Solved: plz help me remove some virus/malware

crusher4893 · 08-23-2009

well donno completely how this happened but during the installation of my new computer the enginier had inserted a pendrive that contained many spywares he had saned it on my pc but the scan was not completed as the electricity went off
i hav installed the eset smart security
it has detected arount 2 detections in the system restore volum
after that i hav disabled thed system restore
and heres the latest mbam log

Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 5.1.2600 Service Pack 2

8/23/2009 9:20:38 AM
mbam-log-2009-08-23 (09-20-33).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 168475
Time elapsed: 11 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

heres the hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:00 AM, on 8/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\program files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6818 bytes

plz help me
thnx in advance

crusher4893 · 08-23-2009

after uninstalling utorrent

mbam log
Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 5.1.2600 Service Pack 2

8/23/2009 10:16:59 AM
mbam-log-2009-08-23 (10-16-59).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 169478
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:07 AM, on 8/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\program files\mozilla firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6823 bytes

Pancake · 08-24-2009

You will need to download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double-click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

crusher4893 · 08-30-2009

ComboFix 09-08-29.01 - admin 08/31/2009 0:12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2408 [GMT 5.5:30]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\admin\APPLIC~1\wiaserva.log
c:\documents and settings\admin\Start Menu\Programs\Startup\ikowin32.exe
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 17:57 . 2009-03-30 05:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-30 17:57 . 2009-07-28 11:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-30 17:57 . 2009-02-13 06:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-30 17:57 . 2009-02-13 06:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-30 17:57 . 2009-08-30 17:57 -------- d-----w- c:\program files\Avira
2009-08-30 17:57 . 2009-08-30 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-30 05:53 . 2009-08-30 05:53 -------- d-----w- C:\ACROREAD
2009-08-30 05:53 . 2009-08-30 05:53 -------- d-----w- C:\TCWIN45
2009-08-29 15:25 . 2009-08-29 15:25 -------- d-----w- C:\TC
2009-08-28 17:51 . 2009-08-28 17:51 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\PunkBuster
2009-08-28 17:41 . 1993-10-14 12:27 21648 ----a-w- c:\windows\system\CTL3DV2.DLL
2009-08-28 17:41 . 1995-04-27 23:20 97072 ----a-w- c:\windows\system\BWCC0007.DLL
2009-08-28 17:41 . 1995-04-27 23:20 96928 ----a-w- c:\windows\system\BWCC000C.DLL
2009-08-28 17:41 . 1995-04-27 23:20 96912 ----a-w- c:\windows\system\BWCC0009.DLL
2009-08-28 17:41 . 1995-04-27 23:20 164928 ----a-w- c:\windows\system\BWCC.DLL
2009-08-28 17:41 . 1994-11-16 20:49 264800 ----a-w- c:\windows\system\BOCOLE.DLL
2009-08-28 17:41 . 1995-04-27 23:20 58192 ----a-w- c:\windows\system\MHRUN300.DLL
2009-08-28 17:41 . 1995-04-27 23:20 244192 ----a-w- c:\windows\system\MHCARDS.DLL
2009-08-28 17:41 . 1995-04-27 23:20 81920 ----a-w- c:\windows\system\BIVBX11.DLL
2009-08-28 17:21 . 2009-08-28 17:21 -------- d-----w- c:\program files\Bazooka Scanner
2009-08-27 14:38 . 2009-08-27 14:38 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-27 14:37 . 2009-08-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-27 14:37 . 2009-08-27 14:37 -------- d-----w- C:\NVIDIA
2009-08-27 13:51 . 2009-08-29 15:28 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-27 07:03 . 2009-08-29 15:28 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-27 07:03 . 2009-08-28 17:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-27 03:30 . 2009-08-27 03:30 -------- d-----w- c:\program files\PowerISO
2009-08-27 03:23 . 2009-08-27 03:28 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-08-27 03:23 . 2009-08-27 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-08-26 05:08 . 2009-08-26 05:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-25 16:41 . 2008-10-16 08:36 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-25 14:48 . 2009-08-25 14:48 -------- d-----w- c:\program files\Stardock
2009-08-25 14:48 . 2009-08-25 14:48 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Stardock
2009-08-25 14:10 . 2009-08-25 14:10 -------- d-----w- c:\docume~1\admin\APPLIC~1\Windows Search
2009-08-25 13:53 . 2009-08-29 11:30 -------- d-----w- c:\documents and settings\admin\Tracing
2009-08-25 13:53 . 2009-08-25 13:53 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-25 13:52 . 2009-08-05 17:18 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-25 13:52 . 2009-08-25 13:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-25 13:51 . 2006-11-29 07:36 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-25 13:51 . 2009-08-25 13:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-25 13:49 . 2009-08-25 13:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-25 13:49 . 2009-08-25 13:52 -------- d-----w- c:\program files\Windows Live
2009-08-25 13:02 . 2009-08-30 18:38 -------- d-----w- c:\program files\Driver Checker
2009-08-25 12:56 . 2009-08-25 12:56 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-25 11:33 . 2009-08-25 11:33 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\ApplicationHistory
2009-08-25 11:01 . 2009-08-25 11:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-25 11:01 . 2009-08-25 13:50 -------- d-----w- c:\program files\Microsoft
2009-08-25 10:59 . 2009-08-25 10:59 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-25 10:59 . 2009-08-25 10:59 -------- d-----w- c:\program files\Reference Assemblies
2009-08-25 10:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-08-25 10:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-25 10:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-25 10:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-25 10:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-25 10:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-25 10:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-08-25 10:49 . 2009-08-25 10:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\Windows Desktop Search
2009-08-25 10:29 . 2009-08-25 10:29 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-25 10:27 . 2009-08-30 18:33 -------- d-----w- c:\windows\system32\LogFiles
2009-08-25 10:27 . 2009-08-25 10:28 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-25 10:26 . 2009-08-25 10:26 -------- d-----w- c:\windows\system32\URTTemp
2009-08-25 08:56 . 2009-08-25 08:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-25 08:24 . 2009-08-25 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-08-25 08:23 . 2009-08-25 08:23 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 08:21 . 2009-08-25 11:06 -------- d-----w- c:\program files\McAfee
2009-08-25 08:21 . 2009-08-25 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-25 06:24 . 2009-08-25 06:24 -------- d-----w- c:\program files\Belarc
2009-08-25 06:24 . 2008-03-06 06:21 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\system32\scripting
2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\l2schemas
2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\system32\en
2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\system32\bits
2009-08-24 19:30 . 2009-08-24 19:30 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Yahoo
2009-08-24 18:18 . 2009-08-24 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-24 18:18 . 2009-08-24 18:19 -------- d-----w- c:\docume~1\admin\APPLIC~1\Yahoo!
2009-08-24 18:16 . 2009-08-24 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-24 18:16 . 2009-08-24 18:19 -------- d-----w- c:\program files\Yahoo!
2009-08-24 15:16 . 2009-08-24 15:16 -------- d-----w- c:\program files\CCleaner
2009-08-24 13:31 . 2009-08-24 13:33 -------- d-----w- c:\docume~1\admin\APPLIC~1\Desktopicon
2009-08-24 13:31 . 2009-08-24 13:31 -------- d-----w- c:\program files\Unlocker
2009-08-24 10:09 . 2009-08-24 10:12 -------- d-----w- c:\docume~1\admin\APPLIC~1\dvdcss
2009-08-24 09:18 . 2009-08-24 11:05 -------- d-----w- c:\windows\system32\Adobe
2009-08-23 10:16 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-23 10:14 . 2009-08-25 05:31 -------- d-----w- c:\windows\ServicePackFiles
2009-08-23 10:14 . 2009-08-23 10:14 -------- d-----w- c:\program files\MSXML 4.0
2009-08-23 08:44 . 2004-08-03 16:59 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-08-23 08:44 . 2004-08-03 16:59 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-08-23 08:44 . 2004-08-03 16:59 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-08-23 08:44 . 2004-08-03 16:59 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-08-23 08:44 . 2004-08-03 16:59 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-08-23 08:44 . 2004-08-03 16:59 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-08-23 07:58 . 2009-08-23 07:58 -------- d-sh--w- c:\documents and settings\admin\UserData
2009-08-23 04:59 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-23 04:59 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-23 04:58 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-23 04:58 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-23 04:55 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-23 04:55 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-23 04:55 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-23 04:55 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-23 04:55 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-23 04:55 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-23 04:55 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-23 04:55 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-23 04:55 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-23 04:55 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-23 04:55 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-23 04:55 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-23 04:39 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-08-23 04:39 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-23 04:37 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-23 04:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-23 04:36 . 2009-08-23 04:36 -------- d-----w- c:\docume~1\admin\APPLIC~1\Nero
2009-08-23 04:35 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-23 04:18 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-23 04:03 . 2009-08-25 14:14 -------- d--h--w- c:\windows\$hf_mig$
2009-08-23 03:24 . 2009-08-23 03:24 -------- d-----w- c:\docume~1\admin\APPLIC~1\Malwarebytes
2009-08-23 03:24 . 2009-08-03 08:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 03:24 . 2009-08-23 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 03:24 . 2009-08-03 08:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 03:24 . 2009-08-23 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 03:16 . 2009-08-23 03:16 -------- d-----w- c:\program files\Trend Micro
2009-08-22 18:31 . 2009-08-22 18:32 -------- d-----w- c:\docume~1\admin\APPLIC~1\DAEMON Tools Pro
2009-08-22 17:30 . 2009-08-27 03:20 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-30 18:34 . 2009-08-21 16:30 -------- d-----w- c:\program files\uTorrent
2009-08-30 18:34 . 2009-08-21 16:30 -------- d-----w- c:\docume~1\admin\APPLIC~1\uTorrent
2009-08-30 18:33 . 2009-08-21 19:07 -------- d-----w- c:\program files\lg_fwupdate
2009-08-30 13:58 . 2009-08-21 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-30 08:51 . 2009-01-22 15:01 -------- d-----w- c:\program files\Minilyrics
2009-08-29 13:58 . 2009-01-22 15:00 -------- d-----w- c:\program files\Google
2009-08-28 13:40 . 2009-01-22 15:17 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-27 15:20 . 2009-08-21 14:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-27 13:51 . 2009-08-27 07:07 22328 ----a-w- c:\docume~1\admin\APPLIC~1\PnkBstrK.sys
2009-08-26 09:30 . 2009-01-22 14:59 -------- d-----w- c:\docume~1\admin\APPLIC~1\vlc
2009-08-25 11:35 . 2009-08-25 10:48 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-25 11:07 . 2009-08-21 14:40 69232 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 10:59 . 2009-08-21 14:51 -------- d-----w- c:\program files\MSBuild
2009-08-25 10:57 . 2009-08-21 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-25 05:34 . 2009-08-21 14:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-22 19:13 . 2009-08-21 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-08-22 01:17 . 2009-08-21 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-21 19:07 . 2009-08-21 19:07 -------- d-----w- c:\program files\Common Files\LightScribe
2009-08-21 19:00 . 2009-08-21 19:00 -------- d-----w- c:\program files\VideoLAN
2009-08-21 18:43 . 2009-08-21 17:54 -------- d-----w- c:\docume~1\admin\APPLIC~1\CyberLink
2009-08-21 18:43 . 2009-08-21 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-21 18:41 . 2009-08-21 14:53 -------- d-----w- c:\program files\CyberLink
2009-08-21 15:55 . 2009-08-21 15:32 1124872 ----a-w- c:\windows\system32\contfilt.dll
2009-08-21 15:55 . 2009-08-21 15:32 176128 ----a-w- c:\windows\system32\mwnsp.dll
2009-08-21 15:55 . 2009-08-21 15:32 532480 ----a-w- c:\windows\system32\mwtsp.dll
2009-08-21 15:55 . 2009-08-21 15:33 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-08-21 15:45 . 2009-08-21 15:45 -------- d-----w- c:\program files\MP3 Cutter
2009-08-21 15:40 . 2009-08-21 15:39 5190186 ----a-w- c:\windows\REGBK00.ZIP
2009-08-21 15:35 . 2009-08-21 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2009-08-21 15:33 . 2009-08-21 15:33 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-08-21 15:33 . 2009-08-21 15:33 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-08-21 15:33 . 2009-08-21 15:33 -------- d-----w- c:\docume~1\admin\APPLIC~1\MicroWorld
2009-08-21 15:33 . 2009-08-21 15:33 9106 ----a-w- c:\windows\winsbak.reg
2009-08-21 15:33 . 2009-08-21 15:33 70888 ----a-w- c:\windows\winsbak2.reg
2009-08-21 15:28 . 2009-08-21 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-21 15:24 . 2009-08-21 15:24 -------- d-----w- c:\program files\QuickTime
2009-08-21 15:19 . 2009-08-21 15:19 -------- d-----w- c:\program files\Bonjour
2009-08-21 15:16 . 2009-08-21 15:16 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-21 15:15 . 2009-08-21 15:15 0 ----a-w- c:\windows\nsreg.dat
2009-08-21 15:00 . 2009-08-21 14:58 -------- d-----w- c:\program files\Common Files\Nero
2009-08-21 14:58 . 2009-08-21 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-21 14:58 . 2009-08-21 14:58 -------- d-----w- c:\program files\Nero
2009-08-21 14:55 . 2009-08-21 14:55 -------- d-----w- c:\program files\Winamp
2009-08-21 14:53 . 2009-08-21 14:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-21 14:51 . 2009-08-21 14:51 -------- d-----w- c:\program files\Microsoft Works
2009-08-21 14:46 . 2009-08-21 14:45 -------- d-----w- c:\program files\Realtek
2009-08-21 14:45 . 2009-08-21 14:45 -------- d-----w- c:\program files\Intel
2009-08-21 14:45 . 2009-08-21 14:45 -------- d-----w- c:\docume~1\admin\APPLIC~1\InstallShield
2009-08-21 14:45 . 2009-08-21 14:45 315392 ----a-w- c:\windows\HideWin.exe
2009-08-21 14:44 . 2009-08-21 14:44 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-21 14:42 . 2009-08-21 14:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-21 14:37 . 2009-08-21 14:37 -------- d-----w- c:\program files\microsoft frontpage
2009-08-21 14:35 . 2009-08-21 14:35 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-16 21:34 . 2009-08-16 21:34 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-16 21:34 . 2009-08-16 21:34 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-16 21:33 . 2009-08-16 21:33 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-16 21:33 . 2009-08-16 21:33 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-16 21:33 . 2009-08-16 21:33 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-16 21:33 . 2009-08-16 21:33 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-16 21:33 . 2009-08-16 21:33 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-16 21:33 . 2009-08-16 21:33 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-16 21:33 . 2009-08-16 21:33 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-16 21:33 . 2009-08-16 21:33 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-16 21:33 . 2009-08-16 21:33 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-16 21:33 . 2009-08-16 21:33 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-16 21:32 . 2009-08-16 21:32 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 19:27 . 2009-08-21 14:42 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 19:27 . 2009-08-21 14:42 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-16 19:27 . 2009-08-21 14:42 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 19:27 . 2009-08-21 14:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 19:27 . 2009-08-21 14:41 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 19:27 . 2009-08-21 14:41 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 19:27 . 2009-08-21 14:41 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 19:27 . 2009-08-21 14:41 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 19:27 . 2009-08-21 14:41 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 19:27 . 2009-08-16 19:27 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 19:27 . 2009-08-16 19:27 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-11 07:05 . 2009-08-21 14:42 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-08-05 09:01 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-07 00:16 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 04:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 03:25 . 2009-08-21 14:45 143360 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-26 11:14 . 2009-07-26 11:14 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 18:55 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 18:13 . 2004-08-04 04:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 06:45 . 2009-07-10 06:45 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-07 22:35 . 2009-07-07 22:35 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-06-29 16:12 . 2004-08-04 04:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 04:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-08-04 04:56 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-04 04:56 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-04 04:56 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-04 04:56 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-04 04:56 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-04 04:56 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-04 04:56 225280 ----a-w- c:\windows\system32\mqoa.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-16 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-08-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]

c:\documents and settings\admin\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-8-25 3581680]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT. EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Activision\\call of duty mw\\iw3mp.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/30/2009 11:27 PM 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [8/25/2009 7:22 PM 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/25/2009 1:52 PM 210216]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\admin\APPLIC~1\Mozilla\Firefox\Profile s\k5egamzt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-31 00:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-08-30 0:15
ComboFix-quarantined-files.txt 2009-08-30 18:45

Pre-Run: 32,982,749,184 bytes free
Post-Run: 32,950,763,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /Execute /fastdetect

414 --- E O F --- 2009-08-27 09:40

srrry this 1 took a while
i had been out for a while
also b4 the scan the comp went under 2 BSOD i dont know nething about that

just confirming should i post the minidump file in the dump section of the forum

Pancake · 08-30-2009

That all looks ok.You should be fine now.....

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

ComboFix /u

Please read these for future reference it may save you future problems with malware:
http://www.pchelpforum.com/new-hijac...ing-sites.html
http://www.pchelpforum.com/new-hijac...-infected.html
http://www.pchelpforum.com/progress-...afterwork.html

crusher4893 · 08-31-2009

thank u
also i needed to ask about the bsod
should i post them??????

Pancake · 08-31-2009

Originally Posted by crusher4893

thank u
also i needed to ask about the bsod
should i post them??????

No there is no need to post them. All is fine.

08-23-2009	#1
crusher4893 Silver Member Join Date: Jan 2009 Location: new delhi Posts: 168 PC Experience: learning	plz help me remove some virus/malware well donno completely how this happened but during the installation of my new computer the enginier had inserted a pendrive that contained many spywares he had saned it on my pc but the scan was not completed as the electricity went off i hav installed the eset smart security it has detected arount 2 detections in the system restore volum after that i hav disabled thed system restore and heres the latest mbam log Malwarebytes' Anti-Malware 1.40 Database version: 2680 Windows 5.1.2600 Service Pack 2 8/23/2009 9:20:38 AM mbam-log-2009-08-23 (09-20-33).txt Scan type: Full Scan (C:\\|D:\\|E:\\|) Objects scanned: 168475 Time elapsed: 11 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) heres the hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:25:00 AM, on 8/23/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\program files\mozilla firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6818 bytes plz help me thnx in advance

08-23-2009	#2
crusher4893 Silver Member Join Date: Jan 2009 Location: new delhi Posts: 168 PC Experience: learning	Re: plz help me remove some virus/malware after uninstalling utorrent mbam log Malwarebytes' Anti-Malware 1.40 Database version: 2680 Windows 5.1.2600 Service Pack 2 8/23/2009 10:16:59 AM mbam-log-2009-08-23 (10-16-59).txt Scan type: Full Scan (C:\\|D:\\|E:\\|) Objects scanned: 169478 Time elapsed: 13 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18:07 AM, on 8/23/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\program files\mozilla firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6823 bytes

08-24-2009	#3
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 8,241 PC Experience: Elite PC Guru	Re: plz help me remove some virus/malware You will need to download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double-click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply. Caution..... Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer. __________________ An Australian Member of** My real name is Eddy

08-30-2009	#4
crusher4893 Silver Member Join Date: Jan 2009 Location: new delhi Posts: 168 PC Experience: learning	Re: plz help me remove some virus/malware ComboFix 09-08-29.01 - admin 08/31/2009 0:12.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2408 [GMT 5.5:30] Running from: c:\documents and settings\admin\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\admin\APPLIC~1\wiaserva.log c:\documents and settings\admin\Start Menu\Programs\Startup\ikowin32.exe c:\windows\regedit.com c:\windows\system32\taskmgr.com c:\windows\winhelp.ini . ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 ))))))))))))))))))))))))))))))) . 2009-08-30 17:57 . 2009-03-30 05:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-30 17:57 . 2009-07-28 11:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-30 17:57 . 2009-02-13 06:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-30 17:57 . 2009-02-13 06:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-30 17:57 . 2009-08-30 17:57 -------- d-----w- c:\program files\Avira 2009-08-30 17:57 . 2009-08-30 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-30 05:53 . 2009-08-30 05:53 -------- d-----w- C:\ACROREAD 2009-08-30 05:53 . 2009-08-30 05:53 -------- d-----w- C:\TCWIN45 2009-08-29 15:25 . 2009-08-29 15:25 -------- d-----w- C:\TC 2009-08-28 17:51 . 2009-08-28 17:51 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\PunkBuster 2009-08-28 17:41 . 1993-10-14 12:27 21648 ----a-w- c:\windows\system\CTL3DV2.DLL 2009-08-28 17:41 . 1995-04-27 23:20 97072 ----a-w- c:\windows\system\BWCC0007.DLL 2009-08-28 17:41 . 1995-04-27 23:20 96928 ----a-w- c:\windows\system\BWCC000C.DLL 2009-08-28 17:41 . 1995-04-27 23:20 96912 ----a-w- c:\windows\system\BWCC0009.DLL 2009-08-28 17:41 . 1995-04-27 23:20 164928 ----a-w- c:\windows\system\BWCC.DLL 2009-08-28 17:41 . 1994-11-16 20:49 264800 ----a-w- c:\windows\system\BOCOLE.DLL 2009-08-28 17:41 . 1995-04-27 23:20 58192 ----a-w- c:\windows\system\MHRUN300.DLL 2009-08-28 17:41 . 1995-04-27 23:20 244192 ----a-w- c:\windows\system\MHCARDS.DLL 2009-08-28 17:41 . 1995-04-27 23:20 81920 ----a-w- c:\windows\system\BIVBX11.DLL 2009-08-28 17:21 . 2009-08-28 17:21 -------- d-----w- c:\program files\Bazooka Scanner 2009-08-27 14:38 . 2009-08-27 14:38 -------- d-----w- c:\program files\NVIDIA Corporation 2009-08-27 14:37 . 2009-08-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-08-27 14:37 . 2009-08-27 14:37 -------- d-----w- C:\NVIDIA 2009-08-27 13:51 . 2009-08-29 15:28 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-08-27 07:03 . 2009-08-29 15:28 189104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-08-27 07:03 . 2009-08-28 17:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-08-27 03:30 . 2009-08-27 03:30 -------- d-----w- c:\program files\PowerISO 2009-08-27 03:23 . 2009-08-27 03:28 -------- d-----w- c:\program files\DAEMON Tools Pro 2009-08-27 03:23 . 2009-08-27 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-08-26 05:08 . 2009-08-26 05:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-08-25 16:41 . 2008-10-16 08:36 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-25 14:48 . 2009-08-25 14:48 -------- d-----w- c:\program files\Stardock 2009-08-25 14:48 . 2009-08-25 14:48 -------- d-----w- c:\program files\Common Files\Stardock 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Stardock 2009-08-25 14:10 . 2009-08-25 14:10 -------- d-----w- c:\docume~1\admin\APPLIC~1\Windows Search 2009-08-25 13:53 . 2009-08-29 11:30 -------- d-----w- c:\documents and settings\admin\Tracing 2009-08-25 13:53 . 2009-08-25 13:53 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-08-25 13:52 . 2009-08-05 17:18 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-08-25 13:52 . 2009-08-25 13:52 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-08-25 13:51 . 2006-11-29 07:36 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-08-25 13:51 . 2009-08-25 13:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-08-25 13:49 . 2009-08-25 13:49 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-08-25 13:49 . 2009-08-25 13:52 -------- d-----w- c:\program files\Windows Live 2009-08-25 13:02 . 2009-08-30 18:38 -------- d-----w- c:\program files\Driver Checker 2009-08-25 12:56 . 2009-08-25 12:56 -------- d-----w- c:\program files\Common Files\Windows Live 2009-08-25 11:33 . 2009-08-25 11:33 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\ApplicationHistory 2009-08-25 11:01 . 2009-08-25 11:06 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-25 11:01 . 2009-08-25 13:50 -------- d-----w- c:\program files\Microsoft 2009-08-25 10:59 . 2009-08-25 10:59 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-25 10:59 . 2009-08-25 10:59 -------- d-----w- c:\program files\Reference Assemblies 2009-08-25 10:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll 2009-08-25 10:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-25 10:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-25 10:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-25 10:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-25 10:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-25 10:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe 2009-08-25 10:49 . 2009-08-25 10:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\Windows Desktop Search 2009-08-25 10:29 . 2009-08-25 10:29 -------- d-----w- c:\program files\Windows Media Connect 2 2009-08-25 10:27 . 2009-08-30 18:33 -------- d-----w- c:\windows\system32\LogFiles 2009-08-25 10:27 . 2009-08-25 10:28 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-08-25 10:26 . 2009-08-25 10:26 -------- d-----w- c:\windows\system32\URTTemp 2009-08-25 08:56 . 2009-08-25 08:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-25 08:24 . 2009-08-25 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-08-25 08:23 . 2009-08-25 08:23 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-25 08:21 . 2009-08-25 11:06 -------- d-----w- c:\program files\McAfee 2009-08-25 08:21 . 2009-08-25 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-25 06:24 . 2009-08-25 06:24 -------- d-----w- c:\program files\Belarc 2009-08-25 06:24 . 2008-03-06 06:21 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\system32\scripting 2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\l2schemas 2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\system32\en 2009-08-25 05:32 . 2009-08-25 05:32 -------- d-----w- c:\windows\system32\bits 2009-08-24 19:30 . 2009-08-24 19:30 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Yahoo 2009-08-24 18:18 . 2009-08-24 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-08-24 18:18 . 2009-08-24 18:19 -------- d-----w- c:\docume~1\admin\APPLIC~1\Yahoo! 2009-08-24 18:16 . 2009-08-24 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-08-24 18:16 . 2009-08-24 18:19 -------- d-----w- c:\program files\Yahoo! 2009-08-24 15:16 . 2009-08-24 15:16 -------- d-----w- c:\program files\CCleaner 2009-08-24 13:31 . 2009-08-24 13:33 -------- d-----w- c:\docume~1\admin\APPLIC~1\Desktopicon 2009-08-24 13:31 . 2009-08-24 13:31 -------- d-----w- c:\program files\Unlocker 2009-08-24 10:09 . 2009-08-24 10:12 -------- d-----w- c:\docume~1\admin\APPLIC~1\dvdcss 2009-08-24 09:18 . 2009-08-24 11:05 -------- d-----w- c:\windows\system32\Adobe 2009-08-23 10:16 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-23 10:14 . 2009-08-25 05:31 -------- d-----w- c:\windows\ServicePackFiles 2009-08-23 10:14 . 2009-08-23 10:14 -------- d-----w- c:\program files\MSXML 4.0 2009-08-23 08:44 . 2004-08-03 16:59 25471 ------w- c:\windows\system32\drivers\watv10nt.sys 2009-08-23 08:44 . 2004-08-03 16:59 22271 ------w- c:\windows\system32\drivers\watv06nt.sys 2009-08-23 08:44 . 2004-08-03 16:59 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys 2009-08-23 08:44 . 2004-08-03 16:59 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys 2009-08-23 08:44 . 2004-08-03 16:59 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys 2009-08-23 08:44 . 2004-08-03 16:59 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys 2009-08-23 07:58 . 2009-08-23 07:58 -------- d-sh--w- c:\documents and settings\admin\UserData 2009-08-23 04:59 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-08-23 04:59 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-08-23 04:58 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-08-23 04:58 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-08-23 04:55 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-08-23 04:55 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-08-23 04:55 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-08-23 04:55 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-08-23 04:55 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-08-23 04:55 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-08-23 04:55 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-08-23 04:55 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-08-23 04:55 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-08-23 04:55 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-23 04:55 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-23 04:55 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-23 04:39 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-08-23 04:39 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-08-23 04:37 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-08-23 04:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-23 04:36 . 2009-08-23 04:36 -------- d-----w- c:\docume~1\admin\APPLIC~1\Nero 2009-08-23 04:35 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-08-23 04:18 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-08-23 04:03 . 2009-08-25 14:14 -------- d--h--w- c:\windows\$hf_mig$ 2009-08-23 03:24 . 2009-08-23 03:24 -------- d-----w- c:\docume~1\admin\APPLIC~1\Malwarebytes 2009-08-23 03:24 . 2009-08-03 08:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-23 03:24 . 2009-08-23 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-23 03:24 . 2009-08-03 08:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-23 03:24 . 2009-08-23 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-23 03:16 . 2009-08-23 03:16 -------- d-----w- c:\program files\Trend Micro 2009-08-22 18:31 . 2009-08-22 18:32 -------- d-----w- c:\docume~1\admin\APPLIC~1\DAEMON Tools Pro 2009-08-22 17:30 . 2009-08-27 03:20 722416 ----a-w- c:\windows\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-08-30 18:34 . 2009-08-21 16:30 -------- d-----w- c:\program files\uTorrent 2009-08-30 18:34 . 2009-08-21 16:30 -------- d-----w- c:\docume~1\admin\APPLIC~1\uTorrent 2009-08-30 18:33 . 2009-08-21 19:07 -------- d-----w- c:\program files\lg_fwupdate 2009-08-30 13:58 . 2009-08-21 14:53 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-30 08:51 . 2009-01-22 15:01 -------- d-----w- c:\program files\Minilyrics 2009-08-29 13:58 . 2009-01-22 15:00 -------- d-----w- c:\program files\Google 2009-08-28 13:40 . 2009-01-22 15:17 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-27 15:20 . 2009-08-21 14:41 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-27 13:51 . 2009-08-27 07:07 22328 ----a-w- c:\docume~1\admin\APPLIC~1\PnkBstrK.sys 2009-08-26 09:30 . 2009-01-22 14:59 -------- d-----w- c:\docume~1\admin\APPLIC~1\vlc 2009-08-25 11:35 . 2009-08-25 10:48 -------- d-----w- c:\program files\Windows Desktop Search 2009-08-25 11:07 . 2009-08-21 14:40 69232 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 10:59 . 2009-08-21 14:51 -------- d-----w- c:\program files\MSBuild 2009-08-25 10:57 . 2009-08-21 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-25 05:34 . 2009-08-21 14:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-22 19:13 . 2009-08-21 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-08-22 01:17 . 2009-08-21 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2009-08-21 19:07 . 2009-08-21 19:07 -------- d-----w- c:\program files\Common Files\LightScribe 2009-08-21 19:00 . 2009-08-21 19:00 -------- d-----w- c:\program files\VideoLAN 2009-08-21 18:43 . 2009-08-21 17:54 -------- d-----w- c:\docume~1\admin\APPLIC~1\CyberLink 2009-08-21 18:43 . 2009-08-21 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-08-21 18:41 . 2009-08-21 14:53 -------- d-----w- c:\program files\CyberLink 2009-08-21 15:55 . 2009-08-21 15:32 1124872 ----a-w- c:\windows\system32\contfilt.dll 2009-08-21 15:55 . 2009-08-21 15:32 176128 ----a-w- c:\windows\system32\mwnsp.dll 2009-08-21 15:55 . 2009-08-21 15:32 532480 ----a-w- c:\windows\system32\mwtsp.dll 2009-08-21 15:55 . 2009-08-21 15:33 -------- d-----w- c:\program files\Common Files\MicroWorld 2009-08-21 15:45 . 2009-08-21 15:45 -------- d-----w- c:\program files\MP3 Cutter 2009-08-21 15:40 . 2009-08-21 15:39 5190186 ----a-w- c:\windows\REGBK00.ZIP 2009-08-21 15:35 . 2009-08-21 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld 2009-08-21 15:33 . 2009-08-21 15:33 626688 ----a-w- c:\windows\system32\msvcr80.dll 2009-08-21 15:33 . 2009-08-21 15:33 548864 ----a-w- c:\windows\system32\msvcp80.dll 2009-08-21 15:33 . 2009-08-21 15:33 -------- d-----w- c:\docume~1\admin\APPLIC~1\MicroWorld 2009-08-21 15:33 . 2009-08-21 15:33 9106 ----a-w- c:\windows\winsbak.reg 2009-08-21 15:33 . 2009-08-21 15:33 70888 ----a-w- c:\windows\winsbak2.reg 2009-08-21 15:28 . 2009-08-21 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-08-21 15:24 . 2009-08-21 15:24 -------- d-----w- c:\program files\QuickTime 2009-08-21 15:19 . 2009-08-21 15:19 -------- d-----w- c:\program files\Bonjour 2009-08-21 15:16 . 2009-08-21 15:16 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-08-21 15:15 . 2009-08-21 15:15 0 ----a-w- c:\windows\nsreg.dat 2009-08-21 15:00 . 2009-08-21 14:58 -------- d-----w- c:\program files\Common Files\Nero 2009-08-21 14:58 . 2009-08-21 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-08-21 14:58 . 2009-08-21 14:58 -------- d-----w- c:\program files\Nero 2009-08-21 14:55 . 2009-08-21 14:55 -------- d-----w- c:\program files\Winamp 2009-08-21 14:53 . 2009-08-21 14:40 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-21 14:51 . 2009-08-21 14:51 -------- d-----w- c:\program files\Microsoft Works 2009-08-21 14:46 . 2009-08-21 14:45 -------- d-----w- c:\program files\Realtek 2009-08-21 14:45 . 2009-08-21 14:45 -------- d-----w- c:\program files\Intel 2009-08-21 14:45 . 2009-08-21 14:45 -------- d-----w- c:\docume~1\admin\APPLIC~1\InstallShield 2009-08-21 14:45 . 2009-08-21 14:45 315392 ----a-w- c:\windows\HideWin.exe 2009-08-21 14:44 . 2009-08-21 14:44 -------- d-----w- c:\program files\AGEIA Technologies 2009-08-21 14:42 . 2009-08-21 14:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-21 14:37 . 2009-08-21 14:37 -------- d-----w- c:\program files\microsoft frontpage 2009-08-21 14:35 . 2009-08-21 14:35 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-16 21:34 . 2009-08-16 21:34 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-08-16 21:34 . 2009-08-16 21:34 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-08-16 21:33 . 2009-08-16 21:33 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-08-16 21:33 . 2009-08-16 21:33 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-08-16 21:33 . 2009-08-16 21:33 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-08-16 21:33 . 2009-08-16 21:33 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-08-16 21:33 . 2009-08-16 21:33 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-08-16 21:33 . 2009-08-16 21:33 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-08-16 21:33 . 2009-08-16 21:33 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-08-16 21:33 . 2009-08-16 21:33 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-08-16 21:33 . 2009-08-16 21:33 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-08-16 21:33 . 2009-08-16 21:33 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-16 21:32 . 2009-08-16 21:32 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-16 19:27 . 2009-08-21 14:42 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-16 19:27 . 2009-08-21 14:42 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-16 19:27 . 2009-08-21 14:42 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-16 19:27 . 2009-08-21 14:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-16 19:27 . 2009-08-21 14:41 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-16 19:27 . 2009-08-21 14:41 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-16 19:27 . 2009-08-21 14:41 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-16 19:27 . 2009-08-21 14:41 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-16 19:27 . 2009-08-21 14:41 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-16 19:27 . 2009-08-16 19:27 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-16 19:27 . 2009-08-16 19:27 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-11 07:05 . 2009-08-21 14:42 485920 ----a-w- c:\windows\system32\nvuninst.exe 2009-08-05 09:01 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2004-08-07 00:16 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-04 04:56 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-28 03:25 . 2009-08-21 14:45 143360 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys 2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys 2009-07-26 11:14 . 2009-07-26 11:14 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-07-17 18:55 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 18:13 . 2004-08-04 04:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 06:45 . 2009-07-10 06:45 306544 ----a-w- c:\windows\WLXPGSS.SCR 2009-07-07 22:35 . 2009-07-07 22:35 73728 ----a-w- c:\windows\system32\RtNicProp32.dll 2009-06-29 16:12 . 2004-08-04 04:56 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 04:56 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 18:36 . 2004-08-04 04:56 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 04:56 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 04:56 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 04:56 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 04:56 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 04:56 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 04:56 225280 ----a-w- c:\windows\system32\mqoa.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-16 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-08-16 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816] c:\documents and settings\admin\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-8-25 3581680] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] BootExecute REG_MULTI_SZ \0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT. EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Activision\\call of duty mw\\iw3mp.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/30/2009 11:27 PM 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [8/25/2009 7:22 PM 54752] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/25/2009 1:52 PM 210216] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/Yahoo! SearchBar Home Page uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/Yahoo! IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\docume~1\admin\APPLIC~1\Mozilla\Firefox\Profile s\k5egamzt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************ ******************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-31 00:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2009-08-30 0:15 ComboFix-quarantined-files.txt 2009-08-30 18:45 Pre-Run: 32,982,749,184 bytes free Post-Run: 32,950,763,520 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /Execute /fastdetect 414 --- E O F --- 2009-08-27 09:40 srrry this 1 took a while i had been out for a while also b4 the scan the comp went under 2 BSOD i dont know nething about that just confirming should i post the minidump file in the dump section of the forum

08-30-2009	#5
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 8,241 PC Experience: Elite PC Guru	Re: plz help me remove some virus/malware That all looks ok.You should be fine now..... This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK. ComboFix /u Please read these for future reference it may save you future problems with malware: http://www.pchelpforum.com/new-hijac...ing-sites.html http://www.pchelpforum.com/new-hijac...-infected.html http://www.pchelpforum.com/progress-...afterwork.html __________________ An Australian Member of My real name is Eddy

08-31-2009	#6
crusher4893 Silver Member Join Date: Jan 2009 Location: new delhi Posts: 168 PC Experience: learning	Re: plz help me remove some virus/malware thank u also i needed to ask about the bsod should i post them??????

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Solved: Request help to remove malware!	reggie174	Spyware / AdWare	4	08-03-2009 03:24 AM
Solved: Remove Malware	rony_arefin	Spyware / AdWare	18	11-20-2006 12:54 AM
Information: List of uninstallable Malware via Add/Remove Programs	joe5	Spyware / AdWare	0	04-09-2006 09:19 PM
[Fixed] Norton Anti virus won't remove virus	kloud	Anti-Virus	3	01-21-2005 10:42 AM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode