09-04 14:02:26 ----A---- C:\Windows\system32\WLTRYSVC.EXE
2008-09-04 14:02:26 ----A---- C:\Windows\system32\wltrynt.dll
2008-09-04 14:02:26 ----A---- C:\Windows\system32\WLTRAY.EXE
2008-09-04 14:02:26 ----A---- C:\Windows\system32\BCMWLTRY.EXE
2008-09-04 14:02:26 ----A---- C:\Windows\system32\bcmwlrmt.dll
2008-09-04 14:02:25 ----A---- C:\Windows\system32\bcmwlcoi.dll
2008-09-04 14:02:25 ----A---- C:\Windows\system32\bcmihvui.dll
2008-09-04 14:02:25 ----A---- C:\Windows\system32\bcmihvsrv.dll
2008-09-04 14:01:56 ----D---- C:\Users\Dion\AppData\Roaming\InstallShield
2008-09-04 14:00:37 ----A---- C:\Windows\system32\results.txt
2008-09-04 13:58:06 ----D---- C:\Windows\system32\SDA
2008-09-04 13:58:06 ----D---- C:\Program Files\O2Micro Flash Memory Card Driver
2008-09-04 13:56:11 ----D---- C:\Users\Dion\AppData\Roaming\Intel
2008-09-04 13:56:09 ----D---- C:\ProgramData\Roaming
2008-09-04 13:47:28 ----D---- C:\ProgramData\SupportSoft
2008-09-04 13:47:22 ----D---- C:\Program Files\Dell Support Center
2008-09-04 13:47:22 ----D---- C:\Program Files\Common Files\supportsoft
2008-09-04 13:43:47 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2008-09-04 13:40:28 ----D---- C:\Program Files\Intel
2008-09-04 13:39:43 ----D---- C:\Windows\system32\RTCOM
2008-09-04 13:39:29 ----A---- C:\Windows\DIFxAPI.dll
2008-09-04 13:39:27 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-04 13:39:27 ----D---- C:\Program Files\Realtek
2008-09-04 13:39:27 ----A---- C:\Windows\system32\SRSWOW.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\SRSTSXT.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\RtkCoInst.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\RtkAPO.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\ppChain.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\DaisyWrp.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\CTAPO32.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\AERTSrv.exe
2008-09-04 13:39:27 ----A---- C:\Windows\system32\AERTCom.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\AERTARen.dll
2008-09-04 13:39:27 ----A---- C:\Windows\system32\AERTACap.dll
2008-09-04 13:39:27 ----A---- C:\Windows\RtlUpd.exe
2008-09-04 13:39:27 ----A---- C:\Windows\RtHDVCpl.exe
2008-09-04 13:39:24 ----A---- C:\Windows\RtlExUpd.dll
2008-09-04 13:39:24 ----A---- C:\Windows\HideWin.exe
2008-09-04 13:39:22 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-04 13:37:41 ----D---- C:\Windows\system32\vmm32
2008-09-04 13:37:41 ----D---- C:\Program Files\Dell
2008-09-04 13:37:15 ----SHD---- C:\Windows\Installer
2008-09-04 13:34:37 ----D---- C:\Users\Dion\AppData\Roaming\Identities
2008-09-04 13:34:28 ----SD---- C:\Users\Dion\AppData\Roaming\Microsoft

======List of files/folders modified in the last 1 months======

2008-09-21 22:39:42 ----RD---- C:\Program Files
2008-09-21 22:37:59 ----D---- C:\Windows\System32
2008-09-21 22:37:59 ----D---- C:\Windows\inf
2008-09-21 22:37:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-21 20:27:20 ----D---- C:\Windows\system32\LogFiles
2008-09-21 20:00:43 ----D---- C:\Windows
2008-09-21 17:02:24 ----D---- C:\Windows\system32\drivers
2008-09-21 16:40:31 ----HD---- C:\ProgramData
2008-09-20 01:47:16 ----A---- C:\Windows\system.ini
2008-09-20 01:46:24 ----D---- C:\Windows\AppPatch
2008-09-20 01:46:24 ----D---- C:\Program Files\Common Files
2008-09-20 00:57:56 ----D---- C:\Windows\system32\catroot2
2008-09-17 21:24:32 ----D---- C:\Windows\system32\catroot
2008-09-17 21:23:57 ----D---- C:\Windows\Help
2008-09-17 16:38:05 ----D---- C:\Windows\rescache
2008-09-17 15:45:48 ----D---- C:\Windows\Logs
2008-09-17 15:34:44 ----D---- C:\Windows\system32\en-US
2008-09-17 15:33:38 ----D---- C:\Windows\winsxs
2008-09-17 15:24:29 ----D---- C:\Windows\PolicyDefinitions
2008-09-16 21:33:51 ----SD---- C:\ProgramData\Microsoft
2008-09-16 21:22:08 ----D---- C:\Windows\system32\config
2008-09-16 09:19:28 ----SD---- C:\Windows\system32\Microsoft
2008-09-16 00:38:53 ----D---- C:\Windows\system32\WDI
2008-09-13 21:38:43 ----D---- C:\Windows\WindowsMobile
2008-09-10 00:45:48 ----SD---- C:\Windows\Downloaded Program Files
2008-09-08 00:19:02 ----D---- C:\Program Files\Internet Explorer
2008-09-07 12:58:03 ----RSD---- C:\Windows\assembly
2008-09-07 12:58:02 ----D---- C:\Windows\Microsoft.NET
2008-09-04 16:57:28 ----D---- C:\Windows\system32\Tasks
2008-09-04 14:59:53 ----D---- C:\Windows\system32\migration
2008-09-04 14:59:47 ----D---- C:\Windows\system32\Boot
2008-09-04 14:59:46 ----D---- C:\Program Files\Windows Mail
2008-09-04 14:45:27 ----D---- C:\Program Files\Common Files\microsoft shared
2008-09-04 13:37:28 ----D---- C:\Windows\system32\restore
2008-09-04 13:34:48 ----SHD---- C:\$Recycle.Bin
2008-09-04 13:34:28 ----RD---- C:\Users
2008-08-26 21:28:12 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-06-02 18424]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-06-02 1207288]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys [2008-09-21 73232]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-04 2054872]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-03-01 7598848]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-02-14 48472]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-14 43480]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-09-04 47360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112]
R3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys []
S1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys []
S1 OMCI;OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS []
S3 a4ec4zrm;a4ec4zrm; C:\Windows\system32\drivers\a4ec4zrm.sys []
S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RDID1027;EDIROL PCR; C:\Windows\system32\Drivers\rdwm1027.sys [2008-09-04 56832]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-21 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-16 611664]
R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-02-04 77824]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2008-02-14 65536]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-06-02 24064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Thanx
doinbox is offline  
Old 09-22-2008, 12:29 AM   #15
TSF Team, Emeritus
 
Join Date: Feb 2005
Location: Eire
Posts: 2,009
OS: Vista, Ubuntu 8.04



Hi doinbox

If firefox is still slow at loading pages after you have followed my instructions below you could post at our firefox forum here and explain that your system has just been cleaned they will be glad to help you

Your logs are clean

=================

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u




To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
MAKING INTERNET EXPLORER SAFER


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Retired member of


Member of UNITE

Go raibh maith agat
alba is offline  
Old 09-22-2008, 05:27 AM   #16
Guest
 
Join Date: Sep 2006
Posts: 40
OS:



Thank you for all your help Alba i shall donate on friday for your help. Thanks once again.
doinbox is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:11 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts