WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Malware/Virtumonde Infection

Started by unowen , Mar 05 2009 10:20 PM

This topic is locked

18 replies to this topic

#1 unowen

New Member

Authentic Member
9 posts

Posted 05 March 2009 - 10:20 PM

I'm pretty technical minded but this infection has me pinned down. I'm not having a ton of issues as I used spysweeper and spybot with some regedits to eliminate most of the problems but I'm still having a few files that keep replicating and I imagine if I don't get rid of them they will only grow in numer. I read through the forums for some information and I am posting my HJT log and a Combo Fix log. Any help would be greatly appreciated.

Hijack This Log
***********************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:15 PM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Download\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.gamespy.com"); (C:\Documents and Settings\OASIS 5\Application Data\Mozilla\Profiles\default\t1f05jb8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OASIS 5\Application Data\Mozilla\Profiles\default\t1f05jb8.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [CPM2f1dfa7b] Rundll32.exe "c:\windows\system32\bamonipo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1195332211750
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15106/CTPID.cab
O20 - AppInit_DLLs: golels.dll yufnlh.dll,C:\WINDOWS\system32\monazeva.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\cevel.html

--
End of file - 14119 bytes

Combo Fix Log
*************************************
ComboFix 09-03-04.01 - Oasis 5 2009-03-05 18:36:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2450 [GMT -6:00]
Running from: c:\documents and settings\Oasis 5\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090305-1] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Oasis 5\Favorites\Online Security Guide.lnk
c:\windows\IE4 Error Log.txt
c:\windows\system32\disefeye.dll
c:\windows\system32\ehouugxo.ini
c:\windows\system32\golels.dll
c:\windows\system32\hnshku.dll
c:\windows\system32\jofamoja.dll
c:\windows\system32\ldinfo.ldr
c:\windows\system32\nqtwa.ini
c:\windows\system32\nqtwa.ini2
c:\windows\system32\pac.txt
c:\windows\system32\raromozo.dll
c:\windows\system32\rttss.bak1
c:\windows\system32\rttss.ini2
c:\windows\system32\rttss.tmp
c:\windows\system32\sorivibu.dll
c:\windows\system32\tstwa.bak1
c:\windows\system32\tstwa.ini
c:\windows\system32\tstwa.ini2
c:\windows\system32\tstwa.tmp
c:\windows\system32\yufnlh.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-05 15:24 . 2009-03-05 15:24 24,576 --a------ c:\windows\system32\VundoFixSVC.exe
2009-03-04 21:35 . 2009-03-04 21:36 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-04 21:01 . 2009-03-04 21:01 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-04 21:01 . 2009-03-04 21:01 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-27 20:08 . 2009-02-27 20:08 <DIR> d-------- c:\program files\TQ Defiler
2009-02-15 20:49 . 2007-01-08 13:59 40,960 --a------ c:\windows\system32\psfind.dll
2009-02-14 16:40 . 2009-03-05 18:52 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
2009-02-14 16:40 . 2009-03-05 18:52 11,564 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
2009-02-14 16:38 . 2009-03-04 20:14 4,958,588 --------- c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.BAK
2009-02-14 15:55 . 2009-03-04 20:14 4,958,588 --a------ c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.CDF
2009-02-14 15:55 . 2006-11-14 07:28 86,016 --a------ c:\windows\system32\cttele.dll
2009-02-14 14:23 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-02-12 21:11 . 2009-02-13 00:26 <DIR> d-------- c:\documents and settings\Oasis 5\Application Data\Mount&Blade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 03:40 --------- d-----w c:\documents and settings\Oasis 5\Application Data\WTablet
2009-03-06 00:54 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-03-05 19:47 --------- d-----w c:\program files\PeerGuardian2
2009-03-05 17:31 --------- d-----w c:\documents and settings\Administrator\Application Data\WTablet
2009-03-05 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 22:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-17 00:37 --------- d-----w c:\documents and settings\Oasis 5\Application Data\FileZilla
2009-02-16 02:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 21:12 --------- d-----w c:\documents and settings\Oasis 5\Application Data\IGN_DLM
2009-02-14 22:31 --------- d-----w c:\program files\Creative
2009-02-14 21:54 --------- d-----w c:\documents and settings\Oasis 5\Application Data\Creative
2009-02-14 20:43 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-02-14 20:43 --------- d-s---w c:\program files\Xfire
2009-02-14 20:43 --------- d-----w c:\program files\support.com
2009-02-14 20:43 --------- d-----w c:\program files\Steinberg
2009-02-14 20:43 --------- d-----w c:\program files\ICQToolbar
2009-02-14 20:43 --------- d-----w c:\program files\GameSpy Arcade
2009-02-14 20:43 --------- d-----w c:\program files\DivX
2009-02-14 20:43 --------- d-----w c:\program files\Common Files\Vbox
2009-02-14 20:43 --------- d-----w c:\program files\Apple Software Update
2009-01-27 00:05 --------- d-----w c:\documents and settings\Oasis 5\Application Data\Tunebite
2009-01-25 19:26 --------- d-----w c:\program files\Symantec
2009-01-25 19:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-14 20:38 --------- d-----w c:\documents and settings\Oasis 5\Application Data\GetRight
2009-01-14 19:09 --------- d-----w c:\program files\GetRight
2008-10-31 19:14 726,008 ----a-w c:\documents and settings\Oasis 5\gotomypc_437.exe
2008-10-31 18:40 721,912 ----a-w c:\documents and settings\Oasis 5\gotomypc_428.exe
2008-08-23 04:08 24 ----a-w c:\documents and settings\Oasis 5\jagex_runescape_preferences.dat
2007-04-15 19:23 1 ----a-w c:\documents and settings\Oasis 5\SI.bin
2006-08-25 02:30 563,712 ----a-w c:\documents and settings\Oasis 5\gotomypc_370.exe
2006-02-01 02:07 563,712 ----a-w c:\documents and settings\Oasis 5\370_gotomypc.exe
2005-09-24 13:35 483,401 ----a-w c:\documents and settings\Oasis 5\314_gotomypc.exe
2005-09-06 00:27 2,449,408 ----a-w c:\documents and settings\Oasis 5\gosetup.exe
2005-08-11 15:57 483,401 ----a-w c:\documents and settings\Oasis 5\gotomypc.exe
2002-09-11 14:26 63,730 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2005-04-14 22:41 44,153 ----a-w c:\program files\mozilla firefox\components\inspector.dll
2007-11-18 05:24 1,233 --sha-w c:\windows\system32\mmf.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 249904]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
"Logitech Utility"="Logi_MwX.Exe" [2004-07-08 c:\windows\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-18 110592]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-09-10 221247]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-24 809488]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Common Files\cevel.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-01-12 17:45 10800 c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=golels.dll yufnlh.dll,c:\windows\system32\monazeva.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDVC"= cdvccodc.dll
"msacm.enc"= ITIG726.acm
"wave6"= aarklink.dll
"midi6"= aarklink.dll
"vidc.GM20"= GXGM20.dll
"vidc.GEOX"= GeoCodec.dll
"vidc.GEOV"= GeoCodec.dll
"vidc.G264"= GX264.dll
"vidc.GMP4"= GXAMP4.dll
"vidc.GM40"= GXAMP4.dll
"vidc.mpg4"= c:\windows\Mpg4c32.dll
"vidc.mpg2"= c:\windows\mpg4c32.dll
"vidc.mpg3"= c:\windows\mpg4c32.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.mp42"= c:\windows\Mpg4c32.dll
"vidc.mp43"= c:\windows\Mpg4c32.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 11:09 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 13:36 1103216 c:\program files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]
--a------ 2007-02-08 01:12 628248 c:\program files\Logitech\QuickCamWebInstall\Setup\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-26 14:03 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-30 18:47 1271032 h:\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-09-12 17:46 160160 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLTRYSVC"=2 (0x2)
"Tcpeaaanc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"RaySatxsi4_0Server"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"C-DillaSrv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe Version Cue CS2"=3 (0x3)
"Adobe Version Cue CS3"=3 (0x3)
"wwSecSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159651577\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159651577\\ee\\aim6.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21518:UDP"= 21518:UDP:Enfocus Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-01 78416]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2004-10-26 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-01 20560]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-11-17 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-27 24652]
R3 AGV;AGV;c:\windows\system32\drivers\AGV.sys [2006-09-01 183465]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2005-09-03 33792]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
R3 GV650S;GV650S;c:\windows\system32\drivers\GV650S.sys [2006-09-01 75041]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 ctgame;Game Port;c:\windows\system32\drivers\CTGAME.SYS [2008-07-07 18840]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
S3 ldiskl;ldiskl;\??\c:\docume~1\OASIS5~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\OASIS5~1\LOCALS~1\Temp\ldiskl.sys [?]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-12-03 2560]
S4 Swe4uteqs;Swe4uteqs; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b1c2a98-1fa4-11d9-934e-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69a98f34-6e46-11dd-8f30-0019e06587dd}]
\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8876ca1f-72af-11dd-8f31-0019e06587dd}]
\Shell\AutoRun\command - ClearPlayEasyUpdatesSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aebd8b49-11ac-11dd-840d-0019e06587dd}]
\Shell\AutoRun\command - F:\ClearPlayEasyUpdatesSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7d243a05-95f7-4cff-96ac-52a684a58e65} - c:\windows\system32\zutesege.dll
HKLM-Run-CPM2f1dfa7b - c:\windows\system32\bamonipo.dll
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\program files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-renohetija - c:\windows\system32\zodaseje.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gamespy.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
LSP: xfire_lsp_10650.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Oasis 5\Application Data\Mozilla\Firefox\Profiles\n0xxrrco.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gamespy.com
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 21:45:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,ff,52,16,5e,e0,cf,7b,d1,b0,17,bf,6f,21,98,13,96,d5,e9,a6,0b,3b,c5,
38,12,e3,b4,00,59,e5,1c,bb,8c,99,58,d0,cd,b3,81,7b,9b,df,e5,40,13,da,3b,64,\
"??"=hex:cd,8a,a3,cf,1c,2c,7b,ad,8a,ac,d2,0d,e1,d2,64,ed

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,91,1c,b2,df,8c,5d,28,a5,d9,8d,1f,d9,9d,26,48,ff,7d,7d,9a,4c,
2b,76,2b,87,e4,b8,79,a2,3f,d5,13,bf,1e,c1,29,fb,82,a0,31,99,36,86,5b,e3,fa,\
"rkeysecu"=hex:f0,11,82,a0,28,5b,0e,00,38,d6,db,20,88,1a,b2,f1

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0]
"1"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,f3,14,12,4f,01,36,44,
b9
"2"=hex:6c,c5,5b,f7,b0,9e,32,e3,03,c6,40,3c,f9,93,f0,a3,e0,80,50,c4,b1,40,2f,
48,ec,05,72,d0,e0,27,38,13
"3"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,88,0a,70,d8,2f,23,2d,
64,0e,4f,11,7b,2d,48,46,54,f2,60,49,21,f0,9e,bf,bb,ce,a9,b7,33,0c,9b,44,72

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0\3B763314737244E370C2A58F10561342]
"1"=hex:a5,c9,74,ec,b1,20,d6,a1,46,64,76,6c,55,07,98,be
"2"=hex:52,08,bd,d5,bc,5a,fb,26
"3"=hex:4b,52,79,85,46,62,03,0c,16,1f,75,d4,78,fc,b2,76,2b,3f,40,8c,c1,27,54,
fa,4c,28,ea,41,50,c2,9d,21,95,79,57,12,ce,01,e6,ef,67,76,cd,d6,6f,72,ed,d7,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:a5,c9,74,ec,b1,20,d6,a1,fe,0e,d2,15,0a,d4,86,e7,ce,b6,b2,c1,52,c5,e6,
f7,7b,7b,90,54,4a,1e,df,32,b7,b7,07,02,85,4e,ed,9d,c2,4a,8a,c8,5d,35,b4,5e,\
"7"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,ce,c8,a9,1f,59,5f,3d,
24,37,04,40,4a,f4,30,65,d4,c0,58,80,e5,16,68,3a,98,df,ce,bb,3a,52,ae,be,a8,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,42,65,bf,c3,d7,b2,88,
07,4b,e7,15,d7,52,86,76,79,e7,6c,c2,fa,12,7e,7a,c3,58,35,cc,75,55,0a,70,e3,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:84,e7,55,62,bd,51,b9,d6,b9,12,90,08,a3,9c,e5,48,4e,85,49,14,17,a4,01,
68,fe,5e,53,7b,ac,dd,7f,0c,84,f4,81,a0,c4,40,93,38,67,06,bd,0d,9d,ec,6e,96,\
"13"=hex:ff,71,2f,68,31,8b,75,f4,13,9c,7c,69,8b,63,7f,02,66,01,de,0c,f2,bb,ea,
f8
"14"=hex:9a,87,95,59,aa,3b,3f,22
"24"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:af,26,30,10,fc,74,fa,7d,7f,74,88,6c,53,c4,49,f8
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:67,ec,7d,fd,65,a7,b1,b7,7b,7a,00,17,a6,f7,92,c6,7d,4f,e6,9a,84,00,28,
a7,8a,ea,fe,fb,f5,1a,49,91,bc,fb,b8,fa,fd,ea,9d,17,78,ea,6b,ed,6d,3a,59,9b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\xfire_lsp_10650.dll

- - - - - - - > 'explorer.exe'(9268)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Intel\Intel® Active Monitor\imonNT.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-03-05 21:56:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 03:56:29

Pre-Run: 8,510,582,784 bytes free
Post-Run: 8,514,170,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
450

Advertisements

Register to Remove

#2 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 09 March 2009 - 07:52 AM

Hi,

Please delete your existing copy of ComboFix and download and run the latest from here:
ComboFix
Run it and post the log it gives.

I need to see another log from HijackThis.

Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.

Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#3 unowen

New Member

Authentic Member
9 posts

Posted 09 March 2009 - 08:06 PM

Okay here are the logs. Thanks for your help.

Hijack This Log
******************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:21 PM, on 3/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Download\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.gamespy.com"); (C:\Documents and Settings\OASIS 5\Application Data\Mozilla\Profiles\default\t1f05jb8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OASIS 5\Application Data\Mozilla\Profiles\default\t1f05jb8.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1195332211750
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15106/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\cevel.html

--
End of file - 13896 bytes

Combo Fix Log
*******************************
ComboFix 09-03-06.02 - Oasis 5 2009-03-09 19:35:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2351 [GMT -6:00]
Running from: c:\documents and settings\Oasis 5\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090309-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-05 15:24 . 2009-03-05 15:24 24,576 --a------ c:\windows\system32\VundoFixSVC.exe
2009-03-04 21:35 . 2009-03-04 21:36 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-04 21:01 . 2009-03-04 21:01 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-04 21:01 . 2009-03-04 21:01 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-27 20:08 . 2009-02-27 20:08 <DIR> d-------- c:\program files\TQ Defiler
2009-02-15 20:49 . 2007-01-08 13:59 40,960 --a------ c:\windows\system32\psfind.dll
2009-02-14 16:40 . 2009-03-09 19:55 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
2009-02-14 16:40 . 2009-03-09 19:55 11,564 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
2009-02-14 16:38 . 2009-03-04 20:14 4,958,588 --------- c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.BAK
2009-02-14 15:55 . 2009-03-04 20:14 4,958,588 --a------ c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.CDF
2009-02-14 15:55 . 2006-11-14 07:28 86,016 --a------ c:\windows\system32\cttele.dll
2009-02-14 14:23 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-02-12 21:11 . 2009-02-13 00:26 <DIR> d-------- c:\documents and settings\Oasis 5\Application Data\Mount&Blade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 02:43 --------- d-----w c:\documents and settings\Oasis 5\Application Data\WTablet
2009-03-10 01:58 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-03-09 14:21 --------- d-----w c:\program files\Zune
2009-03-08 17:09 --------- d-----w c:\program files\PeerGuardian2
2009-03-05 17:31 --------- d-----w c:\documents and settings\Administrator\Application Data\WTablet
2009-03-05 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 22:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-17 00:37 --------- d-----w c:\documents and settings\Oasis 5\Application Data\FileZilla
2009-02-16 02:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 21:12 --------- d-----w c:\documents and settings\Oasis 5\Application Data\IGN_DLM
2009-02-14 22:31 --------- d-----w c:\program files\Creative
2009-02-14 21:54 --------- d-----w c:\documents and settings\Oasis 5\Application Data\Creative
2009-02-14 20:43 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-02-14 20:43 --------- d-s---w c:\program files\Xfire
2009-02-14 20:43 --------- d-----w c:\program files\support.com
2009-02-14 20:43 --------- d-----w c:\program files\Steinberg
2009-02-14 20:43 --------- d-----w c:\program files\ICQToolbar
2009-02-14 20:43 --------- d-----w c:\program files\GameSpy Arcade
2009-02-14 20:43 --------- d-----w c:\program files\DivX
2009-02-14 20:43 --------- d-----w c:\program files\Common Files\Vbox
2009-02-14 20:43 --------- d-----w c:\program files\Apple Software Update
2009-01-27 00:05 --------- d-----w c:\documents and settings\Oasis 5\Application Data\Tunebite
2009-01-25 19:26 --------- d-----w c:\program files\Symantec
2009-01-25 19:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-14 20:38 --------- d-----w c:\documents and settings\Oasis 5\Application Data\GetRight
2009-01-14 19:09 --------- d-----w c:\program files\GetRight
2008-10-31 19:14 726,008 ----a-w c:\documents and settings\Oasis 5\gotomypc_437.exe
2008-10-31 18:40 721,912 ----a-w c:\documents and settings\Oasis 5\gotomypc_428.exe
2008-08-23 04:08 24 ----a-w c:\documents and settings\Oasis 5\jagex_runescape_preferences.dat
2007-04-15 19:23 1 ----a-w c:\documents and settings\Oasis 5\SI.bin
2006-08-25 02:30 563,712 ----a-w c:\documents and settings\Oasis 5\gotomypc_370.exe
2006-02-01 02:07 563,712 ----a-w c:\documents and settings\Oasis 5\370_gotomypc.exe
2005-09-24 13:35 483,401 ----a-w c:\documents and settings\Oasis 5\314_gotomypc.exe
2005-09-06 00:27 2,449,408 ----a-w c:\documents and settings\Oasis 5\gosetup.exe
2005-08-11 15:57 483,401 ----a-w c:\documents and settings\Oasis 5\gotomypc.exe
2002-09-11 14:26 63,730 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2005-04-14 22:41 44,153 ----a-w c:\program files\mozilla firefox\components\inspector.dll
2007-11-18 05:24 1,233 --sha-w c:\windows\system32\mmf.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_21.54.18.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-09 14:23:26 1,179,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0b8fbbc0031c1e4593f56833ab2fff31\System.Data.OracleClient.ni.dll
+ 2009-03-09 14:39:04 1,179,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1beac040b702964f84b58c1d41fa01ed\System.Data.OracleClient.ni.dll
+ 2009-03-09 14:39:02 1,179,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\84e9875c8a24374a9bf1255b1582ed51\System.Data.OracleClient.ni.dll
+ 2009-03-09 14:39:10 1,179,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\a424c1a1ecacbf4caeb434ff035b81dc\System.Data.OracleClient.ni.dll
+ 2009-03-09 14:39:07 1,179,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\d475e935695e87428cf0690c6ed2cdb1\System.Data.OracleClient.ni.dll
+ 2009-03-09 14:38:55 17,469,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e19e17410b55cd489210a1266a4afe1c\System.ServiceModel.ni.dll
+ 2009-03-09 14:23:00 2,211,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\5f529f5b96dd0c47a1af77df8d2a1f72\UIX.RenderApi.ni.dll
+ 2009-03-09 14:22:55 5,492,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\253a546184e05a4ba3745363e09d80e2\UIX.ni.dll
+ 2009-03-09 14:23:22 86,016 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\2337907334799b4dbd742441dba8a88e\UIXControls.ni.dll
+ 2009-03-09 14:22:40 1,540,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\9b429ef3690dc043b23605490e93af25\ZuneDBApi.ni.dll
+ 2009-03-09 14:23:20 2,916,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\f20ba0dae583254c830ebb9b0fd6660c\ZuneShell.ni.dll
- 2008-09-12 23:32:04 706,048 ----a-w c:\windows\system32\drivers\UMDF\ZuneDriver.dll
+ 2008-11-10 18:09:32 706,048 ----a-w c:\windows\system32\drivers\UMDF\ZuneDriver.dll
- 2009-03-06 00:54:57 214,148 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-03-10 01:58:11 214,148 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-04-18 00:11:06 1,112,288 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\WdfCoInstaller01007.dll
+ 2008-09-12 23:32:04 40,832 ----a-w c:\windows\system32\ReinstallBackups\0013\DriverFiles\zumbus.sys
- 2008-09-12 23:46:32 61,856 ----a-w c:\windows\system32\ZuneBusEnum.exe
+ 2008-11-10 18:23:38 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
- 2008-09-12 23:32:08 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
+ 2008-11-10 18:09:36 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
- 2008-09-12 23:32:10 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
+ 2008-11-10 18:09:38 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
- 2008-09-12 23:32:12 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
+ 2008-11-10 18:09:40 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
- 2008-09-12 23:32:12 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
+ 2008-11-10 18:09:40 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
- 2008-09-12 23:32:14 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
+ 2008-11-10 18:09:42 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
- 2008-09-12 23:32:14 73,216 ----a-w c:\windows\system32\ZuneUsbTransport.dll
+ 2008-11-10 18:09:42 73,728 ----a-w c:\windows\system32\ZuneUsbTransport.dll
- 2008-09-12 23:48:22 245,664 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
+ 2008-11-10 18:23:42 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
+ 2009-03-10 01:57:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4d4.dat
+ 2009-03-10 02:02:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 249904]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 158208]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
"Logitech Utility"="Logi_MwX.Exe" [2004-07-08 c:\windows\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-18 110592]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-09-10 221247]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-24 809488]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Common Files\cevel.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-01-12 17:45 10800 c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDVC"= cdvccodc.dll
"msacm.enc"= ITIG726.acm
"wave6"= aarklink.dll
"midi6"= aarklink.dll
"vidc.GM20"= GXGM20.dll
"vidc.GEOX"= GeoCodec.dll
"vidc.GEOV"= GeoCodec.dll
"vidc.G264"= GX264.dll
"vidc.GMP4"= GXAMP4.dll
"vidc.GM40"= GXAMP4.dll
"vidc.mpg4"= c:\windows\Mpg4c32.dll
"vidc.mpg2"= c:\windows\mpg4c32.dll
"vidc.mpg3"= c:\windows\mpg4c32.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.mp42"= c:\windows\Mpg4c32.dll
"vidc.mp43"= c:\windows\Mpg4c32.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 11:09 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 13:36 1103216 c:\program files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]
--a------ 2007-02-08 01:12 628248 c:\program files\Logitech\QuickCamWebInstall\Setup\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-26 14:03 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-30 18:47 1271032 h:\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-11-10 12:23 157312 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLTRYSVC"=2 (0x2)
"Tcpeaaanc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"RaySatxsi4_0Server"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"C-DillaSrv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe Version Cue CS2"=3 (0x3)
"Adobe Version Cue CS3"=3 (0x3)
"wwSecSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159651577\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159651577\\ee\\aim6.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21518:UDP"= 21518:UDP:Enfocus Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-01 78416]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2004-10-26 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-01 20560]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-11-17 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-27 24652]
R3 AGV;AGV;c:\windows\system32\drivers\AGV.sys [2006-09-01 183465]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2005-09-03 33792]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
R3 GV650S;GV650S;c:\windows\system32\drivers\GV650S.sys [2006-09-01 75041]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 ctgame;Game Port;c:\windows\system32\drivers\CTGAME.SYS [2008-07-07 18840]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
S3 ldiskl;ldiskl;\??\c:\docume~1\OASIS5~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\OASIS5~1\LOCALS~1\Temp\ldiskl.sys [?]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-12-03 2560]
S4 Swe4uteqs;Swe4uteqs; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b1c2a98-1fa4-11d9-934e-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69a98f34-6e46-11dd-8f30-0019e06587dd}]
\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8876ca1f-72af-11dd-8f31-0019e06587dd}]
\Shell\AutoRun\command - ClearPlayEasyUpdatesSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aebd8b49-11ac-11dd-840d-0019e06587dd}]
\Shell\AutoRun\command - F:\ClearPlayEasyUpdatesSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gamespy.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
LSP: xfire_lsp_10650.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Oasis 5\Application Data\Mozilla\Firefox\Profiles\n0xxrrco.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gamespy.com
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 20:45:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,ff,52,16,5e,e0,cf,7b,d1,b0,17,bf,6f,21,98,13,96,d5,e9,a6,0b,3b,c5,
38,12,e3,b4,00,59,e5,1c,bb,8c,99,58,d0,cd,b3,81,7b,9b,df,e5,40,13,da,3b,64,\
"??"=hex:cd,8a,a3,cf,1c,2c,7b,ad,8a,ac,d2,0d,e1,d2,64,ed

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,91,1c,b2,df,8c,5d,28,a5,d9,8d,1f,d9,9d,26,48,ff,7d,7d,9a,4c,
2b,76,2b,87,e4,b8,79,a2,3f,d5,13,bf,1e,c1,29,fb,82,a0,31,99,36,86,5b,e3,fa,\
"rkeysecu"=hex:f0,11,82,a0,28,5b,0e,00,38,d6,db,20,88,1a,b2,f1

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0]
"1"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,f3,14,12,4f,01,36,44,
b9
"2"=hex:6c,c5,5b,f7,b0,9e,32,e3,03,c6,40,3c,f9,93,f0,a3,e0,80,50,c4,b1,40,2f,
48,ec,05,72,d0,e0,27,38,13
"3"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,88,0a,70,d8,2f,23,2d,
64,0e,4f,11,7b,2d,48,46,54,f2,60,49,21,f0,9e,bf,bb,ce,a9,b7,33,0c,9b,44,72

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0\3B763314737244E370C2A58F10561342]
"1"=hex:a5,c9,74,ec,b1,20,d6,a1,46,64,76,6c,55,07,98,be
"2"=hex:52,08,bd,d5,bc,5a,fb,26
"3"=hex:4b,52,79,85,46,62,03,0c,16,1f,75,d4,78,fc,b2,76,2b,3f,40,8c,c1,27,54,
fa,4c,28,ea,41,50,c2,9d,21,95,79,57,12,ce,01,e6,ef,67,76,cd,d6,6f,72,ed,d7,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:a5,c9,74,ec,b1,20,d6,a1,fe,0e,d2,15,0a,d4,86,e7,ce,b6,b2,c1,52,c5,e6,
f7,7b,7b,90,54,4a,1e,df,32,b7,b7,07,02,85,4e,ed,9d,c2,4a,8a,c8,5d,35,b4,5e,\
"7"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,ce,c8,a9,1f,59,5f,3d,
24,37,04,40,4a,f4,30,65,d4,c0,58,80,e5,16,68,3a,98,df,ce,bb,3a,52,ae,be,a8,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,42,65,bf,c3,d7,b2,88,
07,4b,e7,15,d7,52,86,76,79,e7,6c,c2,fa,12,7e,7a,c3,58,35,cc,75,55,0a,70,e3,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:84,e7,55,62,bd,51,b9,d6,b9,12,90,08,a3,9c,e5,48,4e,85,49,14,17,a4,01,
68,fe,5e,53,7b,ac,dd,7f,0c,84,f4,81,a0,c4,40,93,38,67,06,bd,0d,9d,ec,6e,96,\
"13"=hex:ff,71,2f,68,31,8b,75,f4,13,9c,7c,69,8b,63,7f,02,66,01,de,0c,f2,bb,ea,
f8
"14"=hex:9a,87,95,59,aa,3b,3f,22
"24"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:af,26,30,10,fc,74,fa,7d,7f,74,88,6c,53,c4,49,f8
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:67,ec,7d,fd,65,a7,b1,b7,7b,7a,00,17,a6,f7,92,c6,7d,4f,e6,9a,84,00,28,
a7,8a,ea,fe,fb,f5,1a,49,91,bc,fb,b8,fa,fd,ea,9d,17,78,ea,6b,ed,6d,3a,59,9b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\xfire_lsp_10650.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Intel\Intel® Active Monitor\imonNT.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2009-03-09 20:56:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 02:56:25
ComboFix2.txt 2009-03-06 03:56:45

Pre-Run: 7,687,573,504 bytes free
Post-Run: 7,941,873,664 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
440

Uninstall List
*************************************************
1-Wire Drivers (Win32) V3.20B
3D Christmas Cottage Full Screen Saver
3D Lake Cabin Full Screen Saver
3D Snowy Cottage Full Screen Saver
3D Tropical Sunsets Full Screen Saver
3D Water Effects Full Screen Saver
Acronis Disk Director Suite
Active@ File Recovery
Active@ File Recovery Enterprise 7.3
Active@ Partition Recovery
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe After Effects 6.5
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dimensions 3.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Streamline 4.0
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
afreeCodecVT
AGEIA PhysX v7.03.21
AHV content for Acrobat and Flash
AIM 6
Alien Skin Eye Candy 5 Impact
Ancient Wars - Sparta
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
ArcSoft Media Card Companion
Atory Password Generator
AudibleManager
Autumn Scenes Full Screen Saver
Avanquest update
avast! Antivirus
backburner 2.1
Belkin Wireless Utility
Bonjour
Bryce 6.1
Bryce Lightning 2.0 c
Bryce® 5
BurnPlugin for Audible
Business Plan Pro 2007
Cakewalk VST Adapter 4
Call of Juarez
Canopus ProCoder
CDDRV_Installer
CDK Players
CenterV2 System
Christmas Living 3D Fireplace Full Screen Saver
Christmas Living 3D Fireplace Scene 2 Full Screen Saver
Chromatica
CINEMA 4D Release 10
Circle of Blood
ClearPlay Easy Updates
Collab
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Control Center
Corel Painter IX
Creative Audio Console
Creative AudioHQ
Creative Speaker Calibrator
Creative Speaker Settings
Creative Surround Mixer
Creative WaveStudio 7
CuteFTP 7 Professional
Deep Paint
DeskTopAuthor
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DreamStation DXi2
Driver Cleaner 3
Easter Village Full Screen Saver
EAX Console
EAX4 Unified Redist
Extensis Suitcase 9
Eye Candy 4000
F.E.A.R.™ Gold
Fairy Forest Full Screen Saver
Fast Backup and Restore main System
FileZilla Client 3.1.5.1
FL Studio 5
GameSpy Arcade
GEAR Drivers
GeoVision GV-650 System
GeoVision H264
GeoVision IP MultiCast System
GeoVision MPEG2
GeoVision MPEG4
GeoVision MPEG4 ASP
GeoVision RemoteView System
GetRight
GoldWave v5.22
GoToMyPC
Haunted House 2 Full Screen Saver
HeidiSQL 3.0
Hex Workshop v4.23
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
HP Precisionscan Pro 3.1
ICQ Toolbar
ICQ 5.1
IGN Download Manager 2.3.3
Intel® Active Monitor
Intel® Desktop Control Center
Intel® PRO Network Adapters and Drivers
Intel® Processor Frequency ID Utility
iSpQ VideoChat 7.2
iTunes
Java™ 6 Update 3
Kai's Power Tools 5
KhalInstallWrapper
KPT Vector Effects 1.5
Lake Scenes Full Screen Saver
Lewd Leprechauns Full Screen Saver
Living 3D Butterflies Full Screen Saver
Living 3D Dolphins Full Screen Saver
Living 3D Fireplace Full Screen Saver
Living 3D Fireplace Scene 2 Full Screen Saver
Living 3D Sharks Full Screen Saver
Living Beaches Full Screen Saver
Living Marine Aquarium 2 Full Screen Saver
Living Marine Aquarium Full Screen Saver
Living Rainforest Full Screen Saver
Living Snow Globes Full Screen Saver
Living Spring Gardens Full Screen Saver
Living Waterfalls Full Screen Saver
Logitech Audio Echo Cancellation Component
Logitech MouseWare 9.79.1
Logitech QuickCam
Logitech SetPoint
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash MX 2004
Macromedia Flash Player 8
MAD Alien / UnSafeDiscX (remove only)
Max Payne
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Voice Command US PPC 1.60 for M2M
Microsoft WinUsb 1.0
Motorola Driver Installation
Motorola Phone Tools
Mount&Blade
Mountain Lakes Full Screen Saver
Mozilla Firefox (3.0.7)
MSXML 6.0 Parser (KB925673)
MultiRes (remove only)
MVision
My 3D Christmas Tree Full Screen Saver
My Photo Calendars and Cards
myAdmin 3.0
MySQL Server 5.0
MySQL Tools for 5.0
Nero 6 Ultra Edition
Netscape (7.2)
Netscape Browser (remove only)
Neverwinter Nights 2
NVIDIA Drivers
O&O UnErase
PC Inspector File Recovery
PDF Password Remover v3.0
PDF Settings
PeerGuardian 2.0
PixiePack Codec Pack
Poser 5
PowerDVD
Prince of Persia The Sands of Time
QuarkXPress 6.1
QuickBooks Pro Edition 2004
Quicken 2006
QuickTime
RAYflect Four Seasons 1.0
RealPlayer
Remote Playback Client
Rise of the Argonauts
Safari
Santa's Workshop Full Screen Saver
Scary Screensaver Full
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB943460)
Shockwave
SMS Server
Snowy Scenes Full Screen Saver
SOFTIMAGE®|XSI® 4.0
SONAR 4 Producer Edition
SONAR Plugin Manager
Sonic Foundry CD Architect 5.0
Sony Sound Forge 7.0
Sony Vegas Pro 8.0
Sothink SWF Decompiler
SoundFont Bank Manager
Spy Sweeper
Spybot - Search & Destroy
Star Wars Jedi Knight Jedi Academy
Starry Night Full Screen Saver
Steam
Steinberg Nuendo v3.0.2.623
Suite Specific
Swift 3D Version 3.00
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
TBS WMP Plug-in
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
the flux collection
The Weather Channel
Thief_Screensaver
Thief_Screensaver_02
Titan Quest
Titan Quest Immortal Throne
TQ Defiler
Treo 750 User Guide
Tunebite
Typograf4.8f
Ulead Type.Plugin 1.0
Ultra WMV MPEG AVI to FLV Converter 3.9.0306
Uninstall Mystical
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB911280)
Vector Eye
Ventrilo
Viewpoint Media Player
ViewSonic Monitor Drivers
Wacom Tablet
Whales and Dolphins Full Screen Saver
WinAVI FLV Converter
WinAVI Video Converter
Window Washer
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
WinSCP 4.1.4 beta
WinUndelete
WinZip
Xfire (remove only)
Xvid 1.1.3 final uninstall
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

#4 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 10 March 2009 - 08:13 AM

Hi,

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
Swe4uteqs
ldiskl

File::
c:\docume~1\OASIS5~1\LOCALS~1\Temp\ldiskl.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b1c2a98-1fa4-11d9-934e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69a98f34-6e46-11dd-8f30-0019e06587dd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8876ca1f-72af-11dd-8f31-0019e06587dd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aebd8b49-11ac-11dd-840d-0019e06587dd}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 12.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.
Close any programs you may have running - especially any web browsers.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windowsi586.exe to install the newest version.

Please run this online scan, using Internet Explorer with Administrator priviledges (Vista users right-click and select Run As Administrator...):

Panda Activescan

Once you are on the Panda site, click the Scan now button
When prompted to install ActiveX control click Install
On the update page, click on the security warning at the top of the page and select "Run ActiveX control..."
Panda should now start scanning your system.
When the scan completes, if anything malicious is detected, click the Export To...(with a little notepad icon) button, then Save the report to a convenient location.

Post the contents of the Panda scan report, and let me know how the computer is running now.

Thanks.

Proud Graduate of the TC/WTT Classroom

#5 unowen

New Member

Authentic Member
9 posts

Posted 10 March 2009 - 11:56 AM

Here are the Combo Fix and the Hijack This logs. I'll post the Panda scan later when it is finished as it is running right now. Things are already running alot better but I'll let you know after the last scan. Thanks again.

Hijack This Log
*********************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:12 PM, on 3/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Download\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.gamespy.com"); (C:\Documents and Settings\OASIS 5\Application Data\Mozilla\Profiles\default\t1f05jb8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OASIS 5\Application Data\Mozilla\Profiles\default\t1f05jb8.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1195332211750
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15106/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\cevel.html

--
End of file - 14034 bytes

Combo Fix Log
***********************************
ComboFix 09-03-06.02 - Oasis 5 2009-03-10 12:06:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2221 [GMT -6:00]
Running from: c:\documents and settings\Oasis 5\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Oasis 5\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 090309-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\docume~1\OASIS5~1\LOCALS~1\Temp\ldiskl.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ldiskl
-------\Service_Swe4uteqs

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 12:06 . 2009-03-10 12:23 215 --a------ c:\windows\geohealth-03.ini
2009-03-05 15:24 . 2009-03-05 15:24 24,576 --a------ c:\windows\system32\VundoFixSVC.exe
2009-03-04 21:35 . 2009-03-04 21:36 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-04 21:01 . 2009-03-04 21:01 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-04 21:01 . 2009-03-04 21:01 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-27 20:08 . 2009-02-27 20:08 <DIR> d-------- c:\program files\TQ Defiler
2009-02-15 20:49 . 2007-01-08 13:59 40,960 --a------ c:\windows\system32\psfind.dll
2009-02-14 16:40 . 2009-03-10 12:27 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
2009-02-14 16:40 . 2009-03-10 12:27 11,564 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
2009-02-14 16:38 . 2009-03-04 20:14 4,958,588 --------- c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.BAK
2009-02-14 15:55 . 2009-03-04 20:14 4,958,588 --a------ c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.CDF
2009-02-14 15:55 . 2006-11-14 07:28 86,016 --a------ c:\windows\system32\cttele.dll
2009-02-14 14:23 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-02-12 21:11 . 2009-02-13 00:26 <DIR> d-------- c:\documents and settings\Oasis 5\Application Data\Mount&Blade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 18:29 --------- d-----w c:\documents and settings\Oasis 5\Application Data\WTablet
2009-03-10 01:58 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-03-09 14:21 --------- d-----w c:\program files\Zune
2009-03-08 17:09 --------- d-----w c:\program files\PeerGuardian2
2009-03-05 17:31 --------- d-----w c:\documents and settings\Administrator\Application Data\WTablet
2009-03-05 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 22:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-17 00:37 --------- d-----w c:\documents and settings\Oasis 5\Application Data\FileZilla
2009-02-16 02:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 21:12 --------- d-----w c:\documents and settings\Oasis 5\Application Data\IGN_DLM
2009-02-14 22:31 --------- d-----w c:\program files\Creative
2009-02-14 22:30 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-14 22:30 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-14 21:54 --------- d-----w c:\documents and settings\Oasis 5\Application Data\Creative
2009-02-14 20:43 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-02-14 20:43 --------- d-s---w c:\program files\Xfire
2009-02-14 20:43 --------- d-----w c:\program files\support.com
2009-02-14 20:43 --------- d-----w c:\program files\Steinberg
2009-02-14 20:43 --------- d-----w c:\program files\ICQToolbar
2009-02-14 20:43 --------- d-----w c:\program files\GameSpy Arcade
2009-02-14 20:43 --------- d-----w c:\program files\DivX
2009-02-14 20:43 --------- d-----w c:\program files\Common Files\Vbox
2009-02-14 20:43 --------- d-----w c:\program files\Apple Software Update
2009-01-27 00:05 --------- d-----w c:\documents and settings\Oasis 5\Application Data\Tunebite
2009-01-25 19:26 --------- d-----w c:\program files\Symantec
2009-01-25 19:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-14 20:38 --------- d-----w c:\documents and settings\Oasis 5\Application Data\GetRight
2009-01-14 19:09 --------- d-----w c:\program files\GetRight
2008-10-31 19:14 726,008 ----a-w c:\documents and settings\Oasis 5\gotomypc_437.exe
2008-10-31 18:40 721,912 ----a-w c:\documents and settings\Oasis 5\gotomypc_428.exe
2008-08-23 04:08 24 ----a-w c:\documents and settings\Oasis 5\jagex_runescape_preferences.dat
2007-04-15 19:23 1 ----a-w c:\documents and settings\Oasis 5\SI.bin
2006-08-25 02:30 563,712 ----a-w c:\documents and settings\Oasis 5\gotomypc_370.exe
2006-02-01 02:07 563,712 ----a-w c:\documents and settings\Oasis 5\370_gotomypc.exe
2005-09-24 13:35 483,401 ----a-w c:\documents and settings\Oasis 5\314_gotomypc.exe
2005-09-06 00:27 2,449,408 ----a-w c:\documents and settings\Oasis 5\gosetup.exe
2005-08-11 15:57 483,401 ----a-w c:\documents and settings\Oasis 5\gotomypc.exe
2002-09-11 14:26 63,730 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2005-04-14 22:41 44,153 ----a-w c:\program files\mozilla firefox\components\inspector.dll
2007-11-18 05:24 1,233 --sha-w c:\windows\system32\mmf.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-03-09_20.54.22.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-10 01:58:11 214,148 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-03-10 18:30:09 214,151 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-03-10 18:29:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 249904]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 158208]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
"Logitech Utility"="Logi_MwX.Exe" [2004-07-08 c:\windows\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-18 110592]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-09-10 221247]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-24 809488]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Common Files\cevel.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-01-12 17:45 10800 c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDVC"= cdvccodc.dll
"msacm.enc"= ITIG726.acm
"wave6"= aarklink.dll
"midi6"= aarklink.dll
"vidc.GM20"= GXGM20.dll
"vidc.GEOX"= GeoCodec.dll
"vidc.GEOV"= GeoCodec.dll
"vidc.G264"= GX264.dll
"vidc.GMP4"= GXAMP4.dll
"vidc.GM40"= GXAMP4.dll
"vidc.mpg4"= c:\windows\Mpg4c32.dll
"vidc.mpg2"= c:\windows\mpg4c32.dll
"vidc.mpg3"= c:\windows\mpg4c32.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.mp42"= c:\windows\Mpg4c32.dll
"vidc.mp43"= c:\windows\Mpg4c32.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 11:09 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 13:36 1103216 c:\program files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]
--a------ 2007-02-08 01:12 628248 c:\program files\Logitech\QuickCamWebInstall\Setup\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-26 14:03 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-30 18:47 1271032 h:\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-11-10 12:23 157312 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLTRYSVC"=2 (0x2)
"Tcpeaaanc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"RaySatxsi4_0Server"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"C-DillaSrv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe Version Cue CS2"=3 (0x3)
"Adobe Version Cue CS3"=3 (0x3)
"wwSecSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159651577\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159651577\\ee\\aim6.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"g:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21518:UDP"= 21518:UDP:Enfocus Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-01 78416]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2004-10-26 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-01 20560]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-11-17 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-27 24652]
R3 AGV;AGV;c:\windows\system32\drivers\AGV.sys [2006-09-01 183465]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2005-09-03 33792]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
R3 GV650S;GV650S;c:\windows\system32\drivers\GV650S.sys [2006-09-01 75041]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 ctgame;Game Port;c:\windows\system32\drivers\CTGAME.SYS [2008-07-07 18840]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-12-03 2560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gamespy.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
LSP: xfire_lsp_10650.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Oasis 5\Application Data\Mozilla\Firefox\Profiles\n0xxrrco.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gamespy.com
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 12:31:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,ff,52,16,5e,e0,cf,7b,d1,b0,17,bf,6f,21,98,13,96,d5,e9,a6,0b,3b,c5,
38,12,e3,b4,00,59,e5,1c,bb,8c,99,58,d0,cd,b3,81,7b,9b,df,e5,40,13,da,3b,64,\
"??"=hex:cd,8a,a3,cf,1c,2c,7b,ad,8a,ac,d2,0d,e1,d2,64,ed

[HKEY_USERS\S-1-5-21-515967899-1682526488-854245398-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,91,1c,b2,df,8c,5d,28,a5,d9,8d,1f,d9,9d,26,48,ff,7d,7d,9a,4c,
2b,76,2b,87,e4,b8,79,a2,3f,d5,13,bf,1e,c1,29,fb,82,a0,31,99,36,86,5b,e3,fa,\
"rkeysecu"=hex:f0,11,82,a0,28,5b,0e,00,38,d6,db,20,88,1a,b2,f1

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0]
"1"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,f3,14,12,4f,01,36,44,
b9
"2"=hex:6c,c5,5b,f7,b0,9e,32,e3,03,c6,40,3c,f9,93,f0,a3,e0,80,50,c4,b1,40,2f,
48,ec,05,72,d0,e0,27,38,13
"3"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,88,0a,70,d8,2f,23,2d,
64,0e,4f,11,7b,2d,48,46,54,f2,60,49,21,f0,9e,bf,bb,ce,a9,b7,33,0c,9b,44,72

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \B13D8D0B1FD22FA0\3B763314737244E370C2A58F10561342]
"1"=hex:a5,c9,74,ec,b1,20,d6,a1,46,64,76,6c,55,07,98,be
"2"=hex:52,08,bd,d5,bc,5a,fb,26
"3"=hex:4b,52,79,85,46,62,03,0c,16,1f,75,d4,78,fc,b2,76,2b,3f,40,8c,c1,27,54,
fa,4c,28,ea,41,50,c2,9d,21,95,79,57,12,ce,01,e6,ef,67,76,cd,d6,6f,72,ed,d7,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:a5,c9,74,ec,b1,20,d6,a1,fe,0e,d2,15,0a,d4,86,e7,ce,b6,b2,c1,52,c5,e6,
f7,7b,7b,90,54,4a,1e,df,32,b7,b7,07,02,85,4e,ed,9d,c2,4a,8a,c8,5d,35,b4,5e,\
"7"=hex:79,08,15,23,9e,4b,ad,44,85,c9,e9,3c,03,fe,d3,3f,ce,c8,a9,1f,59,5f,3d,
24,37,04,40,4a,f4,30,65,d4,c0,58,80,e5,16,68,3a,98,df,ce,bb,3a,52,ae,be,a8,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,42,65,bf,c3,d7,b2,88,
07,4b,e7,15,d7,52,86,76,79,e7,6c,c2,fa,12,7e,7a,c3,58,35,cc,75,55,0a,70,e3,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:84,e7,55,62,bd,51,b9,d6,b9,12,90,08,a3,9c,e5,48,4e,85,49,14,17,a4,01,
68,fe,5e,53,7b,ac,dd,7f,0c,84,f4,81,a0,c4,40,93,38,67,06,bd,0d,9d,ec,6e,96,\
"13"=hex:ff,71,2f,68,31,8b,75,f4,13,9c,7c,69,8b,63,7f,02,66,01,de,0c,f2,bb,ea,
f8
"14"=hex:9a,87,95,59,aa,3b,3f,22
"24"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:af,26,30,10,fc,74,fa,7d,7f,74,88,6c,53,c4,49,f8
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:67,ec,7d,fd,65,a7,b1,b7,7b,7a,00,17,a6,f7,92,c6,7d,4f,e6,9a,84,00,28,
a7,8a,ea,fe,fb,f5,1a,49,91,bc,fb,b8,fa,fd,ea,9d,17,78,ea,6b,ed,6d,3a,59,9b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\xfire_lsp_10650.dll

- - - - - - - > 'explorer.exe'(6740)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Intel\Intel® Active Monitor\imonNT.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-03-10 12:43:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 18:43:45
ComboFix2.txt 2009-03-10 02:56:36
ComboFix3.txt 2009-03-06 03:56:45

Pre-Run: 7,313,149,952 bytes free
Post-Run: 7,299,768,320 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
425

#6 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 11 March 2009 - 04:56 AM

Logs look OK.

If you didn't set this yourself then you can fix this in HijackThis:
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\cevel.html

Will check once more when Panda results come int.

Thanks.

Proud Graduate of the TC/WTT Classroom

#7 unowen

New Member

Authentic Member
9 posts

Posted 11 March 2009 - 07:04 AM

Ok. Here's the Active scan log. ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2009-03-11 07:57:18 PROTECTIONS: 1 MALWARE: 8 SUSPECTS: 7 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== avast! antivirus 4.8.1229 [VPS 090310-0] 4.8.1229 Yes Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00219288 adware/clickalchemy Adware No 0 Yes No C:\WINDOWS\alchem.ini 00239169 Trj/Zapchast.BI Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP8\A0003293.bat 00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Oasis 5\Desktop\VirtumundoBeGone.exe 00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Oasis 5\Desktop\Sort\VirtumundoBeGone.exe 00621759 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP2\A0000023.dll 00621759 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP2\A0000026.dll 00621759 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP2\A0000125.dll 00621759 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\raromozo.dll.vir 00621759 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\yufnlh.dll.vir 01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP2\A0000068.EXE 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP6\A0003012.EXE 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP7\A0003193.EXE 01895148 Malicious Packer SecRisk No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP8\A0003301.exe 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP2\A0000035.sys 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP6\A0002971.sys 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A4295633-679E-4361-B699-2AF17BB644ED}\RP7\A0003165.sys ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================= =================== No C:\Documents and Settings\Oasis 5\Desktop\ComboFix.exe No C:\Documents and Settings\Oasis 5\Local Settings\Application Data\Mozilla\Firefox\Profiles\n0xxrrco.default\Cache\C2152591d01 No C:\Download\Miscellaneous\Shields Up LeakTest\LeakTest.exe No C:\Download\Screensavers\Freeze\snowglobefull.exe No C:\Download\Screensavers\Freeze\xmascottagefull.exe No C:\Download\Screensavers\JKII_3\Jedi_Outcast_Screenshots.scr No C:\Program Files\Image-Line\FLStudio5\Fl.exe ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================= =================== 184380 MEDIUM MS08-002 184379 MEDIUM MS08-001 182048 HIGH MS07-069 182046 HIGH MS07-067 182043 HIGH MS07-064 170911 HIGH MS07-050 145501 HIGH MS07-004 141034 HIGH MS06-076 108742 MEDIUM MS06-006 ;=============================================================================== ================================================================================= ===================

#8 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 11 March 2009 - 07:12 AM

Hi,

You can delete this:
C:\WINDOWS\alchem.ini

You need to upgrade to Windows XP Service Pack 3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install Windows XP - Service Pack 3.

You don't appear to be running any third party Firewall software.

Install a firewall! Without a firewall you are very susceptible to being hacked, and people could gain access to your computer. If you don't have a firewall I strongly recommend you download ONE of the following:
1) Comodo
2) Agnitum
3) Sunbelt/Kerio

Post one more HijackThis log after this and let me know how things are running. If things are fine then we can wrap up this topic.

Thanks.

Proud Graduate of the TC/WTT Classroom

#9 unowen

New Member

Authentic Member
9 posts

Posted 11 March 2009 - 10:46 AM

I'll post the logs this evening when I get everything updated. So you are saying that a hardware firewall is no good? My router has a firewall but should I also use a software based one was well?

#10 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 11 March 2009 - 01:50 PM

If your Router has a Firewall then its not so bad, but I would still recommend running Windows Firewall if you aren't already.

Proud Graduate of the TC/WTT Classroom

Advertisements

Register to Remove

#11 unowen

New Member

Authentic Member
9 posts

Posted 11 March 2009 - 06:48 PM

Here is the final Hijack This log. Everything seems to be running smooth except on occasion when I right click to access the menu I get explorer crashes on the desktop. But anyway, I really appreciate your help with this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:50 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Extensis\Suitcase\Suitcase.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Download\HijackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref(".aim.session.autologin", false);
user_pref("45597263.aim.session.autologin", false);
user_pref("45597263.aim.session.connectionname", "ICQ");
user_pref("45597263.aim.session.firstsignon", false);
user_pref("45597263.aim.session.password", "0");
user_pref("45597263.aim.session.storepassword", false);
user_pref("The Saturnsky.aim.buddy.SndPlayFirstIncoming", true);
user_pref("The Saturnsky.aim.buddy.SndPlayIncoming", true);
user_pref("The Saturnsky.aim.buddy.SndPlayOutgoing", true);
user_pref("The Saturnsky.aim.buddy.SndPlaySignOff", true);
user_pref("The Saturnsky.aim.buddy.SndPlaySignOn", true);
user_pref("The Saturnsky.aim.buddyicon.showkn
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref(".aim.session.autologin", false);
user_pref("45597263.aim.session.autologin", false);
user_pref("45597263.aim.session.connectionname", "ICQ");
user_pref("45597263.aim.session.firstsignon", false);
user_pref("45597263.aim.session.password", "0");
user_pref("45597263.aim.session.storepassword", false);
user_pref("The Saturnsky.aim.buddy.SndPlayFirstIncoming", true);
user_pref("The Saturnsky.aim.buddy.SndPlayIncoming", true);
user_pref("The Saturnsky.aim.buddy.SndPlayOutgoing", true);
user_pref("The Saturnsky.aim.buddy.SndPlaySignOff", true);
user_pref("The Saturnsky.aim.buddy.SndPlaySignOn", true);
user_pref("The Saturnsky.aim.buddyicon.showkn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1195332211750
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15106/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 16011 bytes

#12 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 12 March 2009 - 03:50 AM

Hi,

To uninstall VundoFix completely click Start >> Run, then type cmd and hit Enter. Type the following commands one by one, hit Enter after each one:
sc stop VundoFixSvc
sc delete VundoFixSvc
exit

Whereabouts do you right-click when it crashes? Your log looks pretty clean, is this a new problem, something that came with the Malware or something you've had for a while?

Thanks.

Proud Graduate of the TC/WTT Classroom

#13 unowen

New Member

Authentic Member
9 posts

Posted 12 March 2009 - 10:48 PM

Deleted the Vundo. Thanks. The right click problem has been going on since my first run in with virtuemonde about a year and a half ago. I just right click on a icon or a folder and get an explorer crash from time to time. Sometimes I get memory access errors (where some weird combination of letters and numbers cannot access some other weird combination of numbers) but I replaced all my RAM so I'm sure that can't be it. I guess my mobo could have some bad RAM slots but it happens sporadically / randomly not consistently.

#14 jpshortstuff

Teacher Emeritus

Authentic Member
5,710 posts

Posted 13 March 2009 - 04:04 AM

Hi,

Let's see if we can find out a bit more about these errors.

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done two logs should open:
DDS.txt
Attach.txt

Save both reports to your desktop.

---------------------------------------------------

Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Thanks.

Proud Graduate of the TC/WTT Classroom

#15 unowen

New Member

Authentic Member
9 posts

Posted 13 March 2009 - 06:56 PM

Here is the log you requested. Thanks for taking the time to look into this. DDS (Ver_09-02-01.01) - NTFSx86 Run by Oasis 5 at 18:50:07.14 on Fri 03/13/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2490 [GMT -6:00] AV: avast! antivirus 4.8.1229 [VPS 090313-0] *On-access scanning disabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Creative\Surround Mixer\CTSysVol.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Zune\ZuneLauncher.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Documents and Settings\Oasis 5\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.gamespy.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icqtoolbar\toolbaru.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: WinAVI FLVSense: {e8df67a1-b618-4f3f-9e7c-cbe175adef5b} - c:\program files\winavi flv converter\FLVTune.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icqtoolbar\toolbaru.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [igndlm.exe] "c:\program files\ign\download manager\dlm.exe" /windowsstart /startifwork mRun: [CTSysVol] "c:\program files\creative\surround mixer\CTSysVol.exe" mRun: [Logitech Utility] Logi_MwX.Exe mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] "nwiz.exe" /install mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" -startup mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTHelper] CTHELPER.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray dRunOnce: [RunNarrator] Narrator.exe dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: &Download FLV by WinAVI... - c:\program files\winavi flv converter\flv_link.htm IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Download with GetRight - c:\program files\getright\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\winavi flv converter\FLVTune.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: xfire_lsp_10650.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195332211750 DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.4269328704 DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\oasis5~1\applic~1\mozilla\firefox\profiles\n0xxrrco.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gamespy.com FF - plugin: c:\program files\ign\download manager\npfpdlm.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-10 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-1 78416] R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2004-10-26 53760] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-1 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-1 147640] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-11-17 1373480] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-27 24652] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2005-5-22 3572592] R3 AGV;AGV;c:\windows\system32\drivers\AGV.sys [2006-9-1 183465] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2005-9-3 33792] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296] R3 GV650S;GV650S;c:\windows\system32\drivers\GV650S.sys [2006-9-1 75041] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-1 250040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-1 348344] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888] S3 ctgame;Game Port;c:\windows\system32\drivers\CTGAME.SYS [2008-7-7 18840] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296] S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-12-3 2560] =============== Created Last 30 ================ 2009-03-11 14:34 136,192 -------- c:\windows\system32\aaclient.dll 2009-03-11 14:33 <DIR> --d----- c:\windows\l2schemas 2009-03-11 14:33 <DIR> --d----- c:\windows\system32\en 2009-03-11 14:26 <DIR> --d----- c:\windows\ServicePackFiles 2009-03-11 14:24 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe 2009-03-11 14:18 144,384 -------- c:\windows\system32\drivers\hdaudbus.sys 2009-03-11 14:18 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys 2009-03-11 14:16 19,569 a------- c:\windows\003463_.tmp 2009-03-11 12:20 <DIR> --d----- C:\New Folder 2009-03-10 12:59 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-03-10 12:59 <DIR> --d----- c:\program files\Panda Security 2009-03-10 12:54 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-10 12:06 215 a------- c:\windows\geohealth-03.ini 2009-03-05 18:28 <DIR> a-dshr-- C:\cmdcons 2009-03-05 18:26 161,792 a------- c:\windows\SWREG.exe 2009-03-05 18:26 98,816 a------- c:\windows\sed.exe 2009-03-05 15:24 24,576 a------- c:\windows\system32\VundoFixSVC.exe 2009-03-04 21:35 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-03-04 21:01 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-03-04 21:01 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-02-27 20:08 <DIR> --d----- c:\program files\TQ Defiler 2009-02-15 20:49 40,960 a------- c:\windows\system32\psfind.dll 2009-02-14 16:40 30,528 a------- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx 2009-02-14 16:40 11,564 a------- c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx 2009-02-14 16:38 4,958,588 -------- c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.BAK 2009-02-14 15:55 4,958,588 a------- c:\windows\{00000002-00000000-00000004-00001102-00000004-10071102}.CDF 2009-02-14 15:55 86,016 a------- c:\windows\system32\cttele.dll 2009-02-14 14:23 7,062 a------- c:\windows\system32\audiopid.vxd 2009-02-12 21:11 <DIR> --d----- c:\docume~1\oasis5~1\applic~1\Mount&Blade ==================== Find3M ==================== 2009-03-11 14:40 86,665 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-02-14 16:30 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-02-14 16:30 109,080 a------- c:\windows\system32\OpenAL32.dll 2008-10-31 13:14 726,008 a------- c:\documents and settings\oasis 5\gotomypc_437.exe 2008-10-31 12:40 721,912 a------- c:\documents and settings\oasis 5\gotomypc_428.exe 2008-08-22 22:08 24 a------- c:\documents and settings\oasis 5\jagex_runescape_preferences.dat 2007-04-15 13:23 1 a------- c:\documents and settings\oasis 5\SI.bin 2006-08-24 20:30 563,712 a------- c:\documents and settings\oasis 5\gotomypc_370.exe 2006-01-31 20:07 563,712 a------- c:\documents and settings\oasis 5\370_gotomypc.exe 2005-09-24 07:35 483,401 a------- c:\documents and settings\oasis 5\314_gotomypc.exe 2005-09-05 18:27 2,449,408 a------- c:\documents and settings\oasis 5\gosetup.exe 2005-08-11 09:57 483,401 a------- c:\documents and settings\oasis 5\gotomypc.exe 2002-09-11 08:26 63,730 a------- c:\program files\viewsonicinstruct_xp.pdf 2007-11-17 23:24 1,233 a--sh--- c:\windows\system32\mmf.sys ============= FINISH: 18:51:04.76 ===============

Attached Files

Attach.txt 12.94KB 1776 downloads

Body Background

skin color theme