Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Internet pop-ups, unable to update anti-virus or spyware

Started by mugmug , May 28 2008 02:04 AM

  • This topic is locked This topic is locked
8 replies to this topic

#1 mugmug

mugmug

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 28 May 2008 - 02:04 AM

Hi,

I'm having some trouble lately related to internet pop-ups. I sense that I might be infected with some adware or virus, so I tried to update my virus definition (Nod32) and scan my computer. However, I found out that even though Nod32 says my definition is out dated, it does not allow me to download the upgrade. The same applies to my Ad-aware software. I tried doing a system reboot, and noticed that all my restore points were gone except for one created just today when the problem has already occurred. In addition to pop-ups, I'm also getting messages in Windows for me to install certain software to protect my computer. I haven't install anything knowing that these are part of the adware junk. My internet browser (IE and Firefox) also have trouble loading certain pages. For example, I cannot complete my registration in this forum before I log in under safe mode.

Here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 12:41:57 AM, on 28/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lms.cga-canad...ogon/Logon.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {87affd6a-8651-5e7b-9114-4850dd2a62db} - {bd26a2dd-0584-4119-b7e5-1568a6dffa78} - C:\Windows\system32\ybfxevwf.dll
O2 - BHO: (no name) - {BDBCECB2-4574-4CA7-94C7-65C608499C98} - C:\Windows\system32\khfCrSlM.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqPhGaB.dll,#1
O4 - HKLM\..\Run: [98e1c3cd] rundll32.exe "C:\Windows\system32\ydejrsue.dll",b
O4 - HKLM\..\Run: [BM9bd2f051] Rundll32.exe "C:\Windows\system32\rdvstrdg.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


I hope someone can kindly look into this for me.

Thank you very much.

    Advertisements

Register to Remove

#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 28 May 2008 - 10:24 AM

Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

#3 mugmug

mugmug

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 29 May 2008 - 01:56 AM

Thank you so much for your help. I followed the steps you showed me, and here are the 3 logs from Combofix, Kaspersky, and Hijackthis. The computer seems to run much better, I see no pop-ups today. However, Kaspersky showed that I still have 5 virus and 10 infected items. I still have trouble updating my Nod32 virus definition and Ad-Aware update.

Looking forward to your next response. Many thanks!


ComboFix 08-05-28.4 - Edmund 2008-05-28 21:32:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1040 [GMT -7:00]
Running from: C:\Users\Edmund\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\System32\AHQtEeLm.ini
C:\Windows\System32\AHQtEeLm.ini2
C:\Windows\system32\cBsqNhiF.dll
C:\Windows\system32\cmdtbhsb.exe
C:\Windows\system32\eusrjedy.ini
C:\Windows\System32\FihNqsBc.ini
C:\Windows\System32\FihNqsBc.ini2
C:\Windows\system32\gpyvwulq.dll
C:\Windows\system32\hyuisnwp.dll
C:\Windows\system32\iiffCVml.dll
C:\Windows\system32\ilrfdrut.exe
C:\Windows\system32\khfCrSlM.dll
C:\Windows\System32\koipatkg.ini
C:\Windows\system32\mamnytbn.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mLeEtQHA.dll
C:\Windows\System32\MlSrCfhk.ini
C:\Windows\System32\MlSrCfhk.ini2
C:\Windows\System32\nbtynmam.ini
C:\Windows\system32\pixrtsqr.dll
C:\Windows\System32\pWyGhQru.ini
C:\Windows\System32\pWyGhQru.ini2
C:\Windows\system32\qdewmopk.dll
C:\Windows\system32\rbrxaslf.exe
C:\Windows\system32\rdvstrdg.dll
C:\Windows\system32\skmafgdm.dll
C:\Windows\system32\urQhGyWp.dll
C:\Windows\System32\utrnhqbw.ini
C:\Windows\system32\vsmmdjvs.dll
C:\Windows\system32\wbqhnrtu.dll
C:\Windows\system32\xiwwnojj.exe
C:\Windows\system32\ybfxevwf.dll
C:\Windows\system32\ydejrsue.dll
C:\Windows\system32\ydhrbylu.dll

----- BITS: Possible infected sites -----

hxxp://rad.msn.com
hxxp://ads.msn.com
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-28 19:31 . 2008-05-28 19:31 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-05-25 23:45 . 2008-05-25 23:45 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-24 00:32 . 2008-05-26 23:13 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-05-19 16:06 . 2008-05-19 16:06 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-12 22:22 . 2008-05-12 22:22 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 06:12 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-27 06:12 --------- d-----w C:\Program Files\AVS4YOU
2008-05-26 06:39 28,190 ----a-w C:\Users\Edmund\AppData\Roaming\nvModes.dat
2008-05-14 06:12 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 06:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 07:39 --------- d-----w C:\ProgramData\Lavasoft
2008-04-26 07:38 --------- d-----w C:\Program Files\Lavasoft
2008-04-26 07:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 07:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-26 07:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-23 05:48 --------- d-----w C:\Program Files\BitComet
2008-04-23 05:31 2,560 ----a-w C:\Windows\System32\bitcometres.dll
2008-04-23 04:47 --------- d-----w C:\Program Files\ESET
2008-04-23 04:25 --------- d-----w C:\Users\Edmund\AppData\Roaming\ESET
2008-04-23 04:23 --------- d-----w C:\ProgramData\ESET
2008-04-23 03:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 15:59 --------- d-----w C:\Program Files\Java
2008-04-22 08:04 174 --sha-w C:\Program Files\desktop.ini
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Journal
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Defender
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-22 07:43 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-22 07:43 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-22 07:14 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-04-22 07:14 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-22 05:28 --------- d-----w C:\ProgramData\FLEXnet
2008-04-21 07:18 --------- d-----w C:\ProgramData\AVS4YOU
2008-04-21 06:59 --------- d-----w C:\Users\Edmund\AppData\Roaming\AVS4YOU
2008-04-18 05:45 --------- d-----w C:\ProgramData\BVRP Software
2008-04-18 05:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 05:37 --------- d-----w C:\Users\Edmund\AppData\Roaming\InstallShield
2008-04-18 05:37 --------- d-----w C:\ProgramData\Sony Ericsson
2008-04-18 05:37 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-10 04:59 --------- d-----w C:\Users\Edmund\AppData\Roaming\Apple Computer
2008-04-10 04:05 --------- d-----w C:\Users\Edmund\AppData\Roaming\Corel
2008-04-09 06:41 --------- d-----w C:\Users\Edmund\AppData\Roaming\Teleca
2008-04-09 05:42 --------- d-----w C:\Users\Edmund\AppData\Roaming\Sony Ericsson
2008-04-09 05:42 --------- d-----w C:\ProgramData\Teleca
2008-04-09 05:41 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-09 05:41 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-09 00:37 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-07 07:32 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-01 18:13 0 ----a-w C:\Users\Edmund\AppData\Roaming\wklnhst.dat
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 05:35 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 16:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 11:31 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe" [ ]
"VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 16:30 577536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 16:17 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-01 00:28 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-27 05:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-27 05:15 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-27 05:15 81920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

C:\Users\Edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [11/9/2007 9:43:13 AM 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 1:01:50 AM 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [6/22/2007 10:55:32 AM 739880]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [3/1/2007 4:55:18 AM 972320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{21C63899-6532-40D7-8379-7ED788B98D28}"= C:\Windows\system32\iiffCVml.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2804C22E-89B1-4E05-B86A-3FA64534B291}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{A01736B7-1868-4628-9CA1-EE4F3A7868D3}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{12BA5CBC-2865-41D7-B563-FE6CD7FCD282}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F2D6F60B-1DF2-4B84-89C4-724A3F72B1BB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{819C6D67-0C9D-41D9-BA3E-8F1D0EE08A7D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{9D0312E9-17B8-409D-A73F-6802C23B987C}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{CA986776-936A-4BD3-A63E-21A3B18BA334}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2477A7CB-D826-4C10-B1A8-A204A0BA61AD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C2EE9030-5178-46B7-AB46-E04A5BCBBA62}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{11A4DD54-DAE3-4CD2-A831-192CD6A78645}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4205D28E-2FB3-4469-9E2C-4F27F1A425A0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB17F608-7882-4F86-9EF4-DFF33F65378F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58D7EE41-6F23-482F-A228-B7C9AFE62B2F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6F5EB71D-C1CE-4E92-AB1C-C1BED02715AC}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{66AAE59B-C6AF-4724-85DC-4F311BE3AFF8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{D315372B-99D1-46A0-AC99-8561C54AC880}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{29026A39-3862-46BF-A69D-0CEF1A7B9067}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"TCP Query User{F7F430FF-7964-443B-9567-03539DA58D30}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{AF010A4F-74C9-43F9-B664-B7DB93564830}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{FE4AC936-CC34-4652-9D3B-FF3BD8D7FE82}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{F3FA8C63-2167-444D-A905-3D64DB2092E0}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{EDB49D3C-837C-48D3-9DA6-46E12DB1BDC6}C:\\users\\edmund\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\edmund\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{D621960E-3BF2-424D-8555-E8CA49424CFC}C:\\users\\edmund\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\edmund\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{F8661903-65CA-4AE6-8B0D-D14548732793}C:\\users\\edmund\\appdata\\local\\temp\\nzm.exe"= UDP:C:\users\edmund\appdata\local\temp\nzm.exe:nzm.exe
"UDP Query User{29C54C09-9D96-467D-917B-1964A3F6932C}C:\\users\\edmund\\appdata\\local\\temp\\nzm.exe"= TCP:C:\users\edmund\appdata\local\temp\nzm.exe:nzm.exe
"{FB55C3DF-AA57-4FD5-98E0-AB8156994DA6}"= UDP:9468:BitComet 9468 TCP
"{69BFCCE5-88D0-40D8-B897-54AC4DA55381}"= TCP:9468:BitComet 9468 UDP
"{21AD3D29-E55C-4AC6-A4C3-0A95DE38EEB4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 21:09]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-01 10:54]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-27 05:13]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-27 05:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 06:06]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 05:17]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-18 06:19]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-07-02 07:10]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-02 07:10]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-02 07:09]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-02 07:10]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 17:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 16:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 10:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 17:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{999ddc0d-2d22-11dd-8fcb-001a80491ec8}]
\shell\AutoRun\command - G:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 04:44:59 C:\Windows\Tasks\User_Feed_Synchronization-{3D32C30B-08E0-48A2-8B50-3EB950AD44E2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 21:39:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Edmund\AppData\Local\Temp\~DF5CB0.tmp 180224 bytes
C:\Users\Edmund\AppData\Local\Temp\~DF5CB5.tmp 512 bytes
C:\Users\Edmund\AppData\Local\Temp\~DF70EB.tmp
C:\Users\Edmund\AppData\Local\Temp\~DF724E.tmp

scan completed successfully
hidden files: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-05-28 21:46:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 04:45:29

Pre-Run: 121,398,558,720 bytes free
Post-Run: 121,252,511,744 bytes free

275 --- E O F --- 2008-05-23 07:28:27





-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 12:46:15 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 811007
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 127664
Number of viruses found: 5
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:50:37

Infected Object Name / Virus Name / Last Action
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Setup\Setup.EXE/Setup.EXE/is152245.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Setup\Setup.EXE/Setup.EXE Infected: Trojan.Win32.Monder.gen skipped
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Setup\Setup.EXE CAB: infected - 2 skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.100.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.100.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy52.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA89D.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA89E.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\iiffCVml.dll.vir Infected: Trojan.Win32.Zapchast.gb skipped
C:\QooBox\Quarantine\C\Windows\System32\pixrtsqr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\QooBox\Quarantine\C\Windows\System32\qdewmopk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\QooBox\Quarantine\C\Windows\System32\vsmmdjvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\QooBox\Quarantine\C\Windows\System32\ybfxevwf.dll.vir Infected: Trojan-Downloader.Win32.ConHook.te skipped
C:\QooBox\Quarantine\C\Windows\System32\ydejrsue.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped
C:\QooBox\Quarantine\C\Windows\System32\ydhrbylu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\UsrClass.dat{e061d35a-d9e1-11dc-96c4-001bfb578ac3}.TM.blf Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\UsrClass.dat{e061d35a-d9e1-11dc-96c4-001bfb578ac3}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows\UsrClass.dat{e061d35a-d9e1-11dc-96c4-001bfb578ac3}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Edmund\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Edmund\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Edmund\ntuser.dat Object is locked skipped
C:\Users\Edmund\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Edmund\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Edmund\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Edmund\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Edmund\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{B58FFF2F-BB21-47FE-A184-6885080F94C2}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{215b3fff-2b9b-11dd-ab72-001a80491ec8}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{215b3fff-2b9b-11dd-ab72-001a80491ec8}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{215b3fff-2b9b-11dd-ab72-001a80491ec8}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{215b3fff-2b9b-11dd-ab72-001a80491ec8}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\etc\Hosts.bak Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\ivireg.ivr Object is locked skipped
C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.




Logfile of HijackThis v1.99.1
Scan saved at 12:46:44 AM, on 29/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Windows\system32\conime.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lms.cga-canad...ogon/Logon.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 29 May 2008 - 06:39 AM

You shouldn't download cracks

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE

Folder::
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{21C63899-6532-40D7-8379-7ED788B98D28}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{999ddc0d-2d22-11dd-8fcb-001a80491ec8}]

DirLook::
C:\Downloads


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

#5 mugmug

mugmug

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 29 May 2008 - 08:00 PM

Thanks. I really appreciate your help. Here is my combofix log and hijackthis log.

ComboFix 08-05-28.4 - Edmund 2008-05-29 18:25:06.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.980 [GMT -7:00]
Running from: C:\Users\Edmund\Desktop\ComboFix.exe
Command switches used :: C:\Users\Edmund\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Fix\Virus test check here.txt
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\READ ME!!!.txt
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Setup\eav_nt32_enu.msi
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Setup\Setup.EXE

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-28 21:52 . 2008-05-28 21:52 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-28 21:52 . 2008-05-28 21:52 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-28 21:52 . 2008-05-28 21:52 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-28 21:50 . 2008-03-07 19:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 21:50 . 2008-03-07 21:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-28 19:31 . 2008-05-28 19:31 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-05-25 23:45 . 2008-05-25 23:45 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-24 00:32 . 2008-05-26 23:13 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-05-19 16:06 . 2008-05-19 16:06 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-12 22:22 . 2008-05-12 22:22 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-26 00:38 . 2008-04-26 00:39 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-26 00:38 . 2008-04-26 00:39 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-26 00:38 . 2008-04-26 00:38 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-26 00:36 . 2008-04-26 00:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 22:58 . 2008-01-07 14:29 352 --ah----- C:\Windows\nod32fixtemdono.reg
2008-04-22 22:31 . 2008-04-22 22:31 2,560 --a------ C:\Windows\System32\bitcometres.dll
2008-04-22 21:25 . 2008-04-22 21:25 <DIR> d-------- C:\Users\Edmund\AppData\Roaming\ESET
2008-04-22 00:55 . 2008-04-22 00:55 <DIR> d-------- C:\PerfLogs
2008-04-22 00:37 . 2008-04-22 00:14 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-04-22 00:37 . 2008-04-22 00:14 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-04-22 00:23 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-22 00:23 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-04-22 00:23 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-04-22 00:23 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-04-22 00:23 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-04-22 00:20 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-04-22 00:15 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-04-22 00:09 . 2008-04-22 00:38 196,608 --a------ C:\Windows\SPInstall.etl
2008-04-20 23:59 . 2008-04-20 23:59 <DIR> d-------- C:\Users\Edmund\AppData\Roaming\AVS4YOU
2008-04-20 23:59 . 2008-04-21 00:18 <DIR> d-------- C:\Users\All Users\AVS4YOU
2008-04-20 23:59 . 2008-04-21 00:18 <DIR> d-------- C:\ProgramData\AVS4YOU
2008-04-20 23:57 . 2008-05-26 23:12 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-20 23:57 . 2008-05-26 23:12 <DIR> d-------- C:\Program Files\AVS4YOU
2008-04-20 23:06 . 2008-04-22 21:23 <DIR> d-------- C:\Users\All Users\ESET
2008-04-20 23:06 . 2008-04-22 21:23 <DIR> d-------- C:\ProgramData\ESET
2008-04-20 23:06 . 2008-04-22 21:47 <DIR> d-------- C:\Program Files\ESET
2008-04-17 22:45 . 2008-04-17 22:45 <DIR> d-------- C:\Users\All Users\BVRP Software
2008-04-17 22:45 . 2008-04-17 22:45 <DIR> d-------- C:\ProgramData\BVRP Software
2008-04-17 22:37 . 2008-04-17 22:37 <DIR> d-------- C:\Users\Edmund\AppData\Roaming\InstallShield
2008-04-08 23:07 . 2008-04-08 23:41 <DIR> d-------- C:\Users\Edmund\AppData\Roaming\Teleca
2008-04-08 22:57 . 2007-04-03 13:59 100,360 --a------ C:\Windows\System32\drivers\s616mgmt.sys
2008-04-08 22:57 . 2007-04-03 13:59 99,080 --a------ C:\Windows\System32\drivers\s616unic.sys
2008-04-08 22:57 . 2007-04-03 13:59 11,016 --a------ C:\Windows\System32\drivers\s616cr.sys
2008-04-08 22:56 . 2007-04-03 13:59 98,568 --a------ C:\Windows\System32\drivers\s616obex.sys
2008-04-08 22:55 . 2007-04-03 13:59 108,680 --a------ C:\Windows\System32\drivers\s616mdm.sys
2008-04-08 22:55 . 2007-04-03 13:59 23,176 --a------ C:\Windows\System32\drivers\s616nd5.sys
2008-04-08 22:55 . 2007-04-03 13:59 15,112 --a------ C:\Windows\System32\drivers\s616mdfl.sys
2008-04-08 22:55 . 2007-04-03 13:59 12,424 --a------ C:\Windows\System32\drivers\s616cmnt.sys
2008-04-08 22:55 . 2007-04-03 13:59 12,424 --a------ C:\Windows\System32\drivers\s616cm.sys
2008-04-08 22:54 . 2007-04-03 13:59 83,208 --a------ C:\Windows\System32\drivers\s616bus.sys
2008-04-08 22:54 . 2007-04-03 13:59 12,424 --a------ C:\Windows\System32\drivers\s616whnt.sys
2008-04-08 22:54 . 2007-04-03 13:59 12,424 --a------ C:\Windows\System32\drivers\s616wh.sys
2008-04-08 22:42 . 2008-04-08 22:42 <DIR> d-------- C:\Users\Edmund\AppData\Roaming\Sony Ericsson
2008-04-08 22:41 . 2008-04-17 22:37 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-04-08 22:41 . 2008-04-08 22:41 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-04-08 22:41 . 2008-04-08 22:41 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-04-08 22:38 . 2008-04-08 22:42 <DIR> d-------- C:\Users\All Users\Teleca
2008-04-08 22:38 . 2008-04-17 22:37 <DIR> d-------- C:\Users\All Users\Sony Ericsson
2008-04-08 22:38 . 2008-04-08 22:42 <DIR> d-------- C:\ProgramData\Teleca
2008-04-08 22:38 . 2008-04-17 22:37 <DIR> d-------- C:\ProgramData\Sony Ericsson
2008-04-08 22:19 . 2008-02-21 19:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-08 22:19 . 2008-02-21 22:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-08 22:13 . 2008-02-29 00:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-08 22:13 . 2008-02-29 00:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-08 22:13 . 2008-02-21 22:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-08 22:13 . 2008-02-28 23:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-08 22:13 . 2008-02-28 21:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 22:13 . 2008-02-28 23:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-08 22:13 . 2008-02-28 23:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 22:13 . 2008-02-29 00:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 22:13 . 2008-02-28 21:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 22:13 . 2008-02-28 23:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 22:11 . 2008-02-28 21:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 22:11 . 2008-02-21 21:57 295,936 --a------ C:\Windows\System32\gdi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 01:17 28,190 ----a-w C:\Users\Edmund\AppData\Roaming\nvModes.dat
2008-05-14 06:12 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 06:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 07:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-26 07:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-23 05:48 --------- d-----w C:\Program Files\BitComet
2008-04-23 03:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 15:59 --------- d-----w C:\Program Files\Java
2008-04-22 08:04 174 --sha-w C:\Program Files\desktop.ini
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Journal
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Defender
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-22 07:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-22 07:43 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-22 07:43 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-22 05:28 --------- d-----w C:\ProgramData\FLEXnet
2008-04-18 05:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 04:59 --------- d-----w C:\Users\Edmund\AppData\Roaming\Apple Computer
2008-04-10 04:05 --------- d-----w C:\Users\Edmund\AppData\Roaming\Corel
2008-03-09 00:37 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-07 07:32 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-01 18:13 0 ----a-w C:\Users\Edmund\AppData\Roaming\wklnhst.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Downloads ----

2008-05-26 00:33 3591603 --a------ C:\Downloads\WinAVI.3GP.MP4.PSP.iPod.Video.Converter.v3.1.Incl.Keymaker-CORE\winavi_ipod_video_converter.exe
2008-05-26 00:33 184490 --a------ C:\Downloads\WinAVI.3GP.MP4.PSP.iPod.Video.Converter.v3.1.Incl.Keymaker-CORE\keygen.exe
2008-05-26 00:10 3543040 --a------ C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[+Serial].zip.bc!
2008-05-25 23:56 512 --a------ C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[v3.1][+Serial]_10smai\serial.txt.bc!
2008-05-24 00:26 18459036 --a------ C:\Downloads\Magic Video Converter 8.0.2.18\MagicVideoConverter.exe
2008-05-24 00:26 147 --a------ C:\Downloads\Magic Video Converter 8.0.2.18\Magic Video Converter Serial.txt
2008-05-24 00:03 512 --a------ C:\Downloads\AVS Video Converter 4.8.5.455 Complete\readme.html.url.bc!
2008-05-24 00:03 1226752 --a------ C:\Downloads\AVS Video Converter 4.8.5.455 Complete\AVS Video Converter 4.8.5.455 Complete.rar.bc!
2008-05-12 23:49 0 d-------- C:\Downloads\??? - Goomusic Collection 2004-2008 ??+??\
2008-04-22 22:44 20475904 --a------ C:\Downloads\ESET NOD32 AntiVirus 3.0.650 + Smart Security 3.0.650 + FiXes (32 & 64 bit) - TomO\(32 bit) ESET AntiVirus 3.0.650 + Fixes - TomO.rar.bc!
2008-04-22 22:42 22371206 --a------ C:\Downloads\ESET NOD32 Antivirus 3.0.650.zip
2008-04-22 22:37 20119040 --a------ C:\Downloads\ESET NOD32 AntiVirus 3.0.650 + Smart Security 3.0.650 + FiXes (32 & 64 bit) - TomO\(32 bit) ESET Smart Security 3.0.650 + Fixes - TomO.rar.bc!
2008-04-22 22:36 20254871 --a------ C:\Downloads\Eset_Smart_Security_BE_3.0.650_32b.rar
2008-04-22 09:01 380612 --a------ C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe
2008-04-22 09:01 21419008 --a------ C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Setup\Setup.EXE
2008-04-22 09:01 20372480 --a------ C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Setup\eav_nt32_enu.msi
2008-04-22 09:01 189 --a------ C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\Fix\Virus test check here.txt
2008-04-22 09:01 1471 --a------ C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE\READ ME!!!.txt
2008-04-20 22:20 58368 --a------ C:\Downloads\Nod32 KeyGen.exe.bc!
2008-04-15 21:26 8509440 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\10.mp3
2008-04-15 21:26 8198144 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\07.mp3
2008-04-15 21:26 8079352 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\01.mp3
2008-04-15 21:26 7794688 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\05.mp3
2008-04-15 21:26 7378944 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\04.mp3
2008-04-15 21:26 7229440 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\11.mp3
2008-04-15 21:26 6746112 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\13.mp3
2008-04-15 21:26 6291456 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\12.mp3
2008-04-15 21:26 6176768 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\08.mp3
2008-04-15 21:26 6103040 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\14.mp3
2008-04-15 21:26 6002688 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\06.mp3
2008-04-15 21:26 5654528 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\02.mp3
2008-04-15 21:26 5066752 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\03.mp3
2008-04-15 21:26 4556800 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\09.mp3
2008-04-15 21:25 8200192 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\08.mp3
2008-04-15 21:25 8079360 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\12.mp3
2008-04-15 21:25 7809024 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\03.mp3
2008-04-15 21:25 7720960 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\11.mp3
2008-04-15 21:25 7682048 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\09.mp3
2008-04-15 21:25 7602176 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\05.mp3
2008-04-15 21:25 7239680 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\02.mp3
2008-04-15 21:25 6995968 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\10.mp3
2008-04-15 21:25 6459392 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\06.mp3
2008-04-15 21:25 6326272 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\07.mp3
2008-04-15 21:25 5791744 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\01.mp3
2008-04-15 21:25 5412864 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\04.mp3
2008-04-15 21:25 4481024 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\13.mp3
2008-04-15 21:25 10446848 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\14.mp3
2008-04-14 23:10 149 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\Track List.url
2008-04-14 23:10 147 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 1\??.url
2008-04-14 23:03 149 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\Track List.url
2008-04-14 23:03 149 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\Track List.url
2008-04-14 23:03 149 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\???????????.url
2008-04-14 23:03 147 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\DISC 2\??.url
2008-04-14 23:03 147 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\??.url
2008-04-14 23:03 145 --a------ C:\Downloads\[JPSEEK.COM]LUNA SEA - COMPLETE BEST\??JPOP???.url
2008-03-19 07:36 100000076 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.rar
2008-03-19 06:56 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.037
2008-03-19 06:56 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.031
2008-03-19 06:56 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.027
2008-03-19 06:49 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.042
2008-03-19 06:47 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.043
2008-03-19 06:47 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.032
2008-03-19 06:45 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.044
2008-03-19 06:45 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.040
2008-03-19 06:45 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.033
2008-03-19 06:42 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.038
2008-03-19 06:42 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.035
2008-03-19 06:41 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.034
2008-03-19 06:40 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.026
2008-03-19 06:40 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.025
2008-03-19 06:40 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.023
2008-03-19 06:37 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.029
2008-03-19 06:37 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.028
2008-03-19 06:37 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.022
2008-03-19 06:37 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.009
2008-03-19 06:35 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.024
2008-03-19 06:35 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.017
2008-03-19 06:33 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.039
2008-03-19 06:33 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.014
2008-03-19 06:32 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.007
2008-03-19 06:29 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.036
2008-03-19 06:28 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.013
2008-03-19 06:27 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.011
2008-03-19 06:23 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.046
2008-03-19 06:18 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.010
2008-03-19 06:14 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.045
2008-03-19 06:12 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.006
2008-03-19 06:07 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.048
2008-03-19 06:07 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.005
2008-03-19 05:59 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.047
2008-03-19 05:52 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.012
2008-03-19 05:48 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.008
2008-03-19 05:39 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.004
2008-03-19 05:35 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.049
2008-03-19 05:34 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.041
2008-03-19 05:25 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.051
2008-03-19 04:45 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.030
2008-03-19 04:15 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.050
2008-03-19 02:18 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.003
2008-03-18 23:07 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.053
2008-03-18 20:52 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.052
2008-03-18 17:24 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.002
2008-03-18 16:45 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.001
2008-03-18 15:15 15725623 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.054
2008-03-18 12:22 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.019
2008-03-18 12:21 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.020
2008-03-18 12:21 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.018
2008-03-18 12:16 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.021
2008-03-18 10:32 9826 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\Pro.Evolution.Soccer.2008.PROPER.CRACK.ONLY-ViTALiTY\vitality.nfo
2008-03-18 10:32 8582128 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\Pro.Evolution.Soccer.2008.PROPER.CRACK.ONLY-ViTALiTY\vty-0112.001
2008-03-18 10:32 31 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\Pro.Evolution.Soccer.2008.PROPER.CRACK.ONLY-ViTALiTY\.plus.sfv
2008-03-18 08:44 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.015
2008-03-18 08:01 100000000 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.016
2008-03-17 22:47 23 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\Pro.Evolution.Soccer.2008.PROPER.CRACK.ONLY-ViTALiTY\vty-0112.sfv
2008-03-17 22:47 1777 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\.plus.sfv
2008-03-16 06:22 3975 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.nfo
2008-03-16 06:22 1242 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.sfv
2008-03-16 01:09 0 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\Pro.Evolution.Soccer.2008.PROPER.CRACK.ONLY-ViTALiTY\-[100%]-[1.files]-[ServUPlus.vty-0112]-[????@TLF@djbzw@??2008]-
2008-03-16 01:09 0 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\-[100%]-[54.files]-[ServUPlus.flt-pes8]-[????@TLF@djbzw@??2008]-
2008-03-10 19:43 6786678784 --a------ C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com].iso
2008-03-10 19:43 26 --a------ C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\ToPeTorrent - Tu web de Bittorrent.txt
2008-03-10 19:43 24 --a------ C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\Serial.txt
2008-03-09 21:58 98304 --a------ C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack\rzr-cod4.exe
2008-03-09 21:58 3017216 --a------ C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack\iw3sp.exe
2008-03-06 10:04 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r47
2008-03-06 10:04 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r43
2008-03-06 10:04 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r30
2008-03-06 10:01 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r29
2008-03-06 10:00 60837940 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r48
2008-03-06 10:00 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r37
2008-03-06 10:00 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r36
2008-03-06 09:59 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r39
2008-03-06 09:59 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r35
2008-03-06 09:58 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r44
2008-03-06 09:57 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r38
2008-03-06 09:55 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r46
2008-03-06 09:50 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r23
2008-03-06 09:47 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r42
2008-03-06 09:45 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r33
2008-03-06 09:42 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r45
2008-03-06 09:40 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r40
2008-03-06 09:40 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r32
2008-03-06 09:40 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r18
2008-03-06 09:39 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.rar
2008-03-06 09:05 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r41
2008-03-06 09:03 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r00
2008-03-06 08:48 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r34
2008-03-06 08:19 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r24
2008-03-06 07:56 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r27
2008-03-06 07:43 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r22
2008-03-06 07:39 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r20
2008-03-06 07:31 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r26
2008-03-06 07:25 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r28
2008-03-06 06:51 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r31
2008-03-06 05:35 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r06
2008-03-06 04:37 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r01
2008-03-06 03:16 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r25
2008-03-06 02:56 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r13
2008-03-06 02:55 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r21
2008-03-06 02:27 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r12
2008-03-06 02:16 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r02
2008-03-06 02:01 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r04
2008-03-06 00:31 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r17
2008-03-06 00:06 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r10
2008-03-05 23:14 1150 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.sfv
2008-03-05 22:33 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r09
2008-03-05 22:15 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r19
2008-03-05 20:39 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r03
2008-03-05 20:20 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r08
2008-03-05 19:50 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r05
2008-03-05 17:20 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r11
2008-03-05 15:37 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r16
2008-03-05 14:58 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r07
2008-03-05 14:20 4614 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\reloaded.nfo
2008-03-05 11:40 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r15
2008-03-05 10:50 100000000 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.r14
2007-11-14 09:15 5024776192 --a------ C:\Downloads\Need.For.Speed.Pro.Street-RELOADED\rld-nfps.iso
2007-10-22 15:48 5821741056 --a------ C:\Downloads\Pro_Evolution_Soccer_2008-FLT\flt-pes8.iso


------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-28_21.44.25.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 04:38:41 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 19:37:57 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 19:37:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-29 19:37:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-29 04:39:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 19:48:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 19:48:47 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 04:39:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-30 01:17:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2005-05-24 19:27:16 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-05-29 04:25:42 110,386 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-30 01:24:42 110,386 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-29 04:25:42 611,610 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-30 01:24:43 611,610 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-24 08:14:59 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-05-29 08:04:51 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-05-29 01:59:49 9,686 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-591072603-1162265346-3001952583-1002_UserData.bin
+ 2008-05-29 15:48:14 9,686 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-591072603-1162265346-3001952583-1002_UserData.bin
- 2008-05-29 01:59:49 93,848 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 15:48:14 94,026 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-29 01:59:45 45,562 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 15:48:12 45,602 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-24 07:08:31 119,559,790 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-29 04:48:24 119,996,712 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 05:35 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 16:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 11:31 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe" [ ]
"VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 16:30 577536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 16:17 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-01 00:28 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-27 05:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-27 05:15 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-27 05:15 81920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

C:\Users\Edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [11/9/2007 9:43:13 AM 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 1:01:50 AM 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [6/22/2007 10:55:32 AM 739880]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [3/1/2007 4:55:18 AM 972320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2804C22E-89B1-4E05-B86A-3FA64534B291}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{A01736B7-1868-4628-9CA1-EE4F3A7868D3}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{12BA5CBC-2865-41D7-B563-FE6CD7FCD282}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F2D6F60B-1DF2-4B84-89C4-724A3F72B1BB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{819C6D67-0C9D-41D9-BA3E-8F1D0EE08A7D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{9D0312E9-17B8-409D-A73F-6802C23B987C}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{CA986776-936A-4BD3-A63E-21A3B18BA334}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2477A7CB-D826-4C10-B1A8-A204A0BA61AD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C2EE9030-5178-46B7-AB46-E04A5BCBBA62}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{11A4DD54-DAE3-4CD2-A831-192CD6A78645}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4205D28E-2FB3-4469-9E2C-4F27F1A425A0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB17F608-7882-4F86-9EF4-DFF33F65378F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58D7EE41-6F23-482F-A228-B7C9AFE62B2F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6F5EB71D-C1CE-4E92-AB1C-C1BED02715AC}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{66AAE59B-C6AF-4724-85DC-4F311BE3AFF8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{D315372B-99D1-46A0-AC99-8561C54AC880}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{29026A39-3862-46BF-A69D-0CEF1A7B9067}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"TCP Query User{F7F430FF-7964-443B-9567-03539DA58D30}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{AF010A4F-74C9-43F9-B664-B7DB93564830}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{FE4AC936-CC34-4652-9D3B-FF3BD8D7FE82}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{F3FA8C63-2167-444D-A905-3D64DB2092E0}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{EDB49D3C-837C-48D3-9DA6-46E12DB1BDC6}C:\\users\\edmund\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\edmund\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{D621960E-3BF2-424D-8555-E8CA49424CFC}C:\\users\\edmund\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\edmund\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{F8661903-65CA-4AE6-8B0D-D14548732793}C:\\users\\edmund\\appdata\\local\\temp\\nzm.exe"= UDP:C:\users\edmund\appdata\local\temp\nzm.exe:nzm.exe
"UDP Query User{29C54C09-9D96-467D-917B-1964A3F6932C}C:\\users\\edmund\\appdata\\local\\temp\\nzm.exe"= TCP:C:\users\edmund\appdata\local\temp\nzm.exe:nzm.exe
"{FB55C3DF-AA57-4FD5-98E0-AB8156994DA6}"= UDP:9468:BitComet 9468 TCP
"{69BFCCE5-88D0-40D8-B897-54AC4DA55381}"= TCP:9468:BitComet 9468 UDP
"{21AD3D29-E55C-4AC6-A4C3-0A95DE38EEB4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 21:09]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-01 10:54]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-27 05:13]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-27 05:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 06:06]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 05:17]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-18 06:19]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-07-02 07:10]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-02 07:10]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-02 07:09]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-02 07:10]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 17:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 16:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 10:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 17:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 01:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{3D32C30B-08E0-48A2-8B50-3EB950AD44E2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 18:28:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 18:29:17
ComboFix-quarantined-files.txt 2008-05-30 01:28:58
ComboFix2.txt 2008-05-29 04:46:03

Pre-Run: 109,783,703,552 bytes free
Post-Run: 109,750,468,608 bytes free

484 --- E O F --- 2008-05-29 08:04:19




Logfile of HijackThis v1.99.1
Scan saved at 6:57:46 PM, on 29/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lms.cga-canad...ogon/Logon.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

#6 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 30 May 2008 - 05:25 AM

So many cracks

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Downloads\WinAVI.3GP.MP4.PSP.iPod.Video.Converter.v3.1.Incl.Keymaker-CORE
C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[+Serial].zip.bc! 
C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[v3.1][+Serial]_10smai
C:\Downloads\Magic Video Converter 8.0.2.18\Magic Video Converter Serial.txt 
C:\Downloads\AVS Video Converter 4.8.5.455 Complete\AVS Video Converter 4.8.5.455 Complete.rar.bc! 
C:\Downloads\ESET NOD32 AntiVirus 3.0.650 + Smart Security 3.0.650 + FiXes (32 & 64 bit) - TomO
C:\Downloads\Eset_Smart_Security_BE_3.0.650_32b.rar 
C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE
C:\Downloads\Nod32 KeyGen.exe.bc! 
C:\Downloads\Pro_Evolution_Soccer_2008-FLT\Pro.Evolution.Soccer.2008.PROPER.CRACK.ONLY-ViTALiTY
C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

#7 mugmug

mugmug

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 31 May 2008 - 09:45 AM

Thanks. As requested here is the log from OTMoveIT: Explorer killed successfully C:\Downloads\WinAVI.3GP.MP4.PSP.iPod.Video.Converter.v3.1.Incl.Keymaker-CORE moved successfully. < C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[+Serial].zip.bc! > C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[+Serial].zip.bc! moved successfully. < C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[v3.1][+Serial]_10smai > C:\Downloads\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[v3.1][+Serial]_10smai moved successfully. C:\Downloads\Magic Video Converter 8.0.2.18\Magic Video Converter Serial.txt moved successfully. C:\Downloads\AVS Video Converter 4.8.5.455 Complete\AVS Video Converter 4.8.5.455 Complete.rar.bc! moved successfully. C:\Downloads\ESET NOD32 AntiVirus 3.0.650 + Smart Security 3.0.650 + FiXes (32 & 64 bit) - TomO moved successfully. C:\Downloads\Eset_Smart_Security_BE_3.0.650_32b.rar moved successfully. File/Folder C:\Downloads\NOD32 Antivirus 3.0.642 - UNLIMITED UPDATE not found. C:\Downloads\Nod32 KeyGen.exe.bc! moved successfully. C:\Downloads\Pro_Evolution_Soccer_2008-FLT\Pro.Evolution.Soccer.2008.PROPER.CRACK.ONLY-ViTALiTY moved successfully. < C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack > C:\Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack moved successfully. < purity > Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05312008_020827

#8 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 31 May 2008 - 10:04 AM

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#9 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 04 June 2008 - 04:42 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·