[Closed] Attn: Bobbye - Malware preventing updating

vlad097 · Oct 19, 2011

Bobbye -
Leave this reference for me of this:

https://www.techspot.com/vb/newintopic172242.html

-----------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7974

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/19/2011 8:54:31 PM
mbam-log-2011-10-19 (20-54-31).txt

Scan type: Quick scan
Objects scanned: 210554
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-19 20:59:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000078 WDC_WD3200AAJS-00RYA0 rev.12.01B01
Running: wq522u19.exe; Driver: C:\DOCUME~1\Vanja\LOCALS~1\Temp\uxtdypow.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 8ABE2670
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 8ABE2670

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

----------------------------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Run by Vanja at 21:02:40 on 2011-10-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2145 [GMT 2:00]
.
FW: ZoneAlarm Pro Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [MAFWTaskbarApp] c:\windows\system32\MAFWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318581580750
DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0} : NameServer = 196.41.124.10,196.41.124.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vanja\application data\mozilla\firefox\profiles\58av3o94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\vanja\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\vanja\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\vanja\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.1_01\bin\NPOJI610.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJPI141_01.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\wrkrn.sys --> c:\windows\system32\drivers\WRkrn.sys [?]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2008-11-4 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-14 320856]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-4 353672]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2008-11-4 111768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-14 20568]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2011-1-17 3608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2009-6-2 6852]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2011-10-8 598856]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2008-11-4 5337]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-11-4 33792]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-10-7 73344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]
S2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashserv.exe" --> c:\program files\alwil software\avast4\ashServ.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 WRSVC;WRSVC;"c:\program files\webroot\wrsa.exe" -service --> c:\program files\webroot\WRSA.exe [?]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [2008-11-4 17835]
S3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashmaisv.exe" /service --> c:\program files\alwil software\avast4\ashMaiSv.exe [?]
S3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashwebsv.exe" /service --> c:\program files\alwil software\avast4\ashWebSv.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-10-7 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-10-7 237440]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-7-22 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2011-10-19 17:40:41 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
2011-10-19 02:37:57 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
2011-10-18 23:12:06 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-10-18 23:12:06 79872 ------w- c:\windows\system32\msxml6r.dll
2011-10-18 23:12:06 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-10-18 23:12:06 1372672 ------w- c:\windows\system32\msxml6.dll
2011-10-18 23:10:00 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-10-18 23:08:09 19569 ----a-w- c:\windows\003114_.tmp
2011-10-18 21:18:35 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
2011-10-18 20:25:57 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-10-18 20:25:57 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-10-18 20:25:57 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-10-18 20:25:57 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-18 20:25:57 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-10-18 20:25:57 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-10-18 20:25:57 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-10-18 20:25:57 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-10-18 20:24:50 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2011-10-18 20:24:46 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2011-10-18 20:24:45 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-18 20:24:42 265728 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-18 20:24:40 409088 ----a-w- c:\windows\system32\qmgr.dll
2011-10-18 20:24:40 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2011-10-18 20:24:37 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-10-18 20:22:59 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-10-18 17:19:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 17:19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 22:50:16 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
2011-10-17 21:44:19 -------- d-----w- C:\_OTM
2011-10-17 08:24:03 1409 ----a-w- c:\windows\QTFont.for
2011-10-16 18:02:52 -------- d-----w- c:\documents and settings\all users\Keyword Elite 2.0
2011-10-16 18:01:00 -------- d-----w- c:\program files\Keyword Elite 2.0
2011-10-15 10:20:41 102400 ----a-w- c:\windows\system32\bclnap.dll
2011-10-15 10:20:40 3080192 ----a-w- c:\windows\system32\beconvlib.dll
2011-10-15 10:20:40 282624 ----a-w- c:\windows\system32\bprgcomm.dll
2011-10-15 10:20:40 208896 ----a-w- c:\windows\system32\beconv.dll
2011-10-15 00:06:09 -------- d-sh--w- c:\documents and settings\vanja\PrivacIE
2011-10-15 00:06:04 -------- d-sh--w- c:\documents and settings\vanja\IECompatCache
2011-10-14 23:30:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-14 23:30:30 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-10-14 23:03:42 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
2011-10-14 22:32:09 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
2011-10-14 21:25:00 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
2011-10-14 20:57:51 -------- d-----w- c:\program files\AVAST Software
2011-10-14 20:57:29 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-14 20:44:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-14 20:11:37 -------- d-sh--w- c:\documents and settings\vanja\IETldCache
2011-10-14 20:09:04 -------- d-----w- c:\windows\ie8updates
2011-10-14 20:08:54 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-14 20:08:54 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-14 20:08:54 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-14 20:08:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-14 20:08:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-14 20:08:53 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-14 20:08:53 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-14 20:08:09 -------- dc-h--w- c:\windows\ie8
2011-10-14 02:09:13 -------- d-----w- c:\program files\MSXML 4.0
2011-10-14 01:48:09 -------- d-----w- c:\windows\ServicePackFiles
2011-10-14 01:41:41 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-14 01:38:12 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-14 01:37:42 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-10-14 01:36:23 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-14 01:36:23 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-14 01:36:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-14 01:28:52 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-14 01:27:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-14 01:27:22 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-14 01:24:46 -------- d-----w- c:\windows\system32\PreInstall
2011-10-14 01:24:44 -------- d--h--w- c:\windows\$hf_mig$
2011-10-14 01:19:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-10-13 21:09:12 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-08 21:17:17 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-10-08 21:17:12 -------- d-----w- c:\program files\Security Task Manager
2011-10-08 21:14:01 -------- d-----w- c:\documents and settings\vanja\application data\Webroot
2011-10-08 21:14:00 -------- d-----w- c:\program files\Webroot
2011-10-08 21:14:00 -------- d-----w- c:\program files\common files\Webroot Shared
2011-10-08 21:14:00 -------- d-----w- c:\documents and settings\all users\application data\Webroot
2011-10-08 21:13:53 194888 ----a-w- c:\windows\Unwash6.exe
2011-10-08 21:06:47 -------- d-----w- c:\program files\TweakNow WinSecret 2011
2011-10-08 21:06:47 -------- d-----w- c:\documents and settings\vanja\application data\TweakNow WinSecret 2011
2011-10-08 20:45:47 -------- d-----w- c:\program files\Registry Clean Expert
2011-10-08 11:26:55 -------- d-----w- c:\documents and settings\vanja\local settings\application data\conduitEngine
2011-10-07 17:43:49 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-10-07 17:20:20 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
2011-10-07 17:08:11 -------- d-----w- c:\documents and settings\vanja\local settings\application data\PCHealth
2011-10-07 17:03:32 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2011-10-07 17:03:28 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-07 17:02:26 -------- d-----w- c:\documents and settings\all users\application data\Vodafone
2011-10-06 23:36:24 -------- d-----w- c:\program files\The Free Blog Commenter
2011-10-03 21:43:28 -------- d-----w- c:\program files\Webmaster Organizer
2011-10-03 21:42:01 -------- d-----w- c:\documents and settings\vanja\application data\SeoOganizer
2011-10-03 21:39:56 -------- d-----w- c:\documents and settings\vanja\application data\GetRightToGo
2011-10-03 20:17:52 -------- d-----w- c:\documents and settings\vanja\application data\Efficient Password Manager
2011-10-03 20:17:50 -------- d-----w- c:\program files\Efficient Password Manager
2011-09-25 17:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-21 07:35:54 4566176 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-09-21 00:17:03 1112288 ----a-r- c:\windows\system32\wdfcoinstaller01007.dll
2011-09-21 00:14:45 -------- d-----w- c:\documents and settings\vanja\local settings\application data\{B689FAC8-84A4-4175-9624-A6C800238679}
.
==================== Find3M ====================
.
2011-10-15 10:24:09 51 ----a-w- c:\windows\SW_Win2141X16.DLL
2011-10-12 16:48:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-21 06:05:44 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
2009-11-19 19:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-19 19:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
.
============= FINISH: 21:04:03.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/4/2008 7:36:51 PM
System Uptime: 10/19/2011 7:50:33 PM (2 hours ago)
.
Motherboard: WinFast | | 6100M2MA
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2210/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 89.161 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek AC'97 Audio
Device ID: PCI\VEN_10DE&DEV_026B&SUBSYS_0D04105B&REV_A2\3&2411E6FE&0&82
Manufacturer: Realtek
Name: Realtek AC'97 Audio
PNP Device ID: PCI\VEN_10DE&DEV_026B&SUBSYS_0D04105B&REV_A2\3&2411E6FE&0&82
Service: ALCXWDM
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&8A1373E&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&8A1373E&0&01
Service: NVENETFD
.
==== System Restore Points ===================
.
RP1: 10/19/2011 7:59:08 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
3herosoft DVD Ripper Platinum
4Front E-Piano Module 1.0 VSTi
4Front Piano Module 1.0 VSTi
4Front Rhode 1.0 VSTi
ABC Amber LIT Converter
Abrosoft FantaMorph 4.1
ACE Mega CoDecS Pack
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Flex Builder 3
Adobe Flex Builder 3 Plug-in
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 3.3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Font Viewer 2.3
AHV content for Acrobat and Flash
AKAI professional DCVocoder 1.0
Alcohol 120%
ALi USB2.0 Driver
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Image Doctor 1.0
Alien Skin Xenofex 2.0
Antares Tube VST v1.02
Any DVD Cloner Platinum 1.0.5
Apache Tomcat 6.0 (remove only)
Apophysis 2.0
Artisteer 2
Arturia CS-80V v1.1
Arturia Modular System v1.0
ASAPI Update
Ask Toolbar
Astrobelt 1.0
Atmosphere
Autodesk Backburner 2011.0.0
Autodesk DirectConnect 2010 R1
Autodesk MatchMover 2011 32-bit
Autodesk Maya 2011 32-bit
Autodesk Maya 2011 English Documentation 32-bit
AV Voice Changer Software 3.0.89
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Axialis IconWorkshop 6.50
Better File Rename 5.3.1
Beyond Compare Version 3.0.15
BitLord 1.1
BODYPAINT 3D
Brain Teasers
Cakewalk Pro Audio 9
calibre
CameraHelperMsi
Camtasia Studio 6
Canon CanoScan Toolbox 4.1
Chromatica
CleanUp!
Composite 2011
CONNECT Reader by Sony
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
CronoX 3
CronoX 3 Bonus Presets
CS-80V
CuteFTP 8 Professional
Diff Doc
Dramatica Pro 4.0
Duplicate File Finder 1.1.0.0
DVD-CLONER V6.00 Build 975
DVD Shrink Pro
DVD Suite
EarMaster School 5
Edirol HQ Orchestral v1.01
Edirol Hyper Canvas VSTi v1.51
Efficient Password Manager 1.68
erLT
Eye Candy 4000
eyeQ
EZdrummer
EZXPercussion
Facebook Plug-In
Firebird SQL Server - MAGIX Edition
Firewire Family
FL Studio v7.0
FM Heaven VSTi v1.4
Free Picture Resize Starter 4.5
GOM Player
Google Chrome
Google Talk (remove only)
GSM 1.1.4.2
Guitar Chord Buster Pro 4.4.0
Guitar Studio
Hard Disk Scrubber v2.1
High-Logic FontCreator 6.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
IBP 11.5
IK Multimedia Amplitube DX/VST/RTAS v2.0
IrfanView (remove only)
iZotope Trash
J2SE Development Kit 5.0 Update 12
J2SE Runtime Environment 5.0 Update 12
Java 2 Runtime Environment, SE v1.4.1_01
Java Web Start
LameACM
Logitech Vid HD
Logitech Webcam Software
Lounge Lizard 1.0
LRA Movie
LucisArt 3 ED/SE
LUXONIX Ravity(S) v1.4.1
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic ISO Maker v5.4 (build 0239)
MAGIX 3D Maker (embeded)
MAGIX Movie Edit Pro 16 Plus Download Version 9.0.1.60 (UK)
MAGIX Screenshare
MAGIX Speed burnR
Malwarebytes' Anti-Malware version 1.51.2.1300
MasterWriter
MediaMonkey 2.5
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Agent Character Editor
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Morton Benson SerboCroatian-English Dictionary
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyEclipse 7.0 Milestone-1
N.I. Guitar Rig v2.0.2
Native Instruments Absynth 4
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Metaphysical Function
Native Instruments Service Center
Nero 7 Essentials
NetBeans IDE 5.5.1
NetBeans IDE 6.1
Nomad Factory Blue Tubes Bundle VST v1.6
NVIDIA Drivers
Octopus
PDF Settings
Photo to Cartoon
PixPlant for Photoshop 2.0.43
Plagiarism Detector
Portrait Professional Studio 9.0
PowerDVD
PowerISO
PRO100 Jasno ver 4.16
QuickTime
Rapport
RealPlayer
Realtek AC'97 Audio
reFX Trasher 2 VST v1.1
Registry Clean Expert
Registry Cleaner 6.0.0.016
Registry Mechanic 6.0
Riva FLV Player
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
Sencha Animator
Serato Scratch Studio Edition RTAS v1.0
Sibelius 6.2.0.88
Skype Click to Call
Skype™ 5.5
Sony DVD Architect Studio 4.5
Sony Noise Reduction Plug-In 2.0e
Sony Sound Forge 9.0
Sothink SWF Decompiler
SpinAudio 3DDelays 1.1
SpinAudio RoomVerb M1 1.1
SpinAudio RoomVerb M2 2.0
SpinAudio SpinDelay 2.0 Full
Splat! 1.0
Steinberg FreeFilter v1.1 - OxYGeN
Steinberg Groove Agent 2
Steinberg Voice Designer v1.03
Striata Reader
Style Master 4.6
Sun Download Manager 2.0 (web)
Sun Java System Application Server 9.1 Update 2
SwarShala v2.0 build 4
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Synonymizer 3.1.0
Terragen
The Free Blog Commenter
Topaz Adjust 4
Topaz Clean 3
Topaz DeJpeg 4
Topaz DeNoise 5
Topaz Detail 2
Topaz Fusion Express 2
Topaz InFocus
Topaz ReMask 3
Topaz Simplify 3
TortoiseSVN 1.5.3.13783 (32 bit)
Total Commander (Remove or Repair)
TweakNow WinSecret 2011
Ulead GIF Animator 5
Ulead VideoStudio SE DVD
Ultrafunk Sonitus:fx R3 plug-in uninstaller
Uninstall Mystical
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Capture Device
uTorrentBar Toolbar
VC 9.0 Runtime
ViceVersa Pro 2 (Build 2014)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VocaVista-Audio 2.8.6
VoiceSFX
Waves API Collection
Waves L3 16
Waves L3 LL
Waves Mercury Bundle
WCAT
WebFldrs XP
Webmaster Organizer 1.0 Trial
Window Washer
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Service Pack 3
WinRAR archiver
Wisdom of the Ages - Evaluation Version
Writer's Café 1.22
XAMPP 1.7.1
YAMAHA VST Plugin Vocal Rack Trial
ZBrush3
.
==== Event Viewer Messages From Past Week ========
.
10/19/2011 8:50:43 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 7:50:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/19/2011 7:50:08 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2011 4:41:04 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2011 4:41:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/19/2011 12:16:14 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
10/18/2011 12:52:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/18/2011 11:01:34 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
10/18/2011 10:41:04 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
10/18/2011 1:42:19 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Windows XP Service Pack 3 (KB936929).
10/18/2011 1:41:51 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Window Washer Engine service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Syntek STK1160 Service service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The FABS - Helping agent for MAGIX media database service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:44:20 PM, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:30:58 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows XP Service Pack 3 (KB936929).
10/15/2011 9:14:36 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume5'. It has stopped monitoring the volume.
10/15/2011 12:36:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SCDEmu Tcpip vsdatant
10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 12:36:03 AM, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 1:26:19 AM, error: Service Control Manager [7023] - The Boot Update service terminated with the following error: The specified module could not be found.
10/15/2011 1:26:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Vodafone Mobile Broadband Service service to connect.
10/15/2011 1:26:19 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: Access is denied.
10/15/2011 1:26:19 AM, error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The system cannot find the file specified.
10/15/2011 1:26:19 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the file specified.
10/15/2011 1:22:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/15/2011 1:21:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/15/2011 1:03:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/14/2011 9:56:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SCDEmu Tcpip vsdatant
10/14/2011 9:52:41 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
10/14/2011 3:47:00 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB959426).
10/14/2011 3:46:57 AM, error: NtServicePack [4373] - Windows XP KB959426 installation failed.
An internal error occurred.
10/14/2011 3:46:38 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB956572).
10/14/2011 3:46:36 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
An internal error occurred.
10/12/2011 12:29:48 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
10/12/2011 12:29:48 PM, error: Dhcp [1002] - The IP address lease 41.31.75.24 for the Network Card with network address 001E101F3976 has been denied by the DHCP server 41.26.118.190 (The DHCP Server sent a DHCPNACK message).
10/12/2011 12:25:24 PM, error: Dhcp [1002] - The IP address lease 41.27.7.149 for the Network Card with network address 001E101F3976 has been denied by the DHCP server 41.31.75.17 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Thank you!

Bobbye · Oct 20, 2011

Okay, let see if we can nail this down. Sorry I couldn't get to you sooner- internet went down at 1:30am this morning and only got it back up a 5pm- so I'm catching up!

We have a lot to do and it's going to take a while> start with this:
Comments and Questions

Are you a Webmaster or developer?
Do you need special Java programs for developing?
It appear that you may have the wrong Java program running and there are several outdated versions.
You are running 4 Registry cleaners. I recommend that you remove them all. We do not recommend registry cleaners to anyone:
Registry Clean Expert
Registry Cleaner 6.0.0.016
Registry Mechanic 6.0
TweakNow WinSecret 2011
Window Washer> this should be included> it has overwriting and cleaning features that can easily make the system unbootable.
You are using Avast for the antivirus and Zone Alarm for the firewall> is this correct?
How much RAM do you have?

==========================================
Download catchme.exe ( 137KB ) and save to your desktop.

Double click the catchme.exe to run it
Click the "Scan" button to start scan
Open catchme.log to see results

Copy the log to Notepad, making sure that 'Word Wrap' is unchecked in Format. Then paste the log in your next reply.
=========================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===========================================
Download CKScanner and save to your desktop.

Double click CKScanner.exe and click Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
in your next reply.

============================================
Download Security Check by screen317 from one of these links:
Link1
Link 2

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

============================================
Please leave the following logs in your next reply:
catchme
Eset online virus scan
CK scan
Security Check

Also, please address my questions & comments.
There is a lot of work here- many entries need to be removed.

vlad097 · Oct 22, 2011

Dear Bobbye

Thank you for your time.
Sorry for the delay, I was busy with work and ESET scan took forever...

*Comments and Questions*

'1. Are you a Webmaster or developer?'
Yes, I am both.

'2. Do you need special Java programs for developing?'
I used to work in Java but not anymore. I un-installed old versions and installed only new JRE.

'3. You are running 4 Registry cleaners. I recommend that you remove them all. We do not recommend registry cleaners to anyone:'
I un installed them all

'4. You are using Avast for the antivirus and Zone Alarm for the firewall> is this correct?'
I was using Avast untill I needed to instal Service Pack 3. I discovered that Avast couldn't find threats and couldn't update so uninstalled it and installed a webroot.
Now I installed new Avira. Following your instructions from first thread.
I bought proffesional Zone Alarm firewall but it gave me some troubles and I unistalled it a couple of weeks after I sarted using it. I am aware that Zone Alarm still runs some processes on this comp but not sure how to remove it.

'5. How much RAM do you have?'
I have 4Gb of RAM but XP32bit detects only 3G

-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 11:13:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nudypgcm]
"DisplayName"="Boot Update"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Allows error reporting for services and applictions running in non-standard environments."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nudypgcm\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nudypgcm]
"DisplayName"="Boot Update"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Allows error reporting for services and applictions running in non-standard environments."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nudypgcm\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nudypgcm]
"DisplayName"="Boot Update"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Allows error reporting for services and applictions running in non-standard environments."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nudypgcm\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nudypgcm]
"DisplayName"="Boot Update"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Allows error reporting for services and applictions running in non-standard environments."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nudypgcm\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\nudypgcm]
"DisplayName"="Boot Update"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Allows error reporting for services and applictions running in non-standard environments."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\nudypgcm\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

----------------------------------------------------------------------------------------------------
ESET Online Scan

C:\Documents and Settings\Vanja\Desktop\cnet_jre-7-windows-i586_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Vanja\Local Settings\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\Cache\0F16BAEEd01 a variant of Win32/InstallCore.D application
C:\Documents and Settings\Vanja\Local Settings\Temp\ICReinstall\cnet_jre-7-windows-i586_exe.exe a variant of Win32/InstallCore.D application

---------------------------------------------------------------------------------------------------

*CKScanner* - is DOWN (link is not working!
is there an alternative link?

----------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
CronoX 3 Bonus Presets
ESET Online Scanner v3
Adobe After Effects CS3 Presets
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Sun Java System Application Server 9.1 Update 2
Java(TM) 7
Adobe Flash Player 11.0.1.152
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

vlad097 · Oct 22, 2011

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
CronoX 3 Bonus Presets
ESET Online Scanner v3
Adobe After Effects CS3 Presets
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Sun Java System Application Server 9.1 Update 2
Java(TM) 7
Adobe Flash Player 11.0.1.152
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
-----------------------------------------------------------------------------------
for some reason Security check log was cut short. Here it is again.
Thanx.

Bobbye · Oct 22, 2011

You're welcome. Hope we can get to the bottom of this problem.

Link to the CK scan is working now. Please try again:
http://downloads.malwareremoval.com/CKScanner.exe
------------------------------
I find description of Crono 3 but not'bonus presets. Don't understand why it shows in the AV/FW section of Security Scan.
------------------------------
Thank you for letting me know Java is up to v6u29! Time for me to update also. I don't allow any auto-updates. I put the v6u27 version in bbecause some users were getting v7 insttead. You did the right thing.
------------------------------
Okay on my questions 1,2,3 and 5. For #4, I will remove any entries is find for Avast and ZoneAlarm. As for the problems you had with the security programs, understand that what you described is normal when there is malware. It does not mean the program is missing anything or that it isn't a good program.
===================================
For the Eset entries: Stay away from CNet for your downloads. Try using program home sites if you can. All of the CNet downloads are returning variant of Win32/InstallCore.D application . Full name is "Generic PUP.x!sy!CCFDA4B04C4D".

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Many CNet users are complaining about this. In my opinion, no program should bundle some usually unrelated program with download without your knowledge and permission.
-----------------------------
Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Files  
C:\Documents and Settings\Vanja\Desktop\cnet_jre-7-windows-i586_exe.exe 
C:\Documents and Settings\Vanja\Local Settings\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\Cache\0F16BAEEd01 
C:\Documents and Settings\Vanja\Local Settings\Temp\ICReinstall\cnet_jre-7-windows-i586_exe.exe 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
====================================
For malware in Java cache:
To clear the Java Plug-in cache:

[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel.

The Java Control Panel appears.

[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.

[4] Click Delete Files.The Delete Temporary Files dialog box appears.

[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
========================================
And malware in Firefox cache:
Clear Firefox Cache

Open Firefox> Click on Tools> Options
Select the Advanced panel.
Click on the Network tab
In the Offline Storage section, click Clear Now.

================================
catchme gave 5 entries for this, ControlSet001-5
This is a matter of concern due to the GMER entry:
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\nudypgcm\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"

With this info:
"DisplayName"="Boot Update"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Allows error reporting for services and applictions running in non-standard

But I am not able to identify either Secvice in bold text. Can you help me out?
=================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

vlad097 · Oct 23, 2011

Okay. Great. Got that. Thanx.

Now I try to download CK scan and it still does not work for me. I am in South Africa by the way. Maybe it's some location restriction or something like that.

CronoX3, they are presets of sounds and maybe somebody packed something nasty in it.
I don't know? I downloaded it a long time ago from different website than the publishers of CronoX.

-------------------------------------------------------------------------------------------------------------

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\Vanja\Desktop\cnet_jre-7-windows-i586_exe.exe not found.
File/Folder C:\Documents and Settings\Vanja\Local Settings\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\Cache\0F16BAEEd01 not found.
C:\Documents and Settings\Vanja\Local Settings\Temp\ICReinstall\cnet_jre-7-windows-i586_exe.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Vanja
->Temp folder emptied: 116909239 bytes
->Temporary Internet Files folder emptied: 2493540 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 103369168 bytes
->Google Chrome cache emptied: 40783514 bytes
->Flash cache emptied: 7280 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1167 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 215034526 bytes

Total Files Cleaned = 457.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 10232011_092813

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\Perflib_Perfdata_5d8.dat moved successfully.

Registry entries deleted on Reboot...
--------------------------------------------------------------------------------------------------------

ComboFix 11-10-21.06 - Vanja 10/23/2011 10:23:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2425 [GMT 2:00]
Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\4D
c:\documents and settings\All Users\Application Data\4D\4D Write Prefs.RSR
c:\documents and settings\All Users\Application Data\4D\4D Write\MasterWriter.RSR
c:\documents and settings\All Users\Application Data\4D\EngV6Prf.RSR
c:\documents and settings\All Users\Application Data\4D\tcp.opt
c:\documents and settings\Vanja\Application Data\PriceGong
c:\documents and settings\Vanja\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Vanja\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Vanja\WINDOWS
c:\driver\Files\Desktop.ini
C:\test.txt
C:\Thumbs.db
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iun6002.exe
c:\windows\jestertb.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SW_Win2141X16.DLL
c:\windows\system\COMDLG32.OCA
c:\windows\system32\_000056_.tmp.dll
c:\windows\system32\_004781_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004783_.tmp.dll
c:\windows\system32\_004784_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004803_.tmp.dll
c:\windows\system32\_004804_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004807_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\d3d9caps.dat
c:\windows\system32\setup.ini
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VCS
-------\Service_Vcs
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 10:53 . 2011-10-21 10:53 -------- d-----w- c:\program files\ESET
2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
2011-10-14 20:57 . 2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
2011-10-14 20:57 . 2011-10-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2011-10-14 19:55 . 2011-10-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-14 01:30 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-14 01:30 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-10-14 01:30 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-14 01:30 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-10-08 21:06 . 2011-10-08 21:06 -------- d-----w- c:\program files\TweakNow WinSecret 2011
2011-10-08 21:06 . 2011-10-08 21:06 -------- d-----w- c:\documents and settings\Vanja\Application Data\TweakNow WinSecret 2011
2011-10-08 20:45 . 2011-10-21 06:42 -------- d-----w- c:\program files\Registry Clean Expert
2011-10-08 11:26 . 2011-10-08 11:26 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\conduitEngine
2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2011-10-06 23:36 . 2011-10-06 23:36 -------- d-----w- c:\program files\The Free Blog Commenter
2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
2011-09-27 05:43 . 2011-09-27 05:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Trusteer
2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2009-12-14 16:46 199304 ------w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2009-12-14 16:47 320856 ------w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-12-14 16:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-14 16:47 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-14 16:47 110552 ------w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-12-14 16:47 104536 ------w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-12-14 16:47 20568 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-12-14 16:47 30808 ------w- c:\windows\system32\drivers\aavmker4.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1787:TCP"= 1787:TCP:ayxxx
"8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/14/2009 6:47 PM 320856]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/14/2009 6:47 PM 20568]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [1/17/2011 9:24 PM 3608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nudypgcm
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003Core.job
- c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003UA.job
- c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
.
2011-10-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe
AddRemove-Diff Doc_is1 - c:\program files\Softinterface
AddRemove-Muon_Tau_Bassline_Mk2_VSTi_1.0 - c:\windows\iun6002.exe
AddRemove-SpeechPitch - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
"ServiceDll"="c:\windows\system32\zncoafm.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1680)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2011-10-23 10:50:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 08:50
.
Pre-Run: 41,676,595,200 bytes free
Post-Run: 41,425,358,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 19A89573246C3DC9656097EF3E750CCA

-----------------------------------------------------------------------------------------------------------------------

About GMER entry:
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!

Since ComboFix removed so many entries maybe I should scan again with GMER to see if this svchost.exe still runs before I start looking for another info?
What do you think?

Bobbye · Oct 24, 2011

I'd like to make a comment- hopefully it will be helpful to you:
The system is filled with multiple entries for the AskBar. It also has multiple entries for uTorrent.
The first is frequently prechecked on download screen or it comes bundled with unrelated software without your knowledge or permission. No matter how it got on the system, it should not be there.

The second, uTorrent is for file sharing. This brings it's own risk for malware. As a Webmaster, you will design and develop Web sites. You will be responsible for the content and the people who hire you need to have confidence that you will consider their security and be knowledgeable of the content on the site.
---------------------------
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

Code:

File::
FileLook::
c:\windows\system32\drivers\PoXhhExr.sys
c:\windows\system32\drivers\yxpXVpYF.sys
c:\windows\system32\drivers\AdeMghWD.sys
Folder::
c:\program files\Registry Clean Expert
c:\program files\TweakNow WinSecret 2011
c:\documents and settings\Vanja\Application Data\TweakNow WinSecret 2011
c:\program files\Registry Clean Expert
c:\documents and settings\Vanja\Local Settings\Application Data\conduitEngine
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
There are 3 antivirus program on the system:
2011-10-19 19:27 -------- d-----w- c:\program files\Avira
2011-10-21 10:53 -------- d-----w- c:\program files\ESET
2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
Keep one, remove the other 2. If you want to try an AV program out, okay, but you can't leave them all on the system.
Reboot computer when through
=================================
The Acrobat 8.0 is out of date and a vulnerability. Please update now:Adobe Reader site Make sure you have the most current update whic now is v10. Uninstall any earlier updates as they are vulnerabilities.
==================================
Please download sUBs' SvcQuery.exe and save to your desktop.

Double click the file to Open
A window will open. When prompted to provide a service name, type in the following:
nudypgcm
Press Enter
The tool will create a log. Please leave that in your next reply.

==================================
Let's hold on running GMER again until I see the logs above.

Please see for information about files sharing progrma and the risks you are taking:
P2P or 'file sharing' Warning:
Even if you are "safe" P2P program, it is only the program that is safe.:

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
Malware writers use these program to include malicious content.
File sharing is usually unmonitored and there is a danger that your private files might be accessed.
The 'sharing' also includes malware that the shared system has on it.
Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

vlad097 · Oct 27, 2011

B. Thank you for your time.

I appreciate the comment.
I guess getting too busy makes me think with my lower body.. if you know what I mean.
I didn't know about AskBar, I think it came with the GOM player. Anyway, tried to unistall AskBar through Add remove programs but it's not there. The folder in program files Ask.com is there. Should I delete the folder?
About the torrents I was aware of it (in a way). Now I removed all torrent clients. I'll stay away from it.

The Acrobat is up to date.

The combofix log I am posting but svcQuery.exe when I type that command (nudypgcm) just closes without creating any log?

quote
"There are 3 antivirus program on the system:"
I unistalled Eset onLine Scanner.
I uninstalled Avast and Webroot before I installed Avira. So thats strange that they still show as active antiVirus programs. Any suggestion there?

Also is ZoeAlarm still running? I have to kill that to.

I run blindly comboFix once before I did the other steps. I run it again this morning. Here's the log. (in this morning's log there was only one (Other Deletions) c:\windows\system32\d3d9caps.dat) but I pasted other entries from first log.
----------------------------------------------------------------------------------------------------------------------------

ComboFix 11-10-27.03 - Vanja 10/27/2011 10:53:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2244 [GMT 2:00]
Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vanja\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Vanja\Application Data\TweakNow WinSecret 2011
c:\documents and settings\Vanja\Local Settings\Application Data\conduitEngine
c:\program files\Registry Clean Expert
c:\program files\Registry Clean Expert\fixlog.ini
c:\program files\Registry Clean Expert\master.ini
c:\program files\Registry Clean Expert\UndoCenter\20111008225750A.cab
c:\program files\Registry Clean Expert\UndoCenter\20111008230455A.cab
c:\program files\Registry Clean Expert\UndoCenter\20111009064011A.cab
c:\program files\Registry Clean Expert\UndoCenter\20111018001947A.cab
c:\program files\Registry Clean Expert\UndoCenter\20111019000043A.cab
c:\program files\TweakNow WinSecret 2011
c:\program files\TweakNow WinSecret 2011\Blank.ico
c:\program files\TweakNow WinSecret 2011\Convert_x86.dll
c:\program files\TweakNow WinSecret 2011\ConvertTo.exe
c:\program files\TweakNow WinSecret 2011\cpuidsdk.dll
c:\program files\TweakNow WinSecret 2011\DLib.dll
c:\program files\TweakNow WinSecret 2011\Help.chm
c:\program files\TweakNow WinSecret 2011\msvcrt.dll
c:\program files\TweakNow WinSecret 2011\sqlite3.dll
c:\program files\TweakNow WinSecret 2011\Transparent.exe
c:\program files\TweakNow WinSecret 2011\unins000.dat
c:\program files\TweakNow WinSecret 2011\unins000.exe
c:\program files\TweakNow WinSecret 2011\unins000.msg
c:\program files\TweakNow WinSecret 2011\WinSecret.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-25 07:32 . 2011-10-25 07:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-24 21:09 . 2011-10-27 08:33 -------- d-----w- c:\documents and settings\Vanja\.seospyglass
2011-10-24 21:07 . 2011-10-24 21:09 -------- d-----w- c:\program files\SEO PowerSuite
2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 10:53 . 2011-10-21 10:53 -------- d-----w- c:\program files\ESET
2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-19 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-19 18:07 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
2011-10-14 20:57 . 2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
2011-10-14 20:57 . 2011-10-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-14 20:08 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2011-10-14 19:55 . 2011-10-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-14 01:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-10-14 01:36 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-14 01:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2011-10-06 23:36 . 2011-10-06 23:36 -------- d-----w- c:\program files\The Free Blog Commenter
2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2009-12-14 16:46 199304 ------w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2009-12-14 16:47 320856 ------w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-12-14 16:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-14 16:47 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-14 16:47 110552 ------w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-12-14 16:47 104536 ------w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-12-14 16:47 20568 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-12-14 16:47 30808 ------w- c:\windows\system32\drivers\aavmker4.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\AdeMghWD.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA® nForce(TM) IDE Performance Driver
File Version: 5.10.2600.0654 built by: WinDDK
Product Name: NVIDIA nForce(TM) IDE Driver
Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
Original Filename: nvatabus.sys
File size: 99840
Created time: 2011-10-14 22:32
Modified time: 2006-03-16 10:51
MD5: B7FB72492B753930EC70A0F49D04F12F
SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
.
.
--- c:\windows\system32\drivers\PoXhhExr.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA® nForce(TM) IDE Performance Driver
File Version: 5.10.2600.0654 built by: WinDDK
Product Name: NVIDIA nForce(TM) IDE Driver
Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
Original Filename: nvatabus.sys
File size: 99840
Created time: 2011-10-14 21:25
Modified time: 2006-03-16 10:51
MD5: B7FB72492B753930EC70A0F49D04F12F
SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
.
.
--- c:\windows\system32\drivers\yxpXVpYF.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA® nForce(TM) IDE Performance Driver
File Version: 5.10.2600.0654 built by: WinDDK
Product Name: NVIDIA nForce(TM) IDE Driver
Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
Original Filename: nvatabus.sys
File size: 99840
Created time: 2011-10-14 23:03
Modified time: 2006-03-16 10:51
MD5: B7FB72492B753930EC70A0F49D04F12F
SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-23_08.40.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 08:40 . 2011-10-27 08:40 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2006-10-23 07:08 . 2006-10-23 07:08 62080 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 214512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\icudt26l.dat
+ 2011-10-27 08:17 . 2011-10-27 08:17 2295808 c:\windows\Installer\f9bc401.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\f9bc402.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1787:TCP"= 1787:TCP:ayxxx
"8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/14/2009 6:47 PM 320856]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/14/2009 6:47 PM 20568]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [1/17/2011 9:24 PM 3608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nudypgcm
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003Core.job
- c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1364589140-839522115-1003UA.job
- c:\documents and settings\Vanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-19 18:52]
.
2011-10-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 11:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
"ServiceDll"="c:\windows\system32\zncoafm.dll"
.
Completion time: 2011-10-27 11:15:15
ComboFix-quarantined-files.txt 2011-10-27 09:15
ComboFix2.txt 2011-10-25 09:44
ComboFix3.txt 2011-10-23 08:50
.
Pre-Run: 90,013,208,576 bytes free
Post-Run: 89,979,277,312 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E7538DDE668F3EA428435F03BBDC5CFC

vlad097 · Oct 27, 2011

I forgot to tell you I uninstalled ESET only after I've run the comboFix...

Bobbye · Oct 27, 2011

Adobe still shows v8. Please update to v10: Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
=====================================
Be sure you have updated Adobe Reader to v10- before you run the following. I am, removing Adobe v8 entries that are still on the system:
======================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

KillAll::
File::
FileLook::
c:\windows\system32\drivers\NimNgDyH.sys
c:\windows\system32\drivers\hWFQUZld.sys
c:\windows\system32\drivers\QjflunoG.sys
c:\windows\system32\drivers\sLJlbcjN.sys
DDS::
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
I have included registry entry remaining for the Ask.com. There is also a Task Scheduled for Ask up date which needs to be stopped:Since you're in the business so to speak, check out this information: http://www.benedelman.org/spyware/ask-toolbars/

Any Ask entries, whether Ask'bar' of other should be uninstalled in Add/Remove Programs, unchecked on the Startup menu and, program files be uninstalled/deleted.

To remove Ask Update in Scheduled Tasks
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To change the settings for a task: right-click the Task> click Properties> do the following:

To delete a task> right-click the task> click Delete.
[o]c:\program files\Ask.com\UpdateTask.exe

-------------------------------------------
Be aware that many download screens have Ask.com or similar pre-checked and it should be unchecked before the download. So far, no one I know of has actually downloaded this intentionally and once in a system, can be difficult to fully remove.
========================================
Reboot the computer when through , then run HijackThis:

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.
Then navigate to that directory and double-click on the hijackthis.exe file.
When started click on the Scan button and then the Save Log button to create a log of your information.
The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
========================================
I am still concerned about this NetSrvc which I cannot identify and what is mentioned in GMER as a rootkit> so You are going to try to identify it: You will have to set hidden files and folders to show as follows:
Show Hidden Folders/Files

Open My Computer.
[*] Go to Tools > Folder Options.
[*] Select the View tab.
[*] Scroll down to Hidden files and folders.
[*] Select Show hidden files and folders.
[*] Uncheck Hide extensions of known file types.
[*] Uncheck Hide protected operating system files (Recommended).
[*] Click Yes when prompted.
[*] Click OK.
[*] Close My Computer.

----------------------------------
Now go on with the following

Click Start> Run> type icmd> enter>

At the blinking C prompt type in the following:

tasklist /svc /fi "imagename eq svchost.exe"

Press enter.

You will see a list of the processes on your computer as well as the services that a SVCHOST.EXE process is managing

.
This can be seen in the image below.

When you have finished the above, please go back to Folder Options> View tab> Check 'don't show hidden files and folders> Check 'hide protected system files'(Recommended)> OK> Apply> OK
====================================
We'll see if you can come up with anything.

The entry in GMER is:
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nudypgcm <-- ROOTKIT !!!

The Registry entry in Combofix is:
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
"ServiceDll"="c:\windows\system32\zncoafm.dll

And the Service entry is:
S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
It is stopped, 2=Regular start "Auto" enabled.

The fact that I can't identify either of the 2 process names is of concern and it has date from 2004..
=================================
Please give me an update on how the system is running now

vlad097 · Oct 27, 2011

Adobe reader is definately 10.1.1
I think Adobe Acrobat Pro 8 was showing.

Hmm.. very sneaky from Ask.com
I found today the Ask with Gom player in my add-remove programs and uninstalled it.

There wasn't any Ask Updates in Scheduled Tasks.

ComboFix Log
======================================

ComboFix 11-10-27.06 - Vanja 10/27/2011 22:31:34.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2187 [GMT 2:00]
Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vanja\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 20:24 . 2011-10-27 20:24 -------- d-----w- C:\HijackThis
2011-10-27 10:48 . 2011-10-27 11:53 -------- d-----w- c:\documents and settings\Vanja\.ranktracker
2011-10-25 07:32 . 2011-10-25 07:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-24 21:09 . 2011-10-27 08:33 -------- d-----w- c:\documents and settings\Vanja\.seospyglass
2011-10-24 21:07 . 2011-10-24 21:09 -------- d-----w- c:\program files\SEO PowerSuite
2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 10:53 . 2011-10-21 10:53 -------- d-----w- c:\program files\ESET
2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-19 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-19 18:07 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
2011-10-14 20:57 . 2011-10-14 20:57 -------- d-----w- c:\program files\AVAST Software
2011-10-14 20:57 . 2011-10-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-14 20:08 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2011-10-14 19:55 . 2011-10-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-14 01:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-10-14 01:36 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-14 01:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2009-12-14 16:46 199304 ------w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2009-12-14 16:47 320856 ------w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-12-14 16:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-14 16:47 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-14 16:47 110552 ------w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-12-14 16:47 104536 ------w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-12-14 16:47 20568 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-12-14 16:47 30808 ------w- c:\windows\system32\drivers\aavmker4.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\hWFQUZld.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA® nForce(TM) IDE Performance Driver
File Version: 5.10.2600.0654 built by: WinDDK
Product Name: NVIDIA nForce(TM) IDE Driver
Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
Original Filename: nvatabus.sys
File size: 99840
Created time: 2011-10-19 02:37
Modified time: 2006-03-16 10:51
MD5: B7FB72492B753930EC70A0F49D04F12F
SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
.
.
--- c:\windows\system32\drivers\NimNgDyH.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA® nForce(TM) IDE Performance Driver
File Version: 5.10.2600.0654 built by: WinDDK
Product Name: NVIDIA nForce(TM) IDE Driver
Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
Original Filename: nvatabus.sys
File size: 99840
Created time: 2011-10-19 17:40
Modified time: 2006-03-16 10:51
MD5: B7FB72492B753930EC70A0F49D04F12F
SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
.
.
--- c:\windows\system32\drivers\QjflunoG.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA® nForce(TM) IDE Performance Driver
File Version: 5.10.2600.0654 built by: WinDDK
Product Name: NVIDIA nForce(TM) IDE Driver
Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
Original Filename: nvatabus.sys
File size: 99840
Created time: 2011-10-18 21:18
Modified time: 2006-03-16 10:51
MD5: B7FB72492B753930EC70A0F49D04F12F
SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
.
.
--- c:\windows\system32\drivers\sLJlbcjN.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA® nForce(TM) IDE Performance Driver
File Version: 5.10.2600.0654 built by: WinDDK
Product Name: NVIDIA nForce(TM) IDE Driver
Copyright: Copyright(C) 2001-2006 NVIDIA Corporation
Original Filename: nvatabus.sys
File size: 99840
Created time: 2011-10-17 22:50
Modified time: 2006-03-16 10:51
MD5: B7FB72492B753930EC70A0F49D04F12F
SHA1: 90C0A7758ED8BC2AFABC9911140E27E4135D4D59
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-23_08.40.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 08:40 . 2011-10-27 08:40 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2006-10-23 07:08 . 2006-10-23 07:08 62080 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 214512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\icudt26l.dat
+ 2011-10-27 08:17 . 2011-10-27 08:17 2295808 c:\windows\Installer\f9bc401.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\f9bc402.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1787:TCP"= 1787:TCP:ayxxx
"8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/14/2009 6:47 PM 320856]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/14/2009 6:47 PM 20568]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - port_nt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nudypgcm
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: network.proxy.type - 1
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 22:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
"ServiceDll"="c:\windows\system32\zncoafm.dll"
.
Completion time: 2011-10-27 22:54:50
ComboFix-quarantined-files.txt 2011-10-27 20:54
ComboFix2.txt 2011-10-27 09:15
ComboFix3.txt 2011-10-25 09:44
ComboFix4.txt 2011-10-23 08:50
.
Pre-Run: 98,456,395,776 bytes free
Post-Run: 98,475,024,384 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A16EA4E2175C63DF3AA84033E11E239E

======================================
HijackThis gave me an error, I just clicked Ok and it went on.

https://www.techspot.com/vb/attachment.php?attachmentid=71174&stc=1&d=1319751405

======================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:42 PM, on 10/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1318581580750
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10253 bytes

=================================
I am not sure what these procesess are but you might have an idea.
Edit for magic!

=================================

System is running very well. I don't remember since when this comp was working this smooth. It used to restart every now and then, and to freeze and I thought the hard drive is going to go off. I have a 10mb connection and it used to get stucked, no flow for a 15-20min then it would start very slow and I would have to reboot to get it working properly again.
So yes, it running excelent now.

vlad097 · Oct 28, 2011

That
S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
might be a process for BIOS update I ran back then. But I can't be sure...

Bobbye · Oct 29, 2011

I started this earlier today and got called away before I could post! Did you see the 'magic'?

To leave the image itself, instead of using , use [img].....[/img]- or- copy th...nner.exe][b][color=blue]CKScanner[/b][/color] and save to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

The link is working. I don't think your location matters. If it doesn't work, please let me know where the problem is> Download? Scan? Error message? Or other.
=====================================
Avast is still on the system:Uninstall:Avast Removal
====================================
Please reopen Hijackthis to 'do system scan only.' Check each of the following, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Close all Windows except HijackThis and click on "Fix Checked"
========================================
Zone Alarm should have it's own uninstaller. Pause mouse over the program in All Programs and see if uninstaller is available. If it isn't:
Boot into Safe Mode

Restart your computer and start pressing the F8 key on your keyboard.
Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

This is a Service that is part of the program:
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Click on Start> Run> type in services.msc> enter> double click on either TrueVetor or vsmon, however it appears> Change Startup Type to Disabled> Stop the Service.
While still in Safe Mode, find the process on the Startup Menu and uncheck it.
Complete the uninstallation, then use Windows explorer to delete the program folder.

Advise you use a firewall. Possibly Comodo or Bit Defender.
=====================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
Folder::
c:\program files\AVAST Software
c:\documents and settings\All Users\Application Data\AVAST Software
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

FCopy::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please check the NVidia site for current drivers- possible updates. You have drivers from 2006, Original Filename: nvatabus.sys
File size: 99840, Modified time: 2006-03-16 10:51, all with unidentifiable strings such as:
============================================
I'm glad the system is working well. Your idea that the Services was a BIOS update sounds reasonable. I haven't found any flags on the name and since the problems hjave been resolved, I'm going to leave the entry.

We're almost finished!

vlad097 · Nov 1, 2011

No, I haven't seen the 'magic'... unfortunately
You know, I am a prize winner for the cure of frozen computers. I came up with an idea "just throw it out of window and call customer service".
Any way
no worries for Adobe Acrobat Pro... I will reinstall if I need it, probably not.

====================================

NO Download of CKScanner for me.

I tried from several comps from my office and still nothing - get 'The connection has timed out page') If it's important maybe I can be so rude to ask you to email it to me?

Did unistall Avast with the tool you suggested in a Safe Mode.

HijackThis fix done and I checked again and the entries are not there anymore.

Zone alarm wasn't in all programs. I did safe mode stoping the service thing.

ComboFix done and here's the log

Nvidia doesn't have any major updates to the one I already have.

====================================

ComboFix 11-11-01.01 - Vanja 11/01/2011 7:25.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2310 [GMT 2:00]
Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vanja\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVAST Software
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-10-27 20:24 . 2011-11-01 04:52 -------- d-----w- C:\HijackThis
2011-10-27 10:48 . 2011-10-27 11:53 -------- d-----w- c:\documents and settings\Vanja\.ranktracker
2011-10-25 07:32 . 2011-10-25 07:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-24 21:09 . 2011-10-27 08:33 -------- d-----w- c:\documents and settings\Vanja\.seospyglass
2011-10-24 21:07 . 2011-10-24 21:09 -------- d-----w- c:\program files\SEO PowerSuite
2011-10-23 07:41 . 2011-10-23 07:41 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\Sun
2011-10-21 15:00 . 2011-10-21 15:00 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 14:59 . 2011-10-21 14:59 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 14:59 . 2011-10-21 14:59 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-21 14:59 . 2011-10-21 14:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-19 19:37 . 2011-10-19 19:37 -------- d-----w- c:\documents and settings\Vanja\Application Data\Avira
2011-10-19 19:27 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-19 19:27 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 19:27 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-19 19:27 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\program files\Avira
2011-10-19 19:27 . 2011-10-19 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-19 18:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-19 18:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-19 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-19 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-19 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-19 18:07 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-19 18:07 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-19 17:40 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\NimNgDyH.sys
2011-10-19 02:37 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\hWFQUZld.sys
2011-10-18 23:12 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-10-18 23:12 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-10-18 23:12 . 2008-04-13 20:57 79872 ------w- c:\windows\system32\msxml6r.dll
2011-10-18 23:10 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-10-18 21:18 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\QjflunoG.sys
2011-10-18 20:25 . 2008-04-13 22:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-10-18 20:25 . 2008-04-13 22:15 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-18 20:25 . 2008-04-13 22:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-10-18 20:25 . 2008-04-13 22:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-10-18 20:25 . 2008-04-13 22:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-10-18 20:25 . 2008-04-13 22:06 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-10-18 20:25 . 2008-04-13 22:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-10-18 20:25 . 2008-04-13 22:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-10-18 20:24 . 2008-04-13 21:09 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2011-10-18 20:24 . 2008-04-13 22:23 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2011-10-18 20:24 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-18 20:24 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-18 20:24 . 2008-04-14 03:42 409088 ----a-w- c:\windows\system32\qmgr.dll
2011-10-18 20:24 . 2008-04-13 22:03 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2011-10-18 20:24 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-10-18 20:22 . 2011-02-17 13:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-18 17:19 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 17:19 . 2011-10-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 22:50 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\sLJlbcjN.sys
2011-10-17 21:44 . 2011-10-17 21:44 -------- d-----w- C:\_OTM
2011-10-16 18:02 . 2011-10-16 18:04 -------- d-----w- c:\documents and settings\All Users\Keyword Elite 2.0
2011-10-16 18:01 . 2011-10-16 18:01 -------- d-----w- c:\program files\Keyword Elite 2.0
2011-10-16 15:15 . 2011-10-16 15:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-15 10:20 . 2010-08-25 07:39 102400 ----a-w- c:\windows\system32\bclnap.dll
2011-10-15 10:20 . 2011-07-18 08:06 208896 ----a-w- c:\windows\system32\beconv.dll
2011-10-15 10:20 . 2011-07-18 08:04 3080192 ----a-w- c:\windows\system32\beconvlib.dll
2011-10-15 10:20 . 2011-07-08 09:10 282624 ----a-w- c:\windows\system32\bprgcomm.dll
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\PrivacIE
2011-10-15 00:06 . 2011-10-15 00:06 -------- d-sh--w- c:\documents and settings\Vanja\IECompatCache
2011-10-14 23:30 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-14 23:03 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\yxpXVpYF.sys
2011-10-14 22:49 . 2011-10-14 22:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-14 22:32 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\AdeMghWD.sys
2011-10-14 22:21 . 2011-10-14 22:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-14 21:25 . 2006-03-16 10:51 99840 ----a-r- c:\windows\system32\drivers\PoXhhExr.sys
2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-14 20:11 . 2011-10-14 20:11 -------- d-sh--w- c:\documents and settings\Vanja\IETldCache
2011-10-14 20:08 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-14 20:08 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-14 20:08 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-14 20:08 . 2011-08-23 15:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-14 20:08 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-14 20:08 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-14 20:08 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-14 20:08 . 2011-10-14 20:08 -------- dc-h--w- c:\windows\ie8
2011-10-14 19:56 . 2011-10-14 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2011-10-14 19:55 . 2011-11-01 05:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2011-10-14 02:09 . 2011-10-14 02:09 -------- d-----w- c:\program files\MSXML 4.0
2011-10-14 01:48 . 2011-10-18 23:10 -------- d-----w- c:\windows\ServicePackFiles
2011-10-14 01:41 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-14 01:38 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-14 01:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-10-14 01:36 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-14 01:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-14 01:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-14 01:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-14 01:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-14 01:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-14 01:24 . 2011-10-19 20:49 -------- d--h--w- c:\windows\$hf_mig$
2011-10-13 21:09 . 2011-10-13 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-08 21:17 . 2011-10-21 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-10-07 17:43 . 2011-07-12 12:02 102784 ----a-r- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-10-07 17:20 . 2011-07-12 12:02 73344 ----a-r- c:\windows\system32\drivers\ew_jubusenum.sys
2011-10-07 17:08 . 2011-10-07 17:08 -------- d-----w- c:\documents and settings\Vanja\Local Settings\Application Data\PCHealth
2011-10-07 17:03 . 2011-07-12 12:02 237440 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2011-10-07 17:03 . 2011-07-12 12:02 192768 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-07 17:02 . 2011-10-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2011-10-03 21:43 . 2011-10-03 22:21 -------- d-----w- c:\program files\Webmaster Organizer
2011-10-03 21:42 . 2011-10-03 21:42 -------- d-----w- c:\documents and settings\Vanja\Application Data\SeoOganizer
2011-10-03 21:39 . 2011-10-03 21:43 -------- d-----w- c:\documents and settings\Vanja\Application Data\GetRightToGo
2011-10-03 20:17 . 2011-10-03 20:30 -------- d-----w- c:\documents and settings\Vanja\Application Data\Efficient Password Manager
2011-10-03 20:17 . 2011-10-03 20:17 -------- d-----w- c:\program files\Efficient Password Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 16:48 . 2011-06-02 06:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-25 17:00 . 2011-09-25 17:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-21 06:05 . 2011-03-01 17:08 397312 ----a-w- c:\windows\system32\PPTConverter.ocx
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-23_08.40.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-01 05:09 . 2011-11-01 05:09 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2006-10-23 07:08 . 2006-10-23 07:08 62080 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\AcroIEHelper.dll
+ 2004-08-04 12:00 . 2011-10-31 07:40 728114 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-10-31 07:40 175018 c:\windows\system32\perfc009.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 214512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\icudt26l.dat
+ 2011-10-27 08:17 . 2011-10-27 08:17 2295808 c:\windows\Installer\f9bc401.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\f9bc402.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-24 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 16:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\MyEclipse 7.0M1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Plagiarism Detector\\Plagiarism Detector.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1787:TCP"= 1787:TCP:ayxxx
"8080:TCP"= 8080:TCP:192.168.2.3/255.255.255.255:Enabled:TV
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 8:41 PM 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 8:57 PM 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/4/2008 7:24 PM 11264]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [10/18/2011 11:03 AM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [11/4/2008 8:11 PM 111768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 9:27 PM 136360]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 7:19 PM 366152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [11/4/2008 8:11 PM 5337]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/4/2008 7:16 PM 33792]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [10/7/2011 7:20 PM 73344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 7:19 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nudypgcm;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9/8/2010 3:44 PM 8704]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [11/4/2008 8:11 PM 17835]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [10/7/2011 7:43 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [10/7/2011 7:03 PM 237440]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nudypgcm
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{221F67E8-D243-4C24-8FBE-A6EF774282A0}: NameServer = 196.41.124.10,196.41.124.11
FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\58av3o94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: network.proxy.type - 1
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Flash Video Downloader Youtube Downloader Facebook: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-01 07:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nudypgcm]
"ServiceDll"="c:\windows\system32\zncoafm.dll"
.
Completion time: 2011-11-01 07:47:54
ComboFix-quarantined-files.txt 2011-11-01 05:47
ComboFix2.txt 2011-10-27 20:54
ComboFix3.txt 2011-10-27 09:15
ComboFix4.txt 2011-10-25 09:44
ComboFix5.txt 2011-11-01 05:24
.
Pre-Run: 97,990,053,888 bytes free
Post-Run: 97,958,645,760 bytes free
.
- - End Of File - - A87F573175E8668279EF300B9D05B7E4

Bobbye · Nov 1, 2011

The only questionable entries are still the ones that are suppose to apply to Nvidia.:

c:\windows\system32\drivers\sLJlbcjN.sys
c:\windows\system32\drivers\AdeMghWD.sys
c:\windows\system32\drivers\NimNgDyH.sys
c:\windows\system32\drivers\hWFQUZld.sys
---------------------------------------------------------------------
Since you cannot run the CK scan, please do the following:
Please run the MGA Diagnostics tool

You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
You must choose to Run this tool when prompted.
Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.

vlad097 · Nov 1, 2011

Ok, here it is.

XP pro SP2 purchased 2003 I think...

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-******-*****-*****
Windows Product Key Hash: **************************
Windows Product ID: ******-OEM-*******-*****
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {EF9C0309-DEAC-4C7B-89C1-E660549EFFAB}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{********************************************}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YVFXY</PKey><PID>******-OEM-*******-*****</PID><PIDType>3</PIDType><SID>S-1-5-21-1229272821-1364589140-839522115</SID><SYSTEM><Manufacturer>WinFast</Manufacturer><Model>6100M2MA</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20070127000000.000000+000</Date><SLPBIOS>GIGABYTE</SLPBIOS></BIOS><HWID>83293B770184CE78</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>GIGABYTE</name><model>G-MAX SYSTEM PRODUCT</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{***********************************}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57104</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: GIGABYTE

OEM Activation 2.0 Data-->
N/A

Bobbye · Nov 1, 2011

It appears that either the Activation Key is not correct or that it has been used too many times. You will need to contact the Microsoft Activation department. I am told that if you don't reply to the canned answer, it will force a live person to answer.

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: GIGABYTE

Volume License Key (VLK) on their computer that has either been blocked by Microsoft or generated by a fake product key code generator.
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003

An Unauthorized change was made to windows.

vlad097 · Nov 1, 2011

I contacted them immediately I am busy updating the office. Put a new activation code they gave me. Will postas soon this thing finishes updating.

Bobbye · Nov 1, 2011

Okay, good. Ask about the BIOS match also.

vlad097 · Nov 1, 2011

downloading updates 19%

vlad097 · Nov 1, 2011

what Bios match?

vlad097 · Nov 1, 2011

what is wrong with Bios match?

vlad097 · Nov 1, 2011

Okay I did a new genuine diagnostic tool scan

Is that wrong Bios match still there?
It got after office hours. I hope that fixed it if no please advise.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-XC89G-XHCXC-YVFXY
Windows Product Key Hash: AiR+Gxd/1O7BarFmRet7fw1xFoE=
Windows Product ID: 76487-OEM-2262101-60892
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {EF9C0309-DEAC-4C7B-89C1-E660549EFFAB}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EF9C0309-DEAC-4C7B-89C1-E660549EFFAB}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YVFXY</PKey><PID>76487-OEM-2262101-60892</PID><PIDType>3</PIDType><SID>S-1-5-21-1229272821-1364589140-839522115</SID><SYSTEM><Manufacturer>WinFast</Manufacturer><Model>6100M2MA</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20070127000000.000000+000</Date><SLPBIOS>GIGABYTE</SLPBIOS></BIOS><HWID>83293B770184CE78</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>GIGABYTE</name><model>G-MAX SYSTEM PRODUCT</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: GIGABYTE

OEM Activation 2.0 Data-->
N/A

vlad097 · Nov 1, 2011

Ok this is what I did.
I downloaded this tool
Windows Product Key Update Tool.

found here
http://windows.microsoft.com/en-US/windows/help/genuine/product-key

to see if I got right activation code on this machine.

it gave me this pop up.

I have to wait to talk to microsoft support guys tomorrow. I just don't want to hear that I have to re install windows. If you are in any doubt, you can send my email to any one who's interested to see the invoice for my windows. Just lemme know...

I'll update tomorow...

Bobbye · Nov 1, 2011

I am going to unsubscribe to this thread and work from the board. Every reply you make- whether it's 2 words or 2 paragraphs generates an email feedback to me>>>

ALL of these could have gone into 1 post! All made in the last 4 hours:

1. what Bios match?

2. what is wrong with Bios match?

3. Okay I did a new genuine diagnostic tool scan

4. Ok this is what I did.

5. downloading updates 19%

Learn how to use the edit feature. For someone who want to be a webmaster, you don't seem to be very aware of how things work!
-----------------------------------------
Regarding the 'BIOS Match':
The hidden files I had you run catchme for were:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nudypgcm\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\zncoafm.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nudypgcm]
"DisplayName"="Boot Update"
"Description"="Allows error reporting for services and applications running in non-standard environments."

You suggested that the nudypgcm Service displying as 'Boot Updte' could be for a BIOS update you did previously:

However, per the DX program:
OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: GIGABYTE

[Closed] Attn: Bobbye - Malware preventing updating

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Attachments

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Posts: 16,313 +36

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Attachments

Posts: 16,313 +36

Similar threads