TechSpot

[Closed] Attn: Bobbye - Malware preventing updating

By vlad097
Oct 19, 2011
  1. Bobbye -
    Leave this reference for me of this:

    http://www.techspot.com/vb/newintopic172242.html

    -----------------------------------------------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7974

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/19/2011 8:54:31 PM
    mbam-log-2011-10-19 (20-54-31).txt

    Scan type: Quick scan
    Objects scanned: 210554
    Time elapsed: 6 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ----------------------------------------------------------------------------------------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-19 20:59:58
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000078 WDC_WD3200AAJS-00RYA0 rev.12.01B01
    Running: wq522u19.exe; Driver: C:\DOCUME~1\Vanja\LOCALS~1\Temp\uxtdypow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 8ABE2670
    Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 8ABE2670

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

    ----------------------------------------------------------------------------------------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
    Run by Vanja at 21:02:40 on 2011-10-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2145 [GMT 2:00]
    .
    FW: ZoneAlarm Pro Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\MAFWTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
    mRun: [MAFWTaskbarApp] c:\windows\system32\MAFWTray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    mPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-system: NoDispAppearancePage = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    dPolicies-explorer: NoViewOnDrive = 0 (0x0)
    dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    dPolicies-system: NoDispAppearancePage = 0 (0x0)
    dPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318581580750
    DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0} : NameServer = 196.41.124.10,196.41.124.11
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\vanja\application data\mozilla\firefox\profiles\58av3o94.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\vanja\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\vanja\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\vanja\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava11.dll
    FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava12.dll
    FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava13.dll
    FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava32.dll
    FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPOJI610.dll
    FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPJPI141_01.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
    FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
    R0 WRkrn;WRkrn;c:\windows\system32\drivers\wrkrn.sys --> c:\windows\system32\drivers\WRkrn.sys [?]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2008-11-4 11264]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-14 320856]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-4 353672]
    R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2008-11-4 111768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-14 20568]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]
    R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2011-1-17 3608]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
    R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2009-6-2 6852]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2011-10-8 598856]
    R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2008-11-4 5337]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-11-4 33792]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-10-7 73344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]
    S2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashserv.exe" --> c:\program files\alwil software\avast4\ashServ.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704]
    S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S2 WRSVC;WRSVC;"c:\program files\webroot\wrsa.exe" -service --> c:\program files\webroot\WRSA.exe [?]
    S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [2008-11-4 17835]
    S3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashmaisv.exe" /service --> c:\program files\alwil software\avast4\ashMaiSv.exe [?]
    S3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashwebsv.exe" /service --> c:\program files\alwil software\avast4\ashWebSv.exe [?]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-10-7 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-10-7 237440]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
    S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-7-22 57344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-10-19 17:40:41 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
    2011-10-19 02:37:57 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
    2011-10-18 23:12:06 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-10-18 23:12:06 79872 ------w- c:\windows\system32\msxml6r.dll
    2011-10-18 23:12:06 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-10-18 23:12:06 1372672 ------w- c:\windows\system32\msxml6.dll
    2011-10-18 23:10:00 294912 ------w- c:\program files\windows media player\dlimport.exe
    2011-10-18 23:08:09 19569 ----a-w- c:\windows\003114_.tmp
    2011-10-18 21:18:35 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
    2011-10-18 20:25:57 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2011-10-18 20:25:57 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2011-10-18 20:25:57 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2011-10-18 20:25:57 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-10-18 20:25:57 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2011-10-18 20:25:57 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2011-10-18 20:25:57 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
    2011-10-18 20:25:57 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-10-18 20:24:50 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
    2011-10-18 20:24:46 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
    2011-10-18 20:24:45 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-18 20:24:42 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2011-10-18 20:24:40 409088 ----a-w- c:\windows\system32\qmgr.dll
    2011-10-18 20:24:40 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
    2011-10-18 20:24:37 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-10-18 20:22:59 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
    2011-10-18 17:19:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-18 17:19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-17 22:50:16 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
    2011-10-17 21:44:19 -------- d-----w- C:\_OTM
    2011-10-17 08:24:03 1409 ----a-w- c:\windows\QTFont.for
    2011-10-16 18:02:52 -------- d-----w- c:\documents and settings\all users\Keyword Elite 2.0
    2011-10-16 18:01:00 -------- d-----w- c:\program files\Keyword Elite 2.0
    2011-10-15 10:20:41 102400 ----a-w- c:\windows\system32\bclnap.dll
    2011-10-15 10:20:40 3080192 ----a-w- c:\windows\system32\beconvlib.dll
    2011-10-15 10:20:40 282624 ----a-w- c:\windows\system32\bprgcomm.dll
    2011-10-15 10:20:40 208896 ----a-w- c:\windows\system32\beconv.dll
    2011-10-15 00:06:09 -------- d-sh--w- c:\documents and settings\vanja\PrivacIE
    2011-10-15 00:06:04 -------- d-sh--w- c:\documents and settings\vanja\IECompatCache
    2011-10-14 23:30:30 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-14 23:30:30 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-10-14 23:03:42 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
    2011-10-14 22:32:09 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
    2011-10-14 21:25:00 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
    2011-10-14 20:57:51 -------- d-----w- c:\program files\AVAST Software
    2011-10-14 20:57:29 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-10-14 20:44:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-10-14 20:11:37 -------- d-sh--w- c:\documents and settings\vanja\IETldCache
    2011-10-14 20:09:04 -------- d-----w- c:\windows\ie8updates
    2011-10-14 20:08:54 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-14 20:08:54 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-14 20:08:54 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-10-14 20:08:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-14 20:08:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-14 20:08:53 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-14 20:08:53 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-10-14 20:08:09 -------- dc-h--w- c:\windows\ie8
    2011-10-14 02:09:13 -------- d-----w- c:\program files\MSXML 4.0
    2011-10-14 01:48:09 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-14 01:41:41 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-14 01:38:12 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-14 01:37:42 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-10-14 01:36:23 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-14 01:36:23 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-10-14 01:36:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-14 01:28:52 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-14 01:27:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-14 01:27:22 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-10-14 01:24:46 -------- d-----w- c:\windows\system32\PreInstall
    2011-10-14 01:24:44 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-14 01:19:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-10-13 21:09:12 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-10-08 21:17:17 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
    2011-10-08 21:17:12 -------- d-----w- c:\program files\Security Task Manager
    2011-10-08 21:14:01 -------- d-----w- c:\documents and settings\vanja\application data\Webroot
    2011-10-08 21:14:00 -------- d-----w- c:\program files\Webroot
    2011-10-08 21:14:00 -------- d-----w- c:\program files\common files\Webroot Shared
    2011-10-08 21:14:00 -------- d-----w- c:\documents and settings\all users\application data\Webroot
    2011-10-08 21:13:53 194888 ----a-w- c:\windows\Unwash6.exe
    2011-10-08 21:06:47 -------- d-----w- c:\program files\TweakNow WinSecret 2011
    2011-10-08 21:06:47 -------- d-----w- c:\documents and settings\vanja\application data\TweakNow WinSecret 2011
    2011-10-08 20:45:47 -------- d-----w- c:\program files\Registry Clean Expert
    2011-10-08 11:26:55 -------- d-----w- c:\documents and settings\vanja\local settings\application data\conduitEngine
    2011-10-07 17:43:49 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
    2011-10-07 17:20:20 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
    2011-10-07 17:08:11 -------- d-----w- c:\documents and settings\vanja\local settings\application data\PCHealth
    2011-10-07 17:03:32 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
    2011-10-07 17:03:28 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
    2011-10-07 17:02:26 -------- d-----w- c:\documents and settings\all users\application data\Vodafone
    2011-10-06 23:36:24 -------- d-----w- c:\program files\The Free Blog Commenter
    2011-10-03 21:43:28 -------- d-----w- c:\program files\Webmaster Organizer
    2011-10-03 21:42:01 -------- d-----w- c:\documents and settings\vanja\application data\SeoOganizer
    2011-10-03 21:39:56 -------- d-----w- c:\documents and settings\vanja\application data\GetRightToGo
    2011-10-03 20:17:52 -------- d-----w- c:\documents and settings\vanja\application data\Efficient Password Manager
    2011-10-03 20:17:50 -------- d-----w- c:\program files\Efficient Password Manager
    2011-09-25 17:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-09-21 07:35:54 4566176 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    2011-09-21 00:17:03 1112288 ----a-r- c:\windows\system32\wdfcoinstaller01007.dll
    2011-09-21 00:14:45 -------- d-----w- c:\documents and settings\vanja\local settings\application data\{B689FAC8-84A4-4175-9624-A6C800238679}
    .
    ==================== Find3M ====================
    .
    2011-10-15 10:24:09 51 ----a-w- c:\windows\SW_Win2141X16.DLL
    2011-10-12 16:48:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-21 06:05:44 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
    2009-11-19 19:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
    2009-11-19 19:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
    .
    ============= FINISH: 21:04:03.90 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/4/2008 7:36:51 PM
    System Uptime: 10/19/2011 7:50:33 PM (2 hours ago)
    .
    Motherboard: WinFast | | 6100M2MA
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2210/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 89.161 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: Realtek AC'97 Audio
    Device ID: PCI\VEN_10DE&DEV_026B&SUBSYS_0D04105B&REV_A2\3&2411E6FE&0&82
    Manufacturer: Realtek
    Name: Realtek AC'97 Audio
    PNP Device ID: PCI\VEN_10DE&DEV_026B&SUBSYS_0D04105B&REV_A2\3&2411E6FE&0&82
    Service: ALCXWDM
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&8A1373E&0&01
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&8A1373E&0&01
    Service: NVENETFD
    .
    ==== System Restore Points ===================
    .
    RP1: 10/19/2011 7:59:08 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    3herosoft DVD Ripper Platinum
    4Front E-Piano Module 1.0 VSTi
    4Front Piano Module 1.0 VSTi
    4Front Rhode 1.0 VSTi
    ABC Amber LIT Converter
    Abrosoft FantaMorph 4.1
    ACE Mega CoDecS Pack
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Flex Builder 3
    Adobe Flex Builder 3 Plug-in
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop Lightroom 3.3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Advanced Font Viewer 2.3
    AHV content for Acrobat and Flash
    AKAI professional DCVocoder 1.0
    Alcohol 120%
    ALi USB2.0 Driver
    Alien Skin Eye Candy 5 Impact
    Alien Skin Eye Candy 5 Nature
    Alien Skin Eye Candy 5 Textures
    Alien Skin Image Doctor 1.0
    Alien Skin Xenofex 2.0
    Antares Tube VST v1.02
    Any DVD Cloner Platinum 1.0.5
    Apache Tomcat 6.0 (remove only)
    Apophysis 2.0
    Artisteer 2
    Arturia CS-80V v1.1
    Arturia Modular System v1.0
    ASAPI Update
    Ask Toolbar
    Astrobelt 1.0
    Atmosphere
    Autodesk Backburner 2011.0.0
    Autodesk DirectConnect 2010 R1
    Autodesk MatchMover 2011 32-bit
    Autodesk Maya 2011 32-bit
    Autodesk Maya 2011 English Documentation 32-bit
    AV Voice Changer Software 3.0.89
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Axialis IconWorkshop 6.50
    Better File Rename 5.3.1
    Beyond Compare Version 3.0.15
    BitLord 1.1
    BODYPAINT 3D
    Brain Teasers
    Cakewalk Pro Audio 9
    calibre
    CameraHelperMsi
    Camtasia Studio 6
    Canon CanoScan Toolbox 4.1
    Chromatica
    CleanUp!
    Composite 2011
    CONNECT Reader by Sony
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - EN
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW(R) Graphics Suite X5
    CronoX 3
    CronoX 3 Bonus Presets
    CS-80V
    CuteFTP 8 Professional
    Diff Doc
    Dramatica Pro 4.0
    Duplicate File Finder 1.1.0.0
    DVD-CLONER V6.00 Build 975
    DVD Shrink Pro
    DVD Suite
    EarMaster School 5
    Edirol HQ Orchestral v1.01
    Edirol Hyper Canvas VSTi v1.51
    Efficient Password Manager 1.68
    erLT
    Eye Candy 4000
    eyeQ
    EZdrummer
    EZXPercussion
    Facebook Plug-In
    Firebird SQL Server - MAGIX Edition
    Firewire Family
    FL Studio v7.0
    FM Heaven VSTi v1.4
    Free Picture Resize Starter 4.5
    GOM Player
    Google Chrome
    Google Talk (remove only)
    GSM 1.1.4.2
    Guitar Chord Buster Pro 4.4.0
    Guitar Studio
    Hard Disk Scrubber v2.1
    High-Logic FontCreator 6.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    IBP 11.5
    IK Multimedia Amplitube DX/VST/RTAS v2.0
    IrfanView (remove only)
    iZotope Trash
    J2SE Development Kit 5.0 Update 12
    J2SE Runtime Environment 5.0 Update 12
    Java 2 Runtime Environment, SE v1.4.1_01
    Java Web Start
    LameACM
    Logitech Vid HD
    Logitech Webcam Software
    Lounge Lizard 1.0
    LRA Movie
    LucisArt 3 ED/SE
    LUXONIX Ravity(S) v1.4.1
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Magic ISO Maker v5.4 (build 0239)
    MAGIX 3D Maker (embeded)
    MAGIX Movie Edit Pro 16 Plus Download Version 9.0.1.60 (UK)
    MAGIX Screenshare
    MAGIX Speed burnR
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MasterWriter
    MediaMonkey 2.5
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Agent Character Editor
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Native Client
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Morton Benson SerboCroatian-English Dictionary
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyEclipse 7.0 Milestone-1
    N.I. Guitar Rig v2.0.2
    Native Instruments Absynth 4
    Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
    Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
    Native Instruments Metaphysical Function
    Native Instruments Service Center
    Nero 7 Essentials
    NetBeans IDE 5.5.1
    NetBeans IDE 6.1
    Nomad Factory Blue Tubes Bundle VST v1.6
    NVIDIA Drivers
    Octopus
    PDF Settings
    Photo to Cartoon
    PixPlant for Photoshop 2.0.43
    Plagiarism Detector
    Portrait Professional Studio 9.0
    PowerDVD
    PowerISO
    PRO100 Jasno ver 4.16
    QuickTime
    Rapport
    RealPlayer
    Realtek AC'97 Audio
    reFX Trasher 2 VST v1.1
    Registry Clean Expert
    Registry Cleaner 6.0.0.016
    Registry Mechanic 6.0
    Riva FLV Player
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB982381)
    Sencha Animator
    Serato Scratch Studio Edition RTAS v1.0
    Sibelius 6.2.0.88
    Skype Click to Call
    Skype™ 5.5
    Sony DVD Architect Studio 4.5
    Sony Noise Reduction Plug-In 2.0e
    Sony Sound Forge 9.0
    Sothink SWF Decompiler
    SpinAudio 3DDelays 1.1
    SpinAudio RoomVerb M1 1.1
    SpinAudio RoomVerb M2 2.0
    SpinAudio SpinDelay 2.0 Full
    Splat! 1.0
    Steinberg FreeFilter v1.1 - OxYGeN
    Steinberg Groove Agent 2
    Steinberg Voice Designer v1.03
    Striata Reader
    Style Master 4.6
    Sun Download Manager 2.0 (web)
    Sun Java System Application Server 9.1 Update 2
    SwarShala v2.0 build 4
    Syncrosoft's License Control
    SyncroSoft Emu (Remove only)
    Synonymizer 3.1.0
    Terragen
    The Free Blog Commenter
    Topaz Adjust 4
    Topaz Clean 3
    Topaz DeJpeg 4
    Topaz DeNoise 5
    Topaz Detail 2
    Topaz Fusion Express 2
    Topaz InFocus
    Topaz ReMask 3
    Topaz Simplify 3
    TortoiseSVN 1.5.3.13783 (32 bit)
    Total Commander (Remove or Repair)
    TweakNow WinSecret 2011
    Ulead GIF Animator 5
    Ulead VideoStudio SE DVD
    Ultrafunk Sonitus:fx R3 plug-in uninstaller
    Uninstall Mystical
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 Capture Device
    uTorrentBar Toolbar
    VC 9.0 Runtime
    ViceVersa Pro 2 (Build 2014)
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VocaVista-Audio 2.8.6
    VoiceSFX
    Waves API Collection
    Waves L3 16
    Waves L3 LL
    Waves Mercury Bundle
    WCAT
    WebFldrs XP
    Webmaster Organizer 1.0 Trial
    Window Washer
    Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows XP Service Pack 3
    WinRAR archiver
    Wisdom of the Ages - Evaluation Version
    Writer's Café 1.22
    XAMPP 1.7.1
    YAMAHA VST Plugin Vocal Rack Trial
    ZBrush3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/19/2011 8:50:43 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    10/19/2011 7:50:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    10/19/2011 7:50:08 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/19/2011 4:41:04 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/19/2011 4:41:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    10/19/2011 12:16:14 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
    An internal error occurred.
    10/18/2011 12:52:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    10/18/2011 11:01:34 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
    10/18/2011 10:41:04 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
    Service Pack 3 installation did not complete.
    10/18/2011 1:42:19 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Windows XP Service Pack 3 (KB936929).
    10/18/2011 1:41:51 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
    An internal error occurred.
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Window Washer Engine service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Syntek STK1160 Service service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The FABS - Helping agent for MAGIX media database service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
    10/17/2011 11:30:58 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows XP Service Pack 3 (KB936929).
    10/15/2011 9:14:36 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume5'. It has stopped monitoring the volume.
    10/15/2011 12:36:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SCDEmu Tcpip vsdatant
    10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/15/2011 1:26:19 AM, error: Service Control Manager [7023] - The Boot Update service terminated with the following error: The specified module could not be found.
    10/15/2011 1:26:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Vodafone Mobile Broadband Service service to connect.
    10/15/2011 1:26:19 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: Access is denied.
    10/15/2011 1:26:19 AM, error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The system cannot find the file specified.
    10/15/2011 1:26:19 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the file specified.
    10/15/2011 1:22:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/15/2011 1:21:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    10/15/2011 1:03:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/14/2011 9:56:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SCDEmu Tcpip vsdatant
    10/14/2011 9:52:41 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
    An internal error occurred.
    10/14/2011 3:47:00 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB959426).
    10/14/2011 3:46:57 AM, error: NtServicePack [4373] - Windows XP KB959426 installation failed.
    An internal error occurred.
    10/14/2011 3:46:38 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB956572).
    10/14/2011 3:46:36 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
    An internal error occurred.
    10/12/2011 12:29:48 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    10/12/2011 12:29:48 PM, error: Dhcp [1002] - The IP address lease 41.31.75.24 for the Network Card with network address 001E101F3976 has been denied by the DHCP server 41.26.118.190 (The DHCP Server sent a DHCPNACK message).
    10/12/2011 12:25:24 PM, error: Dhcp [1002] - The IP address lease 41.27.7.149 for the Network Card with network address 001E101F3976 has been denied by the DHCP server 41.31.75.17 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================

    Thank you!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, let see if we can nail this down. Sorry I couldn't get to you sooner- internet went down at 1:30am this morning and only got it back up a 5pm- so I'm catching up!

    We have a lot to do and it's going to take a while> start with this:
    Comments and Questions
    1. Are you a Webmaster or developer?
    2. Do you need special Java programs for developing?
      It appear that you may have the wrong Java program running and there are several outdated versions.
    3. You are running 4 Registry cleaners. I recommend that you remove them all. We do not recommend registry cleaners to anyone:
      Registry Clean Expert
      Registry Cleaner 6.0.0.016
      Registry Mechanic 6.0
      TweakNow WinSecret 2011
      Window Washer> this should be included> it has overwriting and cleaning features that can easily make the system unbootable.
    4. You are using Avast for the antivirus and Zone Alarm for the firewall> is this correct?
    5. How much RAM do you have?
    ==========================================
    Download catchme.exe ( 137KB ) and save to your desktop.
    • Double click the catchme.exe to run it
    • Click the "Scan" button to start scan
      [​IMG]
    • Open catchme.log to see results

    Copy the log to Notepad, making sure that 'Word Wrap' is unchecked in Format. Then paste the log in your next reply.
    =========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    Download CKScanner and save to your desktop.
    • Double click CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    ============================================
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ============================================
    Please leave the following logs in your next reply:
    catchme
    Eset online virus scan
    CK scan
    Security Check

    Also, please address my questions & comments.
    There is a lot of work here- many entries need to be removed.
     
  3. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    Dear Bobbye

    Thank you for your time.
    Sorry for the delay, I was busy with work and ESET scan took forever...

    *Comments and Questions*

    '1. Are you a Webmaster or developer?'
    Yes, I am both.

    '2. Do you need special Java programs for developing?'
    I used to work in Java but not anymore. I un-installed old versions and installed only new JRE.

    '3. You are running 4 Registry cleaners. I recommend that you remove them all. We do not recommend registry cleaners to anyone:'
    I un installed them all

    '4. You are using Avast for the antivirus and Zone Alarm for the firewall> is this correct?'
    I was using Avast untill I needed to instal Service Pack 3. I discovered that Avast couldn't find threats and couldn't update so uninstalled it and installed a webroot.
    Now I installed new Avira. Following your instructions from first thread.
    I bought proffesional Zone Alarm firewall but it gave me some troubles and I unistalled it a couple of weeks after I sarted using it. I am aware that Zone Alarm still runs some processes on this comp but not sure how to remove it.

    '5. How much RAM do you have?'
    I have 4Gb of RAM but XP32bit detects only 3G

    -----------------------------------------------------------------------------------------------------
    -----------------------------------------------------------------------------------------------------

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-21 11:13:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nudypgcm]
    "DisplayName"="Boot Update"
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000000
    "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
    "ObjectName"="LocalSystem"
    "Description"="Allows error reporting for services and applictions running in non-standard environments."

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nudypgcm\Parameters]
    "ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nudypgcm]
    "DisplayName"="Boot Update"
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000000
    "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
    "ObjectName"="LocalSystem"
    "Description"="Allows error reporting for services and applictions running in non-standard environments."

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nudypgcm\Parameters]
    "ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nudypgcm]
    "DisplayName"="Boot Update"
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000000
    "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
    "ObjectName"="LocalSystem"
    "Description"="Allows error reporting for services and applictions running in non-standard environments."

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nudypgcm\Parameters]
    "ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nudypgcm]
    "DisplayName"="Boot Update"
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000000
    "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
    "ObjectName"="LocalSystem"
    "Description"="Allows error reporting for services and applictions running in non-standard environments."

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nudypgcm\Parameters]
    "ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\nudypgcm]
    "DisplayName"="Boot Update"
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000000
    "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
    "ObjectName"="LocalSystem"
    "Description"="Allows error reporting for services and applictions running in non-standard environments."

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\nudypgcm\Parameters]
    "ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ----------------------------------------------------------------------------------------------------
    ESET Online Scan


    C:\Documents and Settings\Vanja\Desktop\cnet_jre-7-windows-i586_exe.exe a variant of Win32/InstallCore.D application
    C:\Documents and Settings\Vanja\Local Settings\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\Cache\0F16BAEEd01 a variant of Win32/InstallCore.D application
    C:\Documents and Settings\Vanja\Local Settings\Temp\ICReinstall\cnet_jre-7-windows-i586_exe.exe a variant of Win32/InstallCore.D application

    ---------------------------------------------------------------------------------------------------

    *CKScanner* - is DOWN (link is not working!
    is there an alternative link?

    ----------------------------------------------------------------------------------------------------

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    CronoX 3 Bonus Presets
    ESET Online Scanner v3
    Adobe After Effects CS3 Presets
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Sun Java System Application Server 9.1 Update 2
    Java(TM) 7
    Adobe Flash Player 11.0.1.152
    Mozilla Firefox (3.6.13) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  4. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    CronoX 3 Bonus Presets
    ESET Online Scanner v3
    Adobe After Effects CS3 Presets
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Sun Java System Application Server 9.1 Update 2
    Java(TM) 7
    Adobe Flash Player 11.0.1.152
    Mozilla Firefox (3.6.13) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
    -----------------------------------------------------------------------------------
    for some reason Security check log was cut short. Here it is again.
    Thanx.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Hope we can get to the bottom of this problem.

    Link to the CK scan is working now. Please try again:
    http://downloads.malwareremoval.com/CKScanner.exe
    ------------------------------
    I find description of Crono 3 but not'bonus presets. Don't understand why it shows in the AV/FW section of Security Scan.
    ------------------------------
    Thank you for letting me know Java is up to v6u29! Time for me to update also. I don't allow any auto-updates. I put the v6u27 version in bbecause some users were getting v7 insttead. You did the right thing.
    ------------------------------
    Okay on my questions 1,2,3 and 5. For #4, I will remove any entries is find for Avast and ZoneAlarm. As for the problems you had with the security programs, understand that what you described is normal when there is malware. It does not mean the program is missing anything or that it isn't a good program.
    ===================================
    For the Eset entries: Stay away from CNet for your downloads. Try using program home sites if you can. All of the CNet downloads are returning variant of Win32/InstallCore.D application . Full name is "Generic PUP.x!sy!CCFDA4B04C4D".
    Many CNet users are complaining about this. In my opinion, no program should bundle some usually unrelated program with download without your knowledge and permission.
    -----------------------------
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Documents and Settings\Vanja\Desktop\cnet_jre-7-windows-i586_exe.exe 
      C:\Documents and Settings\Vanja\Local Settings\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\Cache\0F16BAEEd01 
      C:\Documents and Settings\Vanja\Local Settings\Temp\ICReinstall\cnet_jre-7-windows-i586_exe.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ====================================
    For malware in Java cache:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ========================================
    And malware in Firefox cache:
    Clear Firefox Cache
    1. Open Firefox> Click on Tools> Options
    2. Select the Advanced panel.
    3. Click on the Network tab
    4. In the Offline Storage section, click Clear Now.
    [​IMG]
    ================================
    catchme gave 5 entries for this, ControlSet001-5
    This is a matter of concern due to the GMER entry:
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!
    But I am not able to identify either Secvice in bold text. Can you help me out?
    =================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
     
  6. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    Okay. Great. Got that. Thanx.

    Now I try to download CK scan and it still does not work for me. I am in South Africa by the way. Maybe it's some location restriction or something like that.

    CronoX3, they are presets of sounds and maybe somebody packed something nasty in it.
    I don't know? I downloaded it a long time ago from different website than the publishers of CronoX.

    -------------------------------------------------------------------------------------------------------------

    All processes killed
    ========== FILES ==========
    File/Folder C:\Documents and Settings\Vanja\Desktop\cnet_jre-7-windows-i586_exe.exe not found.
    File/Folder C:\Documents and Settings\Vanja\Local Settings\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\Cache\0F16BAEEd01 not found.
    C:\Documents and Settings\Vanja\Local Settings\Temp\ICReinstall\cnet_jre-7-windows-i586_exe.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Vanja
    ->Temp folder emptied: 116909239 bytes
    ->Temporary Internet Files folder emptied: 2493540 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 103369168 bytes
    ->Google Chrome cache emptied: 40783514 bytes
    ->Flash cache emptied: 7280 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1167 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 215034526 bytes

    Total Files Cleaned = 457.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 10232011_092813

    Files moved on Reboot...
    C:\Documents and Settings\LocalService\Local Settings\Temp\Perflib_Perfdata_5d8.dat moved successfully.

    Registry entries deleted on Reboot...
    --------------------------------------------------------------------------------------------------------

    ComboFix 11-10-21.06 - Vanja 10/23/2011 10:23:58.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2425 [GMT 2:00]
    Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\4D
    c:\documents and settings\All Users\Application Data\4D\4D Write Prefs.RSR
    c:\documents and settings\All Users\Application Data\4D\4D Write\MasterWriter.RSR
    c:\documents and settings\All Users\Application Data\4D\EngV6Prf.RSR
    c:\documents and settings\All Users\Application Data\4D\tcp.opt
    c:\documents and settings\Vanja\Application Data\PriceGong
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Vanja\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Vanja\WINDOWS
    c:\driver\Files\Desktop.ini
    C:\test.txt
    C:\Thumbs.db
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\help\tours\htmltour\unlock_playing.htm
    c:\windows\iun6002.exe
    c:\windows\jestertb.dll
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\SW_Win2141X16.DLL
    c:\windows\system\COMDLG32.OCA
    c:\windows\system32\_000056_.tmp.dll
    c:\windows\system32\_004781_.tmp.dll
    c:\windows\system32\_004782_.tmp.dll
    c:\windows\system32\_004783_.tmp.dll
    c:\windows\system32\_004784_.tmp.dll
    c:\windows\system32\_004791_.tmp.dll
    c:\windows\system32\_004792_.tmp.dll
    c:\windows\system32\_004793_.tmp.dll
    c:\windows\system32\_004794_.tmp.dll
    c:\windows\system32\_004796_.tmp.dll
    c:\windows\system32\_004797_.tmp.dll
    c:\windows\system32\_004800_.tmp.dll
    c:\windows\system32\_004801_.tmp.dll
    c:\windows\system32\_004802_.tmp.dll
    c:\windows\system32\_004803_.tmp.dll
    c:\windows\system32\_004804_.tmp.dll
    c:\windows\system32\_004805_.tmp.dll
    c:\windows\system32\_004807_.tmp.dll
    c:\windows\system32\_004810_.tmp.dll
    c:\windows\system32\_004811_.tmp.dll
    c:\windows\system32\_004815_.tmp.dll
    c:\windows\system32\d3d9caps.dat
    c:\windows\system32\setup.ini
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_VCS
    -------\Service_Vcs
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
    2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
    2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-21 10:53 . 2011-10-21 10:53 -------- d-----w- c:\program files\ESET
    2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
    2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
    2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
    2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
    2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
    2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
    2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
    2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
    2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
    2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
    2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
    2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
    2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
    2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
    2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
    2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
    2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
    2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
    2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
    2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
    2011-10-14 20:57 . 2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
    2011-10-14 20:57 . 2011-10-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
    2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
    2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
    2011-10-14 19:55 . 2011-10-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
    2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
    2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-14 01:30 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-10-14 01:30 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-10-14 01:30 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-10-14 01:30 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2011-10-08 21:06 . 2011-10-08 21:06 -------- d-----w- c:\program files\TweakNow WinSecret 2011
    2011-10-08 21:06 . 2011-10-08 21:06 -------- d-----w- c:\documents and settings\Vanja\Application Data\TweakNow WinSecret 2011
    2011-10-08 20:45 . 2011-10-21 06:42 -------- d-----w- c:\program files\Registry Clean Expert
    2011-10-08 11:26 . 2011-10-08 11:26 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\conduitEngine
    2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
    2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
    2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
    2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
    2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
    2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2011-10-06 23:36 . 2011-10-06 23:36 -------- d-----w- c:\program files\The Free Blog Commenter
    2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
    2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
    2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
    2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
    2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
    2011-09-27 05:43 . 2011-09-27 05:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Trusteer
    2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
    2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 20:45 . 2009-12-14 16:46 199304 ------w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:37 . 2009-12-14 16:47 320856 ------w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2009-12-14 16:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2009-12-14 16:47 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2009-12-14 16:47 110552 ------w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-06 20:36 . 2009-12-14 16:47 104536 ------w- c:\windows\system32\drivers\aswmon.sys
    2011-09-06 20:36 . 2009-12-14 16:47 20568 ------w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 20:33 . 2009-12-14 16:47 30808 ------w- c:\windows\system32\drivers\aavmker4.sys
    2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 20:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
    "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
    backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\xampp\\apache\\bin\\httpd.exe"=
    "c:\\xampp\\mysql\\bin\\mysqld.exe"=
    "c:\\xampp\\MercuryMail\\mercury.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "1787:TCP"= 1787:TCP:ayxxx
    "8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/14/2009 6:47 PM 320856]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
    R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/14/2009 6:47 PM 20568]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
    R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [1/17/2011 9:24 PM 3608]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
    R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
    S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
    S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
    S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    nudypgcm
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003Core.job
    - c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
    .
    2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003UA.job
    - c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
    .
    2011-10-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
    FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
    FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    ------- File Associations -------
    .
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe
    AddRemove-Diff Doc_is1 - c:\program files\Softinterface
    AddRemove-Muon_Tau_Bassline_Mk2_VSTi_1.0 - c:\windows\iun6002.exe
    AddRemove-SpeechPitch - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-23 10:38
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
    "ServiceDll"="c:\windows\system32\zncoafm.dll"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1680)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    c:\program files\TortoiseSVN\bin\TortoiseStub.dll
    c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
    c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\System32\StkASv2K.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-23 10:50:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-23 08:50
    .
    Pre-Run: 41,676,595,200 bytes free
    Post-Run: 41,425,358,848 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
    - - End Of File - - 19A89573246C3DC9656097EF3E750CCA

    -----------------------------------------------------------------------------------------------------------------------

    About GMER entry:
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!

    Since ComboFix removed so many entries maybe I should scan again with GMER to see if this svchost.exe still runs before I start looking for another info?
    What do you think?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'd like to make a comment- hopefully it will be helpful to you:
    The system is filled with multiple entries for the AskBar. It also has multiple entries for uTorrent.
    The first is frequently prechecked on download screen or it comes bundled with unrelated software without your knowledge or permission. No matter how it got on the system, it should not be there.

    The second, uTorrent is for file sharing. This brings it's own risk for malware. As a Webmaster, you will design and develop Web sites. You will be responsible for the content and the people who hire you need to have confidence that you will consider their security and be knowledgeable of the content on the site.
    ---------------------------
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    FileLook::
    c:\windows\system32\drivers\PoXhhExr.sys
    c:\windows\system32\drivers\yxpXVpYF.sys
    c:\windows\system32\drivers\AdeMghWD.sys
    Folder::
    c:\program files\Registry Clean Expert
    c:\program files\TweakNow WinSecret 2011
    c:\documents and settings\Vanja\Application Data\TweakNow WinSecret 2011
    c:\program files\Registry Clean Expert
    c:\documents and settings\Vanja\Local Settings\Application Data\conduitEngine
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    There are 3 antivirus program on the system:
    2011-10-19 19:27 -------- d-----w- c:\program files\Avira
    2011-10-21 10:53 -------- d-----w- c:\program files\ESET
    2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
    Keep one, remove the other 2. If you want to try an AV program out, okay, but you can't leave them all on the system.
    Reboot computer when through
    =================================
    The Acrobat 8.0 is out of date and a vulnerability. Please update now:Adobe Reader site Make sure you have the most current update whic now is v10. Uninstall any earlier updates as they are vulnerabilities.
    ==================================
    Please download sUBs' SvcQuery.exe and save to your desktop.
    • Double click the file to Open
    • A window will open. When prompted to provide a service name, type in the following:
      nudypgcm
    • Press Enter
    • The tool will create a log. Please leave that in your next reply.
    ==================================
    Let's hold on running GMER again until I see the logs above.

    Please see for information about files sharing progrma and the risks you are taking:
    P2P or 'file sharing' Warning:
    Even if you are "safe" P2P program, it is only the program that is safe.:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
     
  8. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    B. Thank you for your time.

    I appreciate the comment.
    I guess getting too busy makes me think with my lower body.. if you know what I mean.
    I didn't know about AskBar, I think it came with the GOM player. Anyway, tried to unistall AskBar through Add remove programs but it's not there. The folder in program files Ask.com is there. Should I delete the folder?
    About the torrents I was aware of it (in a way). Now I removed all torrent clients. I'll stay away from it.

    The Acrobat is up to date.

    The combofix log I am posting but svcQuery.exe when I type that command (nudypgcm) just closes without creating any log?

    quote
    "There are 3 antivirus program on the system:"
    I unistalled Eset onLine Scanner.
    I uninstalled Avast and Webroot before I installed Avira. So thats strange that they still show as active antiVirus programs. Any suggestion there?

    Also is ZoeAlarm still running? I have to kill that to.

    I run blindly comboFix once before I did the other steps. I run it again this morning. Here's the log. (in this morning's log there was only one (Other Deletions) c:\windows\system32\d3d9caps.dat) but I pasted other entries from first log.
    ----------------------------------------------------------------------------------------------------------------------------

    ComboFix 11-10-27.03 - Vanja 10/27/2011 10:53:06.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2244 [GMT 2:00]
    Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Vanja\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Vanja\Application Data\TweakNow WinSecret 2011
    c:\documents and settings\Vanja\Local Settings\Application Data\conduitEngine
    c:\program files\Registry Clean Expert
    c:\program files\Registry Clean Expert\fixlog.ini
    c:\program files\Registry Clean Expert\master.ini
    c:\program files\Registry Clean Expert\UndoCenter\20111008225750A.cab
    c:\program files\Registry Clean Expert\UndoCenter\20111008230455A.cab
    c:\program files\Registry Clean Expert\UndoCenter\20111009064011A.cab
    c:\program files\Registry Clean Expert\UndoCenter\20111018001947A.cab
    c:\program files\Registry Clean Expert\UndoCenter\20111019000043A.cab
    c:\program files\TweakNow WinSecret 2011
    c:\program files\TweakNow WinSecret 2011\Blank.ico
    c:\program files\TweakNow WinSecret 2011\Convert_x86.dll
    c:\program files\TweakNow WinSecret 2011\ConvertTo.exe
    c:\program files\TweakNow WinSecret 2011\cpuidsdk.dll
    c:\program files\TweakNow WinSecret 2011\DLib.dll
    c:\program files\TweakNow WinSecret 2011\Help.chm
    c:\program files\TweakNow WinSecret 2011\msvcrt.dll
    c:\program files\TweakNow WinSecret 2011\sqlite3.dll
    c:\program files\TweakNow WinSecret 2011\Transparent.exe
    c:\program files\TweakNow WinSecret 2011\unins000.dat
    c:\program files\TweakNow WinSecret 2011\unins000.exe
    c:\program files\TweakNow WinSecret 2011\unins000.msg
    c:\program files\TweakNow WinSecret 2011\WinSecret.exe
    c:\windows\system32\d3d9caps.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-25 07:32 . 2011-10-25 07:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-10-24 21:09 . 2011-10-27 08:33 -------- d-----w- c:\documents and settings\Vanja\.seospyglass
    2011-10-24 21:07 . 2011-10-24 21:09 -------- d-----w- c:\program files\SEO PowerSuite
    2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
    2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
    2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-21 10:53 . 2011-10-21 10:53 -------- d-----w- c:\program files\ESET
    2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
    2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-10-19 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-10-19 18:07 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
    2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
    2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
    2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
    2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
    2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
    2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
    2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
    2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
    2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
    2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
    2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
    2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
    2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
    2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
    2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
    2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
    2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
    2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
    2011-10-14 20:57 . 2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
    2011-10-14 20:57 . 2011-10-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
    2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-14 20:08 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
    2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
    2011-10-14 19:55 . 2011-10-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
    2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
    2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-14 01:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-10-14 01:36 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-14 01:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
    2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
    2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
    2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
    2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
    2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2011-10-06 23:36 . 2011-10-06 23:36 -------- d-----w- c:\program files\The Free Blog Commenter
    2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
    2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
    2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
    2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
    2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
    2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 20:45 . 2009-12-14 16:46 199304 ------w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:37 . 2009-12-14 16:47 320856 ------w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2009-12-14 16:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2009-12-14 16:47 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2009-12-14 16:47 110552 ------w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-06 20:36 . 2009-12-14 16:47 104536 ------w- c:\windows\system32\drivers\aswmon.sys
    2011-09-06 20:36 . 2009-12-14 16:47 20568 ------w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 20:33 . 2009-12-14 16:47 30808 ------w- c:\windows\system32\drivers\aavmker4.sys
    2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\drivers\AdeMghWD.sys ---
    Company: NVIDIA Corporation
    File Description: NVIDIA® nForce(TM) IDE Performance Driver
    File Version: 5.10.2600.0654 built by: WinDDK
    Product Name: NVIDIA nForce(TM) IDE Driver
    Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
    Original Filename: nvatabus.sys
    File size: 99840
    Created time: 2011-10-14 22:32
    Modified time: 2006-03-16 10:51
    MD5: B7FB72492B753930EC70A0F49D04F12F
    SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
    .
    .
    --- c:\windows\system32\drivers\PoXhhExr.sys ---
    Company: NVIDIA Corporation
    File Description: NVIDIA® nForce(TM) IDE Performance Driver
    File Version: 5.10.2600.0654 built by: WinDDK
    Product Name: NVIDIA nForce(TM) IDE Driver
    Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
    Original Filename: nvatabus.sys
    File size: 99840
    Created time: 2011-10-14 21:25
    Modified time: 2006-03-16 10:51
    MD5: B7FB72492B753930EC70A0F49D04F12F
    SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
    .
    .
    --- c:\windows\system32\drivers\yxpXVpYF.sys ---
    Company: NVIDIA Corporation
    File Description: NVIDIA® nForce(TM) IDE Performance Driver
    File Version: 5.10.2600.0654 built by: WinDDK
    Product Name: NVIDIA nForce(TM) IDE Driver
    Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
    Original Filename: nvatabus.sys
    File size: 99840
    Created time: 2011-10-14 23:03
    Modified time: 2006-03-16 10:51
    MD5: B7FB72492B753930EC70A0F49D04F12F
    SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-23_08.40.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-10-27 08:40 . 2011-10-27 08:40 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
    + 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    + 2006-10-23 07:08 . 2006-10-23 07:08 62080 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\AcroIEHelper.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 214512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\icudt26l.dat
    + 2011-10-27 08:17 . 2011-10-27 08:17 2295808 c:\windows\Installer\f9bc401.msi
    + 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\f9bc402.msp
    + 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 20:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
    "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
    backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\xampp\\apache\\bin\\httpd.exe"=
    "c:\\xampp\\mysql\\bin\\mysqld.exe"=
    "c:\\xampp\\MercuryMail\\mercury.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "1787:TCP"= 1787:TCP:ayxxx
    "8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/14/2009 6:47 PM 320856]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
    R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/14/2009 6:47 PM 20568]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
    R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [1/17/2011 9:24 PM 3608]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
    R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
    S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
    S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
    S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    nudypgcm
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003Core.job
    - c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003UA.job
    - c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
    .
    2011-10-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
    FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
    FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-27 11:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
    "ServiceDll"="c:\windows\system32\zncoafm.dll"
    .
    Completion time: 2011-10-27 11:15:15
    ComboFix-quarantined-files.txt 2011-10-27 09:15
    ComboFix2.txt 2011-10-25 09:44
    ComboFix3.txt 2011-10-23 08:50
    .
    Pre-Run: 90,013,208,576 bytes free
    Post-Run: 89,979,277,312 bytes free
    .
    Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
    - - End Of File - - E7538DDE668F3EA428435F03BBDC5CFC
     
  9. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    I forgot to tell you I uninstalled ESET only after I've run the comboFix...
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Adobe still shows v8. Please update to v10: Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
    =====================================
    Be sure you have updated Adobe Reader to v10- before you run the following. I am, removing Adobe v8 entries that are still on the system:
    ======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    FileLook::
    c:\windows\system32\drivers\NimNgDyH.sys
    c:\windows\system32\drivers\hWFQUZld.sys
    c:\windows\system32\drivers\QjflunoG.sys
    c:\windows\system32\drivers\sLJlbcjN.sys
    DDS::
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    I have included registry entry remaining for the Ask.com. There is also a Task Scheduled for Ask up date which needs to be stopped:Since you're in the business so to speak, check out this information: http://www.benedelman.org/spyware/ask-toolbars/

    Any Ask entries, whether Ask'bar' of other should be uninstalled in Add/Remove Programs, unchecked on the Startup menu and, program files be uninstalled/deleted.

    To remove Ask Update in Scheduled Tasks
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do the following:
    • To delete a task> right-click the task> click Delete.
      [o]c:\program files\Ask.com\UpdateTask.exe
    -------------------------------------------
    Be aware that many download screens have Ask.com or similar pre-checked and it should be unchecked before the download. So far, no one I know of has actually downloaded this intentionally and once in a system, can be difficult to fully remove.
    ========================================
    Reboot the computer when through , then run HijackThis:

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ========================================
    I am still concerned about this NetSrvc which I cannot identify and what is mentioned in GMER as a rootkit> so You are going to try to identify it: You will have to set hidden files and folders to show as follows:
    Show Hidden Folders/Files
    • Open My Computer.
      [*] Go to Tools > Folder Options.
      [*] Select the View tab.
      [*] Scroll down to Hidden files and folders.
      [*] Select Show hidden files and folders.
      [*] Uncheck Hide extensions of known file types.
      [*] Uncheck Hide protected operating system files (Recommended).
      [*] Click Yes when prompted.
      [*] Click OK.
      [*] Close My Computer.

    ----------------------------------
    Now go on with the following
    1. Click Start> Run> type icmd> enter>
    2. At the blinking C prompt type in the following:

      tasklist /svc /fi "imagename eq svchost.exe"
    3. Press enter.
    4. You will see a list of the processes on your computer as well as the services that a SVCHOST.EXE process is managing
    .
    This can be seen in the image below.
    [​IMG]

    When you have finished the above, please go back to Folder Options> View tab> Check 'don't show hidden files and folders> Check 'hide protected system files'(Recommended)> OK> Apply> OK
    ====================================
    We'll see if you can come up with anything.

    The entry in GMER is:
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!


    The Registry entry in Combofix is:
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
    "ServiceDll"="c:\windows\system32\zncoafm.dll

    And the Service entry is:
    S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    It is stopped, 2=Regular start "Auto" enabled.

    The fact that I can't identify either of the 2 process names is of concern and it has date from 2004..
    =================================
    Please give me an update on how the system is running now
     
  11. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    Adobe reader is definately 10.1.1
    I think Adobe Acrobat Pro 8 was showing.

    Hmm.. very sneaky from Ask.com
    I found today the Ask with Gom player in my add-remove programs and uninstalled it.

    There wasn't any Ask Updates in Scheduled Tasks.

    ComboFix Log
    ======================================

    ComboFix 11-10-27.06 - Vanja 10/27/2011 22:31:34.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2187 [GMT 2:00]
    Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Vanja\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    c:\windows\system32\d3d9caps.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-27 20:24 . 2011-10-27 20:24 -------- d-----w- C:\HijackThis
    2011-10-27 10:48 . 2011-10-27 11:53 -------- d-----w- c:\documents and settings\Vanja\.ranktracker
    2011-10-25 07:32 . 2011-10-25 07:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-10-24 21:09 . 2011-10-27 08:33 -------- d-----w- c:\documents and settings\Vanja\.seospyglass
    2011-10-24 21:07 . 2011-10-24 21:09 -------- d-----w- c:\program files\SEO PowerSuite
    2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
    2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
    2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-21 10:53 . 2011-10-21 10:53 -------- d-----w- c:\program files\ESET
    2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
    2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-10-19 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-10-19 18:07 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
    2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
    2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
    2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
    2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
    2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
    2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
    2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
    2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
    2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
    2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
    2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
    2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
    2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
    2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
    2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
    2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
    2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
    2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
    2011-10-14 20:57 . 2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
    2011-10-14 20:57 . 2011-10-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
    2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-14 20:08 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
    2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
    2011-10-14 19:55 . 2011-10-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
    2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
    2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-14 01:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-10-14 01:36 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-14 01:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
    2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
    2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
    2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
    2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
    2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
    2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
    2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
    2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
    2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
    2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 20:45 . 2009-12-14 16:46 199304 ------w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:37 . 2009-12-14 16:47 320856 ------w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2009-12-14 16:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2009-12-14 16:47 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2009-12-14 16:47 110552 ------w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-06 20:36 . 2009-12-14 16:47 104536 ------w- c:\windows\system32\drivers\aswmon.sys
    2011-09-06 20:36 . 2009-12-14 16:47 20568 ------w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 20:33 . 2009-12-14 16:47 30808 ------w- c:\windows\system32\drivers\aavmker4.sys
    2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\drivers\hWFQUZld.sys ---
    Company: NVIDIA Corporation
    File Description: NVIDIA® nForce(TM) IDE Performance Driver
    File Version: 5.10.2600.0654 built by: WinDDK
    Product Name: NVIDIA nForce(TM) IDE Driver
    Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
    Original Filename: nvatabus.sys
    File size: 99840
    Created time: 2011-10-19 02:37
    Modified time: 2006-03-16 10:51
    MD5: B7FB72492B753930EC70A0F49D04F12F
    SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
    .
    .
    --- c:\windows\system32\drivers\NimNgDyH.sys ---
    Company: NVIDIA Corporation
    File Description: NVIDIA® nForce(TM) IDE Performance Driver
    File Version: 5.10.2600.0654 built by: WinDDK
    Product Name: NVIDIA nForce(TM) IDE Driver
    Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
    Original Filename: nvatabus.sys
    File size: 99840
    Created time: 2011-10-19 17:40
    Modified time: 2006-03-16 10:51
    MD5: B7FB72492B753930EC70A0F49D04F12F
    SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
    .
    .
    --- c:\windows\system32\drivers\QjflunoG.sys ---
    Company: NVIDIA Corporation
    File Description: NVIDIA® nForce(TM) IDE Performance Driver
    File Version: 5.10.2600.0654 built by: WinDDK
    Product Name: NVIDIA nForce(TM) IDE Driver
    Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
    Original Filename: nvatabus.sys
    File size: 99840
    Created time: 2011-10-18 21:18
    Modified time: 2006-03-16 10:51
    MD5: B7FB72492B753930EC70A0F49D04F12F
    SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
    .
    .
    --- c:\windows\system32\drivers\sLJlbcjN.sys ---
    Company: NVIDIA Corporation
    File Description: NVIDIA® nForce(TM) IDE Performance Driver
    File Version: 5.10.2600.0654 built by: WinDDK
    Product Name: NVIDIA nForce(TM) IDE Driver
    Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
    Original Filename: nvatabus.sys
    File size: 99840
    Created time: 2011-10-17 22:50
    Modified time: 2006-03-16 10:51
    MD5: B7FB72492B753930EC70A0F49D04F12F
    SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-23_08.40.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-10-27 08:40 . 2011-10-27 08:40 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
    + 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    + 2006-10-23 07:08 . 2006-10-23 07:08 62080 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\AcroIEHelper.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 214512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\icudt26l.dat
    + 2011-10-27 08:17 . 2011-10-27 08:17 2295808 c:\windows\Installer\f9bc401.msi
    + 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\f9bc402.msp
    + 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 20:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
    "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
    backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\xampp\\apache\\bin\\httpd.exe"=
    "c:\\xampp\\mysql\\bin\\mysqld.exe"=
    "c:\\xampp\\MercuryMail\\mercury.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "1787:TCP"= 1787:TCP:ayxxx
    "8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/14/2009 6:47 PM 320856]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
    R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/14/2009 6:47 PM 20568]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
    R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
    S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
    S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
    S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - port_nt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    nudypgcm
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
    FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
    FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-27 22:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
    "ServiceDll"="c:\windows\system32\zncoafm.dll"
    .
    Completion time: 2011-10-27 22:54:50
    ComboFix-quarantined-files.txt 2011-10-27 20:54
    ComboFix2.txt 2011-10-27 09:15
    ComboFix3.txt 2011-10-25 09:44
    ComboFix4.txt 2011-10-23 08:50
    .
    Pre-Run: 98,456,395,776 bytes free
    Post-Run: 98,475,024,384 bytes free
    .
    Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
    - - End Of File - - A16EA4E2175C63DF3AA84033E11E239E

    ======================================
    HijackThis gave me an error, I just clicked Ok and it went on.

    http://www.techspot.com/vb/attachment.php?attachmentid=71174&stc=1&d=1319751405


    ======================================

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:11:42 PM, on 10/27/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\MAFWTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1318581580750
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
    O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10253 bytes

    =================================
    I am not sure what these procesess are but you might have an idea.
    Edit for magic!
    [​IMG]
    =================================

    System is running very well. I don't remember since when this comp was working this smooth. It used to restart every now and then, and to freeze and I thought the hard drive is going to go off. I have a 10mb connection and it used to get stucked, no flow for a 15-20min then it would start very slow and I would have to reboot to get it working properly again.
    So yes, it running excelent now.
    :)
     

    Attached Files:

  12. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    That
    S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
    might be a process for BIOS update I ran back then. But I can't be sure...
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I started this earlier today and got called away before I could post! Did you see the 'magic'?

    To leave the image itself, instead of using , use [img].....[/img]- or- copy th...nner.exe][b][color=blue]CKScanner[/b][/color] and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    The link is working. I don't think your location matters. If it doesn't work, please let me know where the problem is> Download? Scan? Error message? Or other.
    =====================================
    Avast is still on the system:Uninstall:Avast Removal
    ====================================
    Please reopen Hijackthis to 'do system scan only.' Check each of the following, if present:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    Close all Windows except HijackThis and click on "Fix Checked"
    ========================================
    Zone Alarm should have it's own uninstaller. Pause mouse over the program in All Programs and see if uninstaller is available. If it isn't:
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    This is a Service that is part of the program:
    O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Click on Start> Run> type in services.msc> enter> double click on either TrueVetor or vsmon, however it appears> Change Startup Type to Disabled> Stop the Service.
    While still in Safe Mode, find the process on the Startup Menu and uncheck it.
    Complete the uninstallation, then use Windows explorer to delete the program folder.

    Advise you use a firewall. Possibly Comodo or Bit Defender.
    =====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\program files\AVAST Software
    c:\documents and settings\All Users\Application Data\AVAST Software
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please check the NVidia site for current drivers- possible updates. You have drivers from 2006, Original Filename: nvatabus.sys
    File size: 99840, Modified time: 2006-03-16 10:51, all with unidentifiable strings such as:
    ============================================
    I'm glad the system is working well. Your idea that the Services was a BIOS update sounds reasonable. I haven't found any flags on the name and since the problems hjave been resolved, I'm going to leave the entry.

    We're almost finished!
     
  14. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    No, I haven't seen the 'magic'... unfortunately
    You know, I am a prize winner for the cure of frozen computers. I came up with an idea "just throw it out of window and call customer service".
    Any way
    no worries for Adobe Acrobat Pro... I will reinstall if I need it, probably not.

    ====================================

    NO Download of CKScanner for me. :( I tried from several comps from my office and still nothing - get 'The connection has timed out page') If it's important maybe I can be so rude to ask you to email it to me?

    Did unistall Avast with the tool you suggested in a Safe Mode.

    HijackThis fix done and I checked again and the entries are not there anymore.

    Zone alarm wasn't in all programs. I did safe mode stoping the service thing.

    ComboFix done and here's the log

    Nvidia doesn't have any major updates to the one I already have.

    ====================================

    ComboFix 11-11-01.01 - Vanja 11/01/2011 7:25.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2310 [GMT 2:00]
    Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Vanja\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\AVAST Software
    c:\windows\system32\d3d9caps.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-27 20:24 . 2011-11-01 04:52 -------- d-----w- C:\HijackThis
    2011-10-27 10:48 . 2011-10-27 11:53 -------- d-----w- c:\documents and settings\Vanja\.ranktracker
    2011-10-25 07:32 . 2011-10-25 07:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-10-24 21:09 . 2011-10-27 08:33 -------- d-----w- c:\documents and settings\Vanja\.seospyglass
    2011-10-24 21:07 . 2011-10-24 21:09 -------- d-----w- c:\program files\SEO PowerSuite
    2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
    2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
    2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
    2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
    2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-10-19 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-10-19 18:07 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
    2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
    2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
    2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
    2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
    2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
    2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
    2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
    2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
    2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
    2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
    2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
    2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
    2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
    2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
    2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
    2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
    2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
    2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
    2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
    2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
    2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
    2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-14 20:08 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
    2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
    2011-10-14 19:55 . 2011-11-01 05:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
    2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
    2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-14 01:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-10-14 01:36 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-14 01:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
    2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
    2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
    2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
    2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
    2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
    2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
    2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
    2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
    2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
    2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-23_08.40.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-01 05:09 . 2011-11-01 05:09 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
    + 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    + 2006-10-23 07:08 . 2006-10-23 07:08 62080 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\AcroIEHelper.dll
    + 2004-08-04 12:00 . 2011-10-31 07:40 728114 c:\windows\system32\perfh009.dat
    + 2004-08-04 12:00 . 2011-10-31 07:40 175018 c:\windows\system32\perfc009.dat
    + 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 214512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\icudt26l.dat
    + 2011-10-27 08:17 . 2011-10-27 08:17 2295808 c:\windows\Installer\f9bc401.msi
    + 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\f9bc402.msp
    + 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
    "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
    backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\xampp\\apache\\bin\\httpd.exe"=
    "c:\\xampp\\mysql\\bin\\mysqld.exe"=
    "c:\\xampp\\MercuryMail\\mercury.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "1787:TCP"= 1787:TCP:ayxxx
    "8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
    R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
    R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
    R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
    S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
    S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
    S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    nudypgcm
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
    FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
    FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-01 07:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
    "ServiceDll"="c:\windows\system32\zncoafm.dll"
    .
    Completion time: 2011-11-01 07:47:54
    ComboFix-quarantined-files.txt 2011-11-01 05:47
    ComboFix2.txt 2011-10-27 20:54
    ComboFix3.txt 2011-10-27 09:15
    ComboFix4.txt 2011-10-25 09:44
    ComboFix5.txt 2011-11-01 05:24
    .
    Pre-Run: 97,990,053,888 bytes free
    Post-Run: 97,958,645,760 bytes free
    .
    - - End Of File - - A87F573175E8668279EF300B9D05B7E4
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The only questionable entries are still the ones that are suppose to apply to Nvidia.:

    c:\windows\system32\drivers\sLJlbcjN.sys
    c:\windows\system32\drivers\AdeMghWD.sys
    c:\windows\system32\drivers\NimNgDyH.sys
    c:\windows\system32\drivers\hWFQUZld.sys
    ---------------------------------------------------------------------
    Since you cannot run the CK scan, please do the following:
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
     
  16. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    Ok, here it is.

    XP pro SP2 purchased 2003 I think...


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-******-*****-*****
    Windows Product Key Hash: **************************
    Windows Product ID: ******-OEM-*******-*****
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {EF9C0309-DEAC-4C7B-89C1-E660549EFFAB}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.40.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.9.40.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft


    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{********************************************}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YVFXY</PKey><PID>******-OEM-*******-*****</PID><PIDType>3</PIDType><SID>S-1-5-21-1229272821-1364589140-839522115</SID><SYSTEM><Manufacturer>WinFast</Manufacturer><Model>6100M2MA</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20070127000000.000000+000</Date><SLPBIOS>GIGABYTE</SLPBIOS></BIOS><HWID>83293B770184CE78</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>GIGABYTE</name><model>G-MAX SYSTEM PRODUCT</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{***********************************}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57104</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: no
    Marker string from BIOS: N/A
    Marker string from OEMBIOS.DAT: GIGABYTE

    OEM Activation 2.0 Data-->
    N/A
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It appears that either the Activation Key is not correct or that it has been used too many times. You will need to contact the Microsoft Activation department. I am told that if you don't reply to the canned answer, it will force a live person to answer.

    OEM Activation 1.0 Data-->
    BIOS string matches: no
    Marker string from BIOS: N/A
    Marker string from OEMBIOS.DAT: GIGABYTE

    Volume License Key (VLK) on their computer that has either been blocked by Microsoft or generated by a fake product key code generator.
    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003

    An Unauthorized change was made to windows.
     
  18. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    I contacted them immediately I am busy updating the office. Put a new activation code they gave me. Will postas soon this thing finishes updating.
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, good. Ask about the BIOS match also.
     
  20. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    downloading updates 19% :)
     
  21. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    what Bios match?
     
  22. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    what is wrong with Bios match?
     
  23. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    Okay I did a new genuine diagnostic tool scan

    Is that wrong Bios match still there?
    It got after office hours. I hope that fixed it if no please advise.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-XC89G-XHCXC-YVFXY
    Windows Product Key Hash: AiR+Gxd/1O7BarFmRet7fw1xFoE=
    Windows Product ID: 76487-OEM-2262101-60892
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {EF9C0309-DEAC-4C7B-89C1-E660549EFFAB}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.40.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.9.40.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{EF9C0309-DEAC-4C7B-89C1-E660549EFFAB}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YVFXY</PKey><PID>76487-OEM-2262101-60892</PID><PIDType>3</PIDType><SID>S-1-5-21-1229272821-1364589140-839522115</SID><SYSTEM><Manufacturer>WinFast</Manufacturer><Model>6100M2MA</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20070127000000.000000+000</Date><SLPBIOS>GIGABYTE</SLPBIOS></BIOS><HWID>83293B770184CE78</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>GIGABYTE</name><model>G-MAX SYSTEM PRODUCT</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: no
    Marker string from BIOS: N/A
    Marker string from OEMBIOS.DAT: GIGABYTE

    OEM Activation 2.0 Data-->
    N/A
     
  24. vlad097

    vlad097 TS Rookie Topic Starter Posts: 23

    Ok this is what I did.
    I downloaded this tool
    Windows Product Key Update Tool.

    found here
    http://windows.microsoft.com/en-US/windows/help/genuine/product-key


    to see if I got right activation code on this machine.

    it gave me this pop up.

    [​IMG]

    I have to wait to talk to microsoft support guys tomorrow. I just don't want to hear that I have to re install windows. If you are in any doubt, you can send my email to any one who's interested to see the invoice for my windows. Just lemme know...

    I'll update tomorow...
     

    Attached Files:

  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am going to unsubscribe to this thread and work from the board. Every reply you make- whether it's 2 words or 2 paragraphs generates an email feedback to me>>>

    ALL of these could have gone into 1 post! All made in the last 4 hours:

    1. what Bios match?

    2. what is wrong with Bios match?

    3. Okay I did a new genuine diagnostic tool scan

    4. Ok this is what I did.

    5. downloading updates 19%

    Learn how to use the edit feature. For someone who want to be a webmaster, you don't seem to be very aware of how things work!
    -----------------------------------------
    Regarding the 'BIOS Match':
    The hidden files I had you run catchme for were:
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nudypgcm\Parameters]
    "ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nudypgcm]
    "DisplayName"="Boot Update"
    "Description"="Allows error reporting for services and applications running in non-standard environments."

    You suggested that the nudypgcm Service displying as 'Boot Updte' could be for a BIOS update you did previously:

    However, per the DX program:
    OEM Activation 1.0 Data-->
    BIOS string matches: no
    Marker string from BIOS: N/A
    Marker string from OEMBIOS.DAT: GIGABYTE
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...