Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - HTPConvert

Pages: [1] 2
1
Tech Clinic / Vista and the case of the mysterious audio
« on: December 08, 2008, 07:23:02 PM »
Thanks again for your help guestolo!! Much appreciated - I will take a look at that site to hopefully stop this happening again :-)

2
Tech Clinic / Vista and the case of the mysterious audio
« on: December 07, 2008, 11:29:07 PM »
bump

3
Tech Clinic / Vista and the case of the mysterious audio
« on: December 07, 2008, 09:31:05 PM »
and here is the combo fix log:

ComboFix 08-12-06.06 - Media Centre 2008-12-08 13:26:13.4 - NTFSx86
Microsoft® Windows Vistaâ„¢ Ultimate   6.0.6001.1.1252.1.1033.18.1661 [GMT 11:00]
Running from: c:\users\Media Centre\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2008-11-08 to 2008-12-08  )))))))))))))))))))))))))))))))
.

2008-11-27 18:18 . 2008-11-27 18:18   <DIR>   d--------   c:\users\All Users\is-D15N9
2008-11-27 18:18 . 2008-11-27 18:18   <DIR>   d--------   c:\programdata\is-D15N9
2008-11-27 18:18 . 2008-11-30 07:30   4,599,840   --ahs----   c:\windows\System32\drivers\fidbox.dat
2008-11-27 18:18 . 2008-11-30 07:30   58,112   --ahs----   c:\windows\System32\drivers\fidbox.idx
2008-11-24 15:45 . 2008-11-24 15:50   19   --a------   C:\videos.vf
2008-11-23 14:52 . 2008-12-03 19:52   38,496   --a------   c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-23 14:52 . 2008-12-03 19:52   15,504   --a------   c:\windows\System32\drivers\mbam.sys
2008-11-23 12:40 . 2008-11-23 12:40   <DIR>   d--------   C:\rsit
2008-11-23 12:01 . 2008-11-23 12:01   <DIR>   d--------   c:\program files\Panda Security
2008-11-23 12:01 . 2008-06-19 17:24   28,544   --a------   c:\windows\System32\drivers\pavboot.sys
2008-11-23 11:58 . 2008-11-23 12:00   <DIR>   d--------   c:\users\Media Centre\.housecall6.6
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\users\All Users\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\programdata\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\program files\MC Menu Mender
2008-11-23 11:16 . 2008-11-25 20:55   <DIR>   d--------   c:\program files\SamSoft
2008-11-16 20:17 . 2008-11-16 20:17   <DIR>   d--------   c:\program files\Xvid
2008-11-16 20:17 . 2007-06-28 18:52   765,952   --a------   c:\windows\System32\xvidcore.dll
2008-11-16 20:17 . 2007-06-28 18:54   180,224   --a------   c:\windows\System32\xvidvfw.dll
2008-11-16 19:28 . 2008-11-16 19:28   <DIR>   d--------   c:\program files\avi.NET
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\users\All Users\VistaCodecs
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\programdata\VistaCodecs
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\users\All Users\OpenMediaLibrary
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\programdata\OpenMediaLibrary
2008-11-15 12:20 . 2008-11-29 08:45   <DIR>   d--------   c:\program files\OpenMediaLibrary

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 01:45   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\uTorrent
2008-12-08 01:03   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-12-06 00:28   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\VideoReDoPlus
2008-12-06 00:22   ---------   d---a-w   c:\programdata\TEMP
2008-11-17 07:29   ---------   d-----w   c:\program files\AviSynth 2.5
2008-11-16 22:03   ---------   d-----w   c:\programdata\VideoBrowser
2008-11-16 09:15   ---------   d-----w   c:\program files\DivX
2008-11-16 09:13   ---------   d-----w   c:\program files\Winnydows
2008-11-16 07:00   ---------   d-----w   c:\program files\Common Files\PX Storage Engine
2008-10-19 03:24   ---------   d-----w   c:\programdata\IsolatedStorage
2008-10-19 03:24   ---------   d-----w   c:\programdata\epgStream.net
2008-10-19 03:24   ---------   d-----w   c:\program files\epgStream.net
2008-07-24 01:07   47,360   ----a-w   c:\users\Media Centre\AppData\Roaming\pcouffin.sys
2008-03-21 09:33   174   --sha-w   c:\program files\desktop.ini
2008-02-14 03:28   29   ----a-w   c:\program files\version.ini
2008-02-14 03:23   231,944   ----a-w   c:\program files\gwflash.exe
2007-10-16 07:19   245,248   ----a-w   c:\windows\inf\WG311v3\Vista64\MRVW13C.sys
2007-10-16 07:14   256,512   ----a-w   c:\windows\inf\WG311v3\Vista32\MRVW13B.sys
2007-09-21 08:42   19,008   ----a-w   c:\program files\markfun.a64
2007-08-21 08:49   17,912   ----a-w   c:\program files\markfun.w32
2007-08-21 08:49   125,504   ----a-w   c:\program files\MarkFunDrv.dll
2007-05-24 04:58   249,856   ----a-w   c:\windows\inf\WG311v3\Vista32\InsDrv2k.exe
2007-04-04 07:35   207,680   ----a-w   c:\program files\updateutility.exe
2007-03-29 17:36   301   ----a-w   c:\program files\update.ini
2007-03-01 17:48   240,448   ----a-w   c:\program files\gwf32.exe
2006-11-23 12:47   207,680   ----a-w   c:\program files\BIOS_Run.exe
2006-11-23 12:40   60,224   ----a-w   c:\program files\HUADRV.DLL
2006-11-03 07:09   528   ----a-w   c:\program files\CONFIG.INI
2005-11-17 05:46   845,736   ----a-w   c:\windows\inf\WG311v3\Vista64\DPInst.exe
2005-04-27 08:40   6,800   ----a-w   c:\program files\W95_HUA.vxd
2008-05-07 08:37   16,496   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-11-23_14.04.12.94   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-23 02:59:10   1,143,664   ----a-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-07 09:17:13   1,143,664   ----a-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-07 09:18:42   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 09:18:42   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-23 03:01:08   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-07 09:20:18   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-11-23 03:01:09   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 00:58:37   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 00:58:37   262,144   ---ha-w   c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-23 03:01:46   1,425,408   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-03 01:39:21   1,425,408   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-23 03:01:46   5,865,472   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-03 01:39:21   5,865,472   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-23 03:01:46   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-03 01:39:21   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-23 02:57:00   262,144   ----a-w   c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-08 02:26:05   262,144   ----a-w   c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-08 02:26:05   262,144   ---ha-w   c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-11-23 00:15:27   105,448   ----a-w   c:\windows\System32\perfc009.dat
+ 2008-12-07 09:25:48   105,448   ----a-w   c:\windows\System32\perfc009.dat
- 2008-11-23 00:15:27   599,942   ----a-w   c:\windows\System32\perfh009.dat
+ 2008-12-07 09:25:48   599,942   ----a-w   c:\windows\System32\perfh009.dat
- 2008-11-23 00:10:17   12,182   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-220370344-2337913255-810275737-1000_UserData.bin
+ 2008-12-07 09:20:28   12,434   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-220370344-2337913255-810275737-1000_UserData.bin
- 2008-11-23 00:10:16   72,060   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 09:20:27   72,526   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-09 04:05:50   3,028   ----a-w   c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-07 09:17:14   3,028   ----a-w   c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-23 00:10:14   78,702   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 09:20:24   79,162   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-22 22:06:22   260,436   ----a-w   c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-06 09:00:15   261,390   ----a-w   c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2007-02-23 139816]
"Windows Media Center"="c:\windows\ehome\ehuihlp.dll" [2008-01-18 1499136]
"Nero DriveSpeed"="c:\progra~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE" [2007-09-20 1975592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneEngine.exe" [2007-06-14 69632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-04-03 136080]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]

c:\users\Media Centre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [5/10/2008 7:27:33 PM 1172992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [4/22/2008 11:42:26 AM 36864]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [8/31/2005 11:46:50 AM 1691648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.CDVC"= cdvccodc.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AEAB85D1-5BDF-44BE-B1E5-0AFE137237E9}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{88B75BFA-0E87-48C8-ACCC-64504BDBAA65}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{651256BB-6D67-49C0-90DB-1174C4F5FEDF}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{8F5BE7E9-D5F4-4D35-BE47-F8CAD9CA4644}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{3176DAF5-F46E-43E0-B540-13A846A82E04}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"UDP Query User{70F4429B-2439-419B-83FF-DA766D263D61}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"TCP Query User{43FAAC04-9451-4360-9EAA-1F1B364B3CD1}c:\\program files\\gwflash.exe"= UDP:c:\program files\gwflash.exe:gwflash
"UDP Query User{FDB4E5B5-5285-415F-9806-B389D2B09A13}c:\\program files\\gwflash.exe"= TCP:c:\program files\gwflash.exe:gwflash
"TCP Query User{F204A39D-B297-49FF-B63B-C4D9F639D8EB}c:\\program files\\gigabyte\\@bios\\update.exe"= UDP:c:\program files\gigabyte\@bios\update.exe:update
"UDP Query User{BE296ADA-9CC5-46D0-87F5-A7E18186440F}c:\\program files\\gigabyte\\@bios\\update.exe"= TCP:c:\program files\gigabyte\@bios\update.exe:update
"TCP Query User{3367E75B-FFF5-4413-BF67-C7D933706696}d:\\program files\\tmnationsforever\\tmforever.exe"= UDP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{C2630B7A-93F5-4D51-9450-CD343A773C42}d:\\program files\\tmnationsforever\\tmforever.exe"= TCP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"{8A86151E-16AA-4308-A077-9FE605C9F5C0}"= UDP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"{DA808245-DD19-4E61-85A7-AC37F31800E9}"= TCP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"TCP Query User{B61B2908-E781-4FD2-9214-29C99ED0E153}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{8BAF1DF4-D050-4971-A25B-7C2AF68A5C09}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{963CC70A-5B6D-4869-AA0A-89C5C268AB98}"= UDP:56484:WebGuide
"{AAA7EFBE-C8E3-4590-A219-47EBEDF338FF}"= UDP:56485:WebGuide
"TCP Query User{4F3FFA99-7D4E-4E2A-9D3A-6ADAD9A3EFC3}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"UDP Query User{A51263EA-0DD2-44DC-875A-B59D3AD8D540}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"{46A11C06-2E57-436B-BFAE-FF65419BF063}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{236B0E50-A09C-4E5D-91B1-4A1FBDB104F0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{90C63744-6260-4009-ABFF-89AD6FD2957B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{54A692D9-818D-481C-8529-E4F1241206A9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{70C45649-7952-4C31-8A2A-4012C8E0FF9B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BCC11C71-76AF-45D3-BBB3-F5484424EA8C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BB4C64AA-3F0B-4B51-8ED8-37CC961C3510}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{738A84E1-918C-44C9-8E93-46DB1240ECC2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F3249610-7B2E-40F7-8041-3CCD410FE6A6}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B3FE81E3-AE8F-47B7-851D-AA106865D45C}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{7B11553E-036F-4874-8B07-255A7C74072B}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{E1E98ED7-CB38-4670-8360-65953A030A3D}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/23/2008 12:01:42 PM 28544]
R2 EZSERVICE;EZSERVICE;c:\program files\ASUS\EZVCR\EZSERVICE.exe [3/27/2007 6:32:10 PM 61440]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2/28/2008 10:44:58 AM 668936]
R2 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [4/3/2008 1:33:24 PM 121744]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;"c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe" [2/8/2007 1:06:10 AM 49152]
R2 WebGuideTranscode;WebGuideTranscode;"d:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe" [8/8/2007 8:28:42 PM 40960]
R2 wmcGuideServiceProxy;Windows Media Center Guide Service Proxy;"c:\program files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe" [9/28/2008 1:20:32 AM 22016]
R2 xmltvDownload;XMLTV Download Schedule Service;"c:\program files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe" [9/28/2008 1:12:00 AM 40960]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/5/2008 3:19:39 PM 99376]
R3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\Drivers\u3kmini.sys [10/16/2006 5:15:58 PM 350720]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [3/21/2008 7:34:26 PM 47624]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2/29/2008 2:08:14 PM 894216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22889c13-bf7a-11dd-a55a-001d7daf31dc}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e61a0ef-f72b-11dc-8675-001b2f2ce128}]
\shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fee477-fcae-11dc-a19d-001d7daf31dc}]
\shell\AutoRun\command - g:\portableapps\PortableAppsMenu\PortableAppsMenu.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\users\Media Centre\AppData\Roaming\Mozilla\Firefox\Profiles\dwft2yz6.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 13:27:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\MEDIAC~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-12-08 13:28:48
ComboFix-quarantined-files.txt  2008-12-08 02:28:46
ComboFix2.txt  2008-11-25 09:07:59
ComboFix3.txt  2008-11-23 04:02:00
ComboFix4.txt  2008-11-23 03:05:08

Pre-Run: 6,128,500,736 bytes free
Post-Run: 5,931,577,344 bytes free

234

4
Tech Clinic / Vista and the case of the mysterious audio
« on: December 07, 2008, 09:23:59 PM »
here is the malware scan log - some problems were found - will do a combo fix now

Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 6.0.6001 Service Pack 1

8/12/2008 1:21:25 PM
mbam-log-2008-12-08 (13-21-25).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 148210
Time elapsed: 1 hour(s), 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Windows\System32\tmp0_62837460417.bk.vir (Trojan.Agent) -> Quarantined and deleted successfully.
D:\tmp\Qucik Time Pro 7\Apple.QuickTime.Pro.v7.3.0.70.Multilingual.Regged-CORE\CORE10k.dat (Trojan.Agent) -> Quarantined and deleted successfully.
D:\tmp\EncoreCS3\Adobe Creative Master Collection Cracks, Launchers and KeyGens\Adobe Creative CS3 KeyGens Collection\SoundBooth CS3.exe (Trojan.Horst) -> Quarantined and deleted successfully.

5
Tech Clinic / Vista and the case of the mysterious audio
« on: November 28, 2008, 07:12:28 PM »
Yes it opens in notepad - here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:54 AM, on 29/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\dllhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Pegasys Inc\TMPGEnc 4.0 XPress\TMPGEnc4XP.exe
C:\Program Files\Pegasys Inc\TMPGEnc 4.0 XPress\TMPGEnc4XP.exe
C:\Windows\ehome\EHShell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
O4 - HKCU\..\Run: [Nero DriveSpeed] "C:\PROGRA~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: is-D15N9.lnk = C:\Users\Media Centre\Desktop\Virus Removal Tool\is-D15N9\startup.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\ASUS\EZVCR\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: WebGuideTranscode - WebGuide LLC - D:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
O23 - Service: Windows Media Center Guide Service Proxy (wmcGuideServiceProxy) - epgStream.net - C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe
O23 - Service: XMLTV Download Schedule Service (xmltvDownload) - epgStream.net - C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe

--
End of file - 8278 bytes

Symantec isn't going crazy and RAM usage seems better - haven't heard the crazy audio but i'll wait and see with that one

Are things looking clean?

6
Tech Clinic / Vista and the case of the mysterious audio
« on: November 28, 2008, 03:48:57 PM »
only opened in wordpad - here it is:

----
Scanned:   1098332
Detected:   93
Untreated:   24
Start time:   27/11/2008 6:39:29 PM
Duration:   03:00:17
Finish time:   27/11/2008 9:39:46 PM


Detected
--------
Status   Object
------   ------
deleted: Trojan program Trojan.Win32.DNSChanger.ipq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B80000.VBN//CryptZ
deleted: Trojan program Trojan-Clicker.Win32.VB.btu   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40022.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Delf.eyx   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40023.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40024.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40027.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40028.VBN//CryptZ
detected: Trojan program Trojan-Clicker.Win32.VB.cdj   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\096C0000\49EEC3AD.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.abdf   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40000\5AF597D3.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.aciw   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40001\5AF597E8.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.zem   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40002\5AF597FE.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.aclr   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40003\5AF59811.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.abaw   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40004\5AF59825.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.acmq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40005\5AF59833.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.aamh   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40006\5AF59843.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.adfl   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40007\5AF59853.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.adjn   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40008\5AF59863.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.acim   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40009\5AF59873.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.abay   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F4000A\5AF59882.VBN//CryptZ
deleted: Trojan program Trojan-Downloader.Win32.Delf.pgg   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680001\5F69FA2D.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680002\5F69FA38.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680003\5F69FA42.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.amek   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680004\5F69FA4C.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680005\5F69FA57.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680006\5F69FA62.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680007\5F69FA6C.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680008\5F69FA78.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aldm   File: C:\Qoobox\Quarantine\C\Windows\System32\afisicx.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Delf.pva   File: C:\Qoobox\Quarantine\C\Windows\System32\atsxyzd.sys.vir
deleted: Trojan program Trojan.Win32.Agent.adfj   File: C:\Qoobox\Quarantine\C\Windows\System32\noxtcyr.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Delf.nxm   File: C:\Qoobox\Quarantine\C\Windows\System32\otaxyzd.sys.vir
deleted: Trojan program Trojan.Win32.Agent.aagc   File: C:\Qoobox\Quarantine\C\Windows\System32\perfs.exe.vir
deleted: Trojan program Trojan.Win32.Delf.dwq   File: C:\Qoobox\Quarantine\C\Windows\System32\sxtsyctd.sys.vir
deleted: Trojan program Trojan.Win32.Delf.fdg   File: C:\Qoobox\Quarantine\C\Windows\System32\sytsyctd.sys.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_12493603732.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aoml   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_14473625980.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_22714849146.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_29822753375.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_363328710668.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_389931602173.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_407655195666.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_41896297445.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_428438206071.bk.vir
deleted: Trojan program Trojan.Win32.Agent.agcq   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_47074853538.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_486279743654.bk.vir
deleted: Trojan program Trojan.Win32.Agent.agcq   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_496483265188.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_524603798649.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aoml   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_56018976788.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_643621144325.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_67648332970.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_755151303061.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_828407789394.bk.vir
deleted: Trojan program Trojan.Win32.Agent.aoml   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_829061536196.bk.vir
deleted: Trojan program Trojan.Win32.Delf.ffa   File: C:\Qoobox\Quarantine\C\Windows\System32\tmpxr_839401238675.bk.vir
deleted: Trojan program Trojan.Win32.Agent.albx   File: C:\Qoobox\Quarantine\C\Windows\System32\udxfytw.sys.vir
deleted: Trojan program Trojan.Win32.Agent.abgy   File: C:\Qoobox\Quarantine\C\Windows\System32\wsldoekd.exe.vir
not found: Trojan program Trojan.Win32.DNSChanger.ipq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B80000.VBN//CryptZ
not found: Trojan program Trojan-Clicker.Win32.VB.btu   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40022.VBN//CryptZ
not found: Trojan program Trojan.Win32.Delf.eyx   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40023.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aomo   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40024.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aomo   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40027.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aomo   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40028.VBN//CryptZ
detected: Trojan program Trojan-Clicker.Win32.VB.cdj   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\096C0000\49EEC3AD.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.abdf   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40000\5AF597D3.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.aciw   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40001\5AF597E8.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.zem   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40002\5AF597FE.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.aclr   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40003\5AF59811.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.abaw   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40004\5AF59825.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.acmq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40005\5AF59833.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.aamh   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40006\5AF59843.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.adfl   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40007\5AF59853.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.adjn   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40008\5AF59863.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.acim   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F40009\5AF59873.VBN//CryptZ
detected: Trojan program Trojan.Win32.Agent.abay   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12F4000A\5AF59882.VBN//CryptZ
not found: Trojan program Trojan-Downloader.Win32.Delf.pgg   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680001\5F69FA2D.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680002\5F69FA38.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680003\5F69FA42.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.amek   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680004\5F69FA4C.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680005\5F69FA57.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680006\5F69FA62.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680007\5F69FA6C.VBN//CryptZ
not found: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16680008\5F69FA78.VBN//CryptZ
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_132858402114.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_140987208813.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_1586577027.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_166685560588.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_391755609967.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_434613548060.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_44534835079.bk
deleted: Trojan program Trojan.Win32.Agent.aomo   File: C:\Windows\System32\tmpxr_497535700406.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_503242189997.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_552550445083.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_598641732382.bk
deleted: Trojan program Trojan.Win32.Agent.aqfq   File: C:\Windows\System32\tmpxr_698875827316.bk

7
Tech Clinic / Vista and the case of the mysterious audio
« on: November 27, 2008, 05:48:17 AM »
I just completed the scan - and saved the text file but cannot open it - notepad just crashes each time. Also - access was denied to many of the files for deletion for some reason :-(

8
Tech Clinic / Vista and the case of the mysterious audio
« on: November 25, 2008, 04:06:17 PM »
Hi Guestolo,

I won't be able to do the kapersky scan. I have a download cap and the updates for the online scanner are going to cap me. Is there another scanning program (not online) that can scan my computer and my external drives?

Cheers

9
Tech Clinic / Vista and the case of the mysterious audio
« on: November 25, 2008, 04:11:20 AM »
Here is the combofix log:

ComboFix 08-11-24.01 - Media Centre 2008-11-25 19:55:44.3 - NTFSx86
Microsoft® Windows Vistaâ„¢ Ultimate   6.0.6001.1.1252.1.1033.18.985 [GMT 11:00]
Running from: c:\users\Media Centre\Desktop\ComboFix.exe
Command switches used :: c:\users\Media Centre\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
c:\windows\System32\otaxyzd.sys
c:\windows\System32\sxtsyctd.sys
c:\windows\System32\sytsyctd.sys
c:\windows\System32\tmpxr_12493603732.bk
c:\windows\System32\tmpxr_14473625980.bk
c:\windows\System32\tmpxr_22714849146.bk
c:\windows\System32\tmpxr_29822753375.bk
c:\windows\System32\tmpxr_363328710668.bk
c:\windows\System32\tmpxr_389931602173.bk
c:\windows\System32\tmpxr_407655195666.bk
c:\windows\System32\tmpxr_41896297445.bk
c:\windows\System32\tmpxr_428438206071.bk
c:\windows\System32\tmpxr_47074853538.bk
c:\windows\System32\tmpxr_486279743654.bk
c:\windows\System32\tmpxr_496483265188.bk
c:\windows\System32\tmpxr_524603798649.bk
c:\windows\System32\tmpxr_56018976788.bk
c:\windows\System32\tmpxr_643621144325.bk
c:\windows\System32\tmpxr_67648332970.bk
c:\windows\System32\tmpxr_755151303061.bk
c:\windows\System32\tmpxr_828407789394.bk
c:\windows\System32\tmpxr_829061536196.bk
c:\windows\System32\tmpxr_839401238675.bk
c:\windows\System32\udxfytw.sys
d:\tmp\Downloads\DVDFab.Platinum v.5.0.6.0 with.Serial\DVDFab5060.exe
d:\tmp\FU-Setup_LE.exe
d:\tmp\SmitfraudFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\otaxyzd.sys
c:\windows\System32\sxtsyctd.sys
c:\windows\System32\sytsyctd.sys
c:\windows\System32\tmpxr_12493603732.bk
c:\windows\System32\tmpxr_14473625980.bk
c:\windows\System32\tmpxr_22714849146.bk
c:\windows\System32\tmpxr_29822753375.bk
c:\windows\System32\tmpxr_363328710668.bk
c:\windows\System32\tmpxr_389931602173.bk
c:\windows\System32\tmpxr_407655195666.bk
c:\windows\System32\tmpxr_41896297445.bk
c:\windows\System32\tmpxr_428438206071.bk
c:\windows\System32\tmpxr_47074853538.bk
c:\windows\System32\tmpxr_486279743654.bk
c:\windows\System32\tmpxr_496483265188.bk
c:\windows\System32\tmpxr_524603798649.bk
c:\windows\System32\tmpxr_56018976788.bk
c:\windows\System32\tmpxr_643621144325.bk
c:\windows\System32\tmpxr_67648332970.bk
c:\windows\System32\tmpxr_755151303061.bk
c:\windows\System32\tmpxr_828407789394.bk
c:\windows\System32\tmpxr_829061536196.bk
c:\windows\System32\tmpxr_839401238675.bk
c:\windows\System32\udxfytw.sys
d:\tmp\Downloads\DVDFab.Platinum v.5.0.6.0 with.Serial\DVDFab5060.exe
d:\tmp\FU-Setup_LE.exe
d:\tmp\SmitfraudFix.exe
I:\autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Mea0xxoe


(((((((((((((((((((((((((   Files Created from 2008-10-25 to 2008-11-25  )))))))))))))))))))))))))))))))
.

2008-11-24 15:45 . 2008-11-24 15:50   19   --a------   C:\videos.vf
2008-11-23 14:52 . 2008-10-22 16:10   38,496   --a------   c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-23 14:52 . 2008-10-22 16:10   15,504   --a------   c:\windows\System32\drivers\mbam.sys
2008-11-23 12:40 . 2008-11-23 12:40   <DIR>   d--------   C:\rsit
2008-11-23 12:01 . 2008-11-23 12:01   <DIR>   d--------   c:\program files\Panda Security
2008-11-23 12:01 . 2008-06-19 17:24   28,544   --a------   c:\windows\System32\drivers\pavboot.sys
2008-11-23 11:58 . 2008-11-23 12:00   <DIR>   d--------   c:\users\Media Centre\.housecall6.6
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\users\All Users\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\programdata\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\program files\MC Menu Mender
2008-11-23 11:16 . 2008-11-23 11:16   <DIR>   d--------   c:\program files\SamSoft
2008-11-16 20:17 . 2008-11-16 20:17   <DIR>   d--------   c:\program files\Xvid
2008-11-16 20:17 . 2007-06-28 18:52   765,952   --a------   c:\windows\System32\xvidcore.dll
2008-11-16 20:17 . 2007-06-28 18:54   180,224   --a------   c:\windows\System32\xvidvfw.dll
2008-11-16 19:28 . 2008-11-16 19:28   <DIR>   d--------   c:\program files\avi.NET
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\users\All Users\VistaCodecs
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\programdata\VistaCodecs
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\users\All Users\OpenMediaLibrary
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\programdata\OpenMediaLibrary
2008-11-15 12:20 . 2008-11-15 12:20   <DIR>   d--------   c:\program files\OpenMediaLibrary

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 10:49   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\VideoReDoPlus
2008-11-24 10:48   ---------   d---a-w   c:\programdata\TEMP
2008-11-23 03:52   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-22 06:46   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\uTorrent
2008-11-17 07:29   ---------   d-----w   c:\program files\AviSynth 2.5
2008-11-16 22:03   ---------   d-----w   c:\programdata\VideoBrowser
2008-11-16 09:15   ---------   d-----w   c:\program files\DivX
2008-11-16 09:13   ---------   d-----w   c:\program files\Winnydows
2008-11-16 07:00   ---------   d-----w   c:\program files\Common Files\PX Storage Engine
2008-10-19 03:24   ---------   d-----w   c:\programdata\IsolatedStorage
2008-10-19 03:24   ---------   d-----w   c:\programdata\epgStream.net
2008-10-19 03:24   ---------   d-----w   c:\program files\epgStream.net
2008-10-07 04:11   ---------   d-----w   c:\program files\Red Kawa
2008-09-30 23:23   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\MusicIP
2008-09-30 23:23   ---------   d-----w   c:\program files\MusicIP
2008-07-24 01:07   47,360   ----a-w   c:\users\Media Centre\AppData\Roaming\pcouffin.sys
2008-03-21 09:33   174   --sha-w   c:\program files\desktop.ini
2008-02-14 03:28   29   ----a-w   c:\program files\version.ini
2008-02-14 03:23   231,944   ----a-w   c:\program files\gwflash.exe
2007-10-16 07:19   245,248   ----a-w   c:\windows\inf\WG311v3\Vista64\MRVW13C.sys
2007-10-16 07:14   256,512   ----a-w   c:\windows\inf\WG311v3\Vista32\MRVW13B.sys
2007-09-21 08:42   19,008   ----a-w   c:\program files\markfun.a64
2007-08-21 08:49   17,912   ----a-w   c:\program files\markfun.w32
2007-08-21 08:49   125,504   ----a-w   c:\program files\MarkFunDrv.dll
2007-05-24 04:58   249,856   ----a-w   c:\windows\inf\WG311v3\Vista32\InsDrv2k.exe
2007-04-04 07:35   207,680   ----a-w   c:\program files\updateutility.exe
2007-03-29 17:36   301   ----a-w   c:\program files\update.ini
2007-03-01 17:48   240,448   ----a-w   c:\program files\gwf32.exe
2006-11-23 12:47   207,680   ----a-w   c:\program files\BIOS_Run.exe
2006-11-23 12:40   60,224   ----a-w   c:\program files\HUADRV.DLL
2006-11-03 07:09   528   ----a-w   c:\program files\CONFIG.INI
2005-11-17 05:46   845,736   ----a-w   c:\windows\inf\WG311v3\Vista64\DPInst.exe
2005-04-27 08:40   6,800   ----a-w   c:\program files\W95_HUA.vxd
2008-05-07 08:37   16,496   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-11-23_14.04.12.94   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-23 02:59:10   1,143,664   ----a-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-25 08:58:28   1,143,664   ----a-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-11-23 03:01:08   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-25 09:00:43   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-25 09:00:43   262,144   ---ha-w   c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-23 03:01:09   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-25 09:00:42   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-25 09:00:42   262,144   ---ha-w   c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-23 03:01:46   1,425,408   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-23 03:55:06   1,425,408   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-23 03:01:46   5,865,472   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-23 03:55:06   5,865,472   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-23 03:01:46   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-23 03:55:06   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-23 02:57:00   262,144   ----a-w   c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-25 08:55:14   262,144   ----a-w   c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-23 00:15:27   105,448   ----a-w   c:\windows\System32\perfc009.dat
+ 2008-11-23 04:02:52   105,448   ----a-w   c:\windows\System32\perfc009.dat
- 2008-11-23 00:15:27   599,942   ----a-w   c:\windows\System32\perfh009.dat
+ 2008-11-23 04:02:52   599,942   ----a-w   c:\windows\System32\perfh009.dat
- 2008-11-23 00:10:17   12,182   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-220370344-2337913255-810275737-1000_UserData.bin
+ 2008-11-23 03:59:15   12,342   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-220370344-2337913255-810275737-1000_UserData.bin
- 2008-11-23 00:10:16   72,060   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-23 03:59:14   72,306   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-23 00:10:14   78,702   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-23 03:59:11   79,058   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2007-02-23 139816]
"Windows Media Center"="c:\windows\ehome\ehuihlp.dll" [2008-01-18 1499136]
"Nero DriveSpeed"="c:\progra~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE" [2007-09-20 1975592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneEngine.exe" [2007-06-14 69632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-04-03 136080]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]

c:\users\Media Centre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [5/10/2008 7:27:33 PM 1172992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [4/22/2008 11:42:26 AM 36864]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [8/31/2005 11:46:50 AM 1691648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.CDVC"= cdvccodc.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AEAB85D1-5BDF-44BE-B1E5-0AFE137237E9}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{88B75BFA-0E87-48C8-ACCC-64504BDBAA65}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{651256BB-6D67-49C0-90DB-1174C4F5FEDF}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{8F5BE7E9-D5F4-4D35-BE47-F8CAD9CA4644}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{3176DAF5-F46E-43E0-B540-13A846A82E04}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"UDP Query User{70F4429B-2439-419B-83FF-DA766D263D61}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"TCP Query User{43FAAC04-9451-4360-9EAA-1F1B364B3CD1}c:\\program files\\gwflash.exe"= UDP:c:\program files\gwflash.exe:gwflash
"UDP Query User{FDB4E5B5-5285-415F-9806-B389D2B09A13}c:\\program files\\gwflash.exe"= TCP:c:\program files\gwflash.exe:gwflash
"TCP Query User{F204A39D-B297-49FF-B63B-C4D9F639D8EB}c:\\program files\\gigabyte\\@bios\\update.exe"= UDP:c:\program files\gigabyte\@bios\update.exe:update
"UDP Query User{BE296ADA-9CC5-46D0-87F5-A7E18186440F}c:\\program files\\gigabyte\\@bios\\update.exe"= TCP:c:\program files\gigabyte\@bios\update.exe:update
"TCP Query User{3367E75B-FFF5-4413-BF67-C7D933706696}d:\\program files\\tmnationsforever\\tmforever.exe"= UDP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{C2630B7A-93F5-4D51-9450-CD343A773C42}d:\\program files\\tmnationsforever\\tmforever.exe"= TCP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"{8A86151E-16AA-4308-A077-9FE605C9F5C0}"= UDP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"{DA808245-DD19-4E61-85A7-AC37F31800E9}"= TCP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"TCP Query User{B61B2908-E781-4FD2-9214-29C99ED0E153}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{8BAF1DF4-D050-4971-A25B-7C2AF68A5C09}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{963CC70A-5B6D-4869-AA0A-89C5C268AB98}"= UDP:56484:WebGuide
"{AAA7EFBE-C8E3-4590-A219-47EBEDF338FF}"= UDP:56485:WebGuide
"TCP Query User{4F3FFA99-7D4E-4E2A-9D3A-6ADAD9A3EFC3}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"UDP Query User{A51263EA-0DD2-44DC-875A-B59D3AD8D540}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"{46A11C06-2E57-436B-BFAE-FF65419BF063}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{236B0E50-A09C-4E5D-91B1-4A1FBDB104F0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{90C63744-6260-4009-ABFF-89AD6FD2957B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{54A692D9-818D-481C-8529-E4F1241206A9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{70C45649-7952-4C31-8A2A-4012C8E0FF9B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BCC11C71-76AF-45D3-BBB3-F5484424EA8C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BB4C64AA-3F0B-4B51-8ED8-37CC961C3510}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{738A84E1-918C-44C9-8E93-46DB1240ECC2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F3249610-7B2E-40F7-8041-3CCD410FE6A6}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B3FE81E3-AE8F-47B7-851D-AA106865D45C}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{7B11553E-036F-4874-8B07-255A7C74072B}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{E1E98ED7-CB38-4670-8360-65953A030A3D}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/23/2008 12:01:42 PM 28544]
R2 EZSERVICE;EZSERVICE;c:\program files\ASUS\EZVCR\EZSERVICE.exe [3/27/2007 6:32:10 PM 61440]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2/28/2008 10:44:58 AM 668936]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;"c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe" [2/8/2007 1:06:10 AM 49152]
R2 WebGuideTranscode;WebGuideTranscode;"d:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe" [8/8/2007 8:28:42 PM 40960]
R2 wmcGuideServiceProxy;Windows Media Center Guide Service Proxy;"c:\program files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe" [9/28/2008 1:20:32 AM 22016]
R2 xmltvDownload;XMLTV Download Schedule Service;"c:\program files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe" [9/28/2008 1:12:00 AM 40960]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [10/31/2007 8:53:04 AM 3168768]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13B.sys [10/16/2007 6:14:24 PM 256512]
R3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\Drivers\u3kmini.sys [10/16/2006 5:15:58 PM 350720]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [3/21/2008 7:34:26 PM 47624]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2/29/2008 2:08:14 PM 894216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e61a0ef-f72b-11dc-8675-001b2f2ce128}]
\shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fee477-fcae-11dc-a19d-001d7daf31dc}]
\shell\AutoRun\command - g:\portableapps\PortableAppsMenu\PortableAppsMenu.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:00:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\ASUS\EZVCR\Agent.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxy.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Raxco\PerfectDisk2008\PD91AgentS1.exe
c:\windows\ehome\ehsched.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\program files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehshell.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\MagicTune Premium\MagicTune.exe
c:\windows\ehome\ehrecvr.exe
d:\program files\WebGuide\WebGuide4\bin\WebGuideServiceMonitor.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\wercon.exe
c:\windows\ehome\ehrec.exe
.
**************************************************************************
.
Completion time: 2008-11-25 20:07:58 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-25 09:07:55
ComboFix2.txt  2008-11-23 04:02:00
ComboFix3.txt  2008-11-23 03:05:08

Pre-Run: 7,618,744,320 bytes free
Post-Run: 9,150,824,448 bytes free

313


Awaiting Kapersy to update again --> the updates take up alot of download bandwidth :-(

10
Tech Clinic / Vista and the case of the mysterious audio
« on: November 24, 2008, 05:36:55 PM »
I am at work at the moment but will do this as soon as I get home.

As for the h:drive...that could one of many - a usb key OR a USB HDD (very new - about 2 weeks old used as a back-up) is there any chance I could loose the data on this drive?

By the look of the scan - the computer seems fairly infected - does this seem like something that would cause the muisc/audio stuff to occur?

ALSO - as you prob know from the logs i have 4gb ram (3.5gb in vista) and when the computer idles (for me this is with media centre open but not doing anything) it utilises over 2gb, normally about 2.2-2.3gb

This is not normal and did not used to be like this - it used to idle well below 2gb -- could a virus be causing this?

Cheers

11
Tech Clinic / Vista and the case of the mysterious audio
« on: November 23, 2008, 09:06:25 PM »
Kaspersky Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Monday, November 24, 2008
 Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Sunday, November 23, 2008 01:49:29
 Records in database: 1404263
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   C:\
   D:\
   E:\
   F:\
   G:\

Scan statistics:
   Files scanned: 115666
   Threat name: 19
   Infected objects: 45
   Suspicious objects: 0
   Duration of the scan: 01:41:41


File name / Threat name / Threats count
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B80000.VBN   Infected: Trojan.Win32.DNSChanger.ipq   1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40022.VBN   Infected: Trojan-Clicker.Win32.VB.btu   1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40023.VBN   Infected: Trojan.Win32.Delf.eyx   1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40024.VBN   Infected: Trojan.Win32.Agent.aomo   1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40027.VBN   Infected: Trojan.Win32.Agent.aomo   1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40028.VBN   Infected: Trojan.Win32.Agent.aomo   1
C:\Qoobox\Quarantine\C\Windows\System32\afisicx.exe.vir   Infected: Trojan.Win32.Agent.aldm   1
C:\Qoobox\Quarantine\C\Windows\System32\noxtcyr.exe.vir   Infected: Trojan.Win32.Agent.adfj   1
C:\Qoobox\Quarantine\C\Windows\System32\perfs.exe.vir   Infected: Trojan.Win32.Agent.aagc   1
C:\Qoobox\Quarantine\C\Windows\System32\wsldoekd.exe.vir   Infected: Trojan.Win32.Agent.abgy   1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B80000.VBN   Infected: Trojan.Win32.DNSChanger.ipq   1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40022.VBN   Infected: Trojan-Clicker.Win32.VB.btu   1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40023.VBN   Infected: Trojan.Win32.Delf.eyx   1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40024.VBN   Infected: Trojan.Win32.Agent.aomo   1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40027.VBN   Infected: Trojan.Win32.Agent.aomo   1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\34C40028.VBN   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\otaxyzd.sys   Infected: Trojan-Downloader.Win32.Delf.nxm   1
C:\Windows\System32\sxtsyctd.sys   Infected: Trojan.Win32.Delf.dwq   1
C:\Windows\System32\sytsyctd.sys   Infected: Trojan.Win32.Delf.fdg   1
C:\Windows\System32\tmpxr_12493603732.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_14473625980.bk   Infected: Trojan.Win32.Agent.aoml   1
C:\Windows\System32\tmpxr_22714849146.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_29822753375.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_363328710668.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_389931602173.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_407655195666.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_41896297445.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_428438206071.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_47074853538.bk   Infected: Trojan.Win32.Agent.agcq   1
C:\Windows\System32\tmpxr_486279743654.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_496483265188.bk   Infected: Trojan.Win32.Agent.agcq   1
C:\Windows\System32\tmpxr_497535700406.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_524603798649.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_56018976788.bk   Infected: Trojan.Win32.Agent.aoml   1
C:\Windows\System32\tmpxr_643621144325.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_67648332970.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_755151303061.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_828407789394.bk   Infected: Trojan.Win32.Agent.aomo   1
C:\Windows\System32\tmpxr_829061536196.bk   Infected: Trojan.Win32.Agent.aoml   1
C:\Windows\System32\tmpxr_839401238675.bk   Infected: Trojan.Win32.Delf.ffa   1
C:\Windows\System32\udxfytw.sys   Infected: Trojan.Win32.Agent.albx   1
D:\tmp\Downloads\DVDFab.Platinum v.5.0.6.0 with.Serial\DVDFab5060.exe   Infected: Trojan-Dropper.Win32.SFX.p   1
D:\tmp\FU-Setup_LE.exe   Infected: not-a-virus:AdWare.Win32.Rabio.ij   1
D:\tmp\SmitfraudFix.exe   Infected: Hoax.Win32.Renos.dws   1
D:\tmp\SmitfraudFix.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   1

The selected area was scanned.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:51 PM, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehShell.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehExtHost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\avi.NET\avi.NET.exe
C:\Program Files\Pegasys Inc\TMPGEnc 4.0 XPress\TMPGEnc4XP.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
O4 - HKCU\..\Run: [Nero DriveSpeed] "C:\PROGRA~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\ASUS\EZVCR\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: WebGuideTranscode - WebGuide LLC - D:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
O23 - Service: Windows Media Center Guide Service Proxy (wmcGuideServiceProxy) - epgStream.net - C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe
O23 - Service: XMLTV Download Schedule Service (xmltvDownload) - epgStream.net - C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe

--
End of file - 8306 bytes

12
Tech Clinic / Vista and the case of the mysterious audio
« on: November 23, 2008, 01:57:52 AM »
hey sorry the updates are taking a long time so I will post the new logs in the morning. Thank you so much for your help so far, hopefully we can get rid of this virus soon!!! Cheers

13
Tech Clinic / Vista and the case of the mysterious audio
« on: November 22, 2008, 11:07:20 PM »
ComboFix 08-11-22.02 - Media Centre 2008-11-23 14:59:24.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Ultimate   6.0.6001.1.1252.1.1033.18.2343 [GMT 11:00]
Running from: c:\users\Media Centre\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\system32\tpszxyd.sys

.
(((((((((((((((((((((((((   Files Created from 2008-10-23 to 2008-11-23  )))))))))))))))))))))))))))))))
.

2008-11-23 14:52 . 2008-10-22 16:10   38,496   --a------   c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-23 14:52 . 2008-10-22 16:10   15,504   --a------   c:\windows\System32\drivers\mbam.sys
2008-11-23 12:40 . 2008-11-23 12:40   <DIR>   d--------   C:\rsit
2008-11-23 12:01 . 2008-11-23 12:01   <DIR>   d--------   c:\program files\Panda Security
2008-11-23 12:01 . 2008-06-19 17:24   28,544   --a------   c:\windows\System32\drivers\pavboot.sys
2008-11-23 11:58 . 2008-11-23 12:00   <DIR>   d--------   c:\users\Media Centre\.housecall6.6
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\users\All Users\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\programdata\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\program files\MC Menu Mender
2008-11-23 11:16 . 2008-11-23 11:16   <DIR>   d--------   c:\program files\SamSoft
2008-11-16 20:17 . 2008-11-16 20:17   <DIR>   d--------   c:\program files\Xvid
2008-11-16 20:17 . 2007-06-28 18:52   765,952   --a------   c:\windows\System32\xvidcore.dll
2008-11-16 20:17 . 2007-06-28 18:54   180,224   --a------   c:\windows\System32\xvidvfw.dll
2008-11-16 19:28 . 2008-11-16 19:28   <DIR>   d--------   c:\program files\avi.NET
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\users\All Users\VistaCodecs
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\programdata\VistaCodecs
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\users\All Users\OpenMediaLibrary
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\programdata\OpenMediaLibrary
2008-11-15 12:20 . 2008-11-15 12:20   <DIR>   d--------   c:\program files\OpenMediaLibrary

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 03:52   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-22 06:46   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\uTorrent
2008-11-21 23:48   ---------   d---a-w   c:\programdata\TEMP
2008-11-21 23:46   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\VideoReDoPlus
2008-11-17 07:29   ---------   d-----w   c:\program files\AviSynth 2.5
2008-11-16 22:03   ---------   d-----w   c:\programdata\VideoBrowser
2008-11-16 09:15   ---------   d-----w   c:\program files\DivX
2008-11-16 09:13   ---------   d-----w   c:\program files\Winnydows
2008-11-16 07:00   ---------   d-----w   c:\program files\Common Files\PX Storage Engine
2008-10-19 03:24   ---------   d-----w   c:\programdata\IsolatedStorage
2008-10-19 03:24   ---------   d-----w   c:\programdata\epgStream.net
2008-10-19 03:24   ---------   d-----w   c:\program files\epgStream.net
2008-10-07 04:11   ---------   d-----w   c:\program files\Red Kawa
2008-09-30 23:23   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\MusicIP
2008-09-30 23:23   ---------   d-----w   c:\program files\MusicIP
2008-09-05 12:16   1,900,544   ----a-w   c:\windows\System32\usbaaplrc.dll
2008-08-29 00:18   87,336   ----a-w   c:\windows\System32\dns-sd.exe
2008-08-28 23:53   61,440   ----a-w   c:\windows\System32\dnssd.dll
2008-07-24 01:07   47,360   ----a-w   c:\users\Media Centre\AppData\Roaming\pcouffin.sys
2008-03-21 09:33   174   --sha-w   c:\program files\desktop.ini
2008-02-14 03:28   29   ----a-w   c:\program files\version.ini
2008-02-14 03:23   231,944   ----a-w   c:\program files\gwflash.exe
2007-10-16 07:19   245,248   ----a-w   c:\windows\inf\WG311v3\Vista64\MRVW13C.sys
2007-10-16 07:14   256,512   ----a-w   c:\windows\inf\WG311v3\Vista32\MRVW13B.sys
2007-09-21 08:42   19,008   ----a-w   c:\program files\markfun.a64
2007-08-21 08:49   17,912   ----a-w   c:\program files\markfun.w32
2007-08-21 08:49   125,504   ----a-w   c:\program files\MarkFunDrv.dll
2007-05-24 04:58   249,856   ----a-w   c:\windows\inf\WG311v3\Vista32\InsDrv2k.exe
2007-04-04 07:35   207,680   ----a-w   c:\program files\updateutility.exe
2007-03-29 17:36   301   ----a-w   c:\program files\update.ini
2007-03-01 17:48   240,448   ----a-w   c:\program files\gwf32.exe
2006-11-23 12:47   207,680   ----a-w   c:\program files\BIOS_Run.exe
2006-11-23 12:40   60,224   ----a-w   c:\program files\HUADRV.DLL
2006-11-03 07:09   528   ----a-w   c:\program files\CONFIG.INI
2005-11-17 05:46   845,736   ----a-w   c:\windows\inf\WG311v3\Vista64\DPInst.exe
2005-04-27 08:40   6,800   ----a-w   c:\program files\W95_HUA.vxd
2008-05-07 08:37   16,496   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-11-23_14.04.12.94   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-23 03:57:26   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-23 03:57:26   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-23 03:01:08   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-23 03:58:58   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-23 03:58:58   262,144   ---ha-w   c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-23 03:01:09   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-23 04:00:48   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-23 04:00:48   262,144   ---ha-w   c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-23 03:01:46   1,425,408   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-23 03:55:06   1,425,408   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-23 03:01:46   5,865,472   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-23 03:55:06   5,865,472   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-23 03:01:46   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-23 03:55:06   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-23 00:15:27   105,448   ----a-w   c:\windows\System32\perfc009.dat
+ 2008-11-23 03:07:05   105,448   ----a-w   c:\windows\System32\perfc009.dat
- 2008-11-23 00:15:27   599,942   ----a-w   c:\windows\System32\perfh009.dat
+ 2008-11-23 03:07:05   599,942   ----a-w   c:\windows\System32\perfh009.dat
- 2008-11-23 00:10:17   12,182   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-220370344-2337913255-810275737-1000_UserData.bin
+ 2008-11-23 03:59:15   12,342   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-220370344-2337913255-810275737-1000_UserData.bin
- 2008-11-23 00:10:16   72,060   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-23 03:59:14   72,306   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-23 00:10:14   78,702   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-23 03:59:11   79,058   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2007-02-23 139816]
"Windows Media Center"="c:\windows\ehome\ehuihlp.dll" [2008-01-18 1499136]
"Nero DriveSpeed"="c:\progra~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE" [2007-09-20 1975592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneEngine.exe" [2007-06-14 69632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-04-03 136080]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]

c:\users\Media Centre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [5/10/2008 7:27:33 PM 1172992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [4/22/2008 11:42:26 AM 36864]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [8/31/2005 11:46:50 AM 1691648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.CDVC"= cdvccodc.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AEAB85D1-5BDF-44BE-B1E5-0AFE137237E9}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{88B75BFA-0E87-48C8-ACCC-64504BDBAA65}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{651256BB-6D67-49C0-90DB-1174C4F5FEDF}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{8F5BE7E9-D5F4-4D35-BE47-F8CAD9CA4644}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{3176DAF5-F46E-43E0-B540-13A846A82E04}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"UDP Query User{70F4429B-2439-419B-83FF-DA766D263D61}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"TCP Query User{43FAAC04-9451-4360-9EAA-1F1B364B3CD1}c:\\program files\\gwflash.exe"= UDP:c:\program files\gwflash.exe:gwflash
"UDP Query User{FDB4E5B5-5285-415F-9806-B389D2B09A13}c:\\program files\\gwflash.exe"= TCP:c:\program files\gwflash.exe:gwflash
"TCP Query User{F204A39D-B297-49FF-B63B-C4D9F639D8EB}c:\\program files\\gigabyte\\@bios\\update.exe"= UDP:c:\program files\gigabyte\@bios\update.exe:update
"UDP Query User{BE296ADA-9CC5-46D0-87F5-A7E18186440F}c:\\program files\\gigabyte\\@bios\\update.exe"= TCP:c:\program files\gigabyte\@bios\update.exe:update
"TCP Query User{3367E75B-FFF5-4413-BF67-C7D933706696}d:\\program files\\tmnationsforever\\tmforever.exe"= UDP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{C2630B7A-93F5-4D51-9450-CD343A773C42}d:\\program files\\tmnationsforever\\tmforever.exe"= TCP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"{8A86151E-16AA-4308-A077-9FE605C9F5C0}"= UDP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"{DA808245-DD19-4E61-85A7-AC37F31800E9}"= TCP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"TCP Query User{B61B2908-E781-4FD2-9214-29C99ED0E153}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{8BAF1DF4-D050-4971-A25B-7C2AF68A5C09}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{963CC70A-5B6D-4869-AA0A-89C5C268AB98}"= UDP:56484:WebGuide
"{AAA7EFBE-C8E3-4590-A219-47EBEDF338FF}"= UDP:56485:WebGuide
"TCP Query User{4F3FFA99-7D4E-4E2A-9D3A-6ADAD9A3EFC3}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"UDP Query User{A51263EA-0DD2-44DC-875A-B59D3AD8D540}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"{46A11C06-2E57-436B-BFAE-FF65419BF063}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{236B0E50-A09C-4E5D-91B1-4A1FBDB104F0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{90C63744-6260-4009-ABFF-89AD6FD2957B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{54A692D9-818D-481C-8529-E4F1241206A9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{70C45649-7952-4C31-8A2A-4012C8E0FF9B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BCC11C71-76AF-45D3-BBB3-F5484424EA8C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BB4C64AA-3F0B-4B51-8ED8-37CC961C3510}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{738A84E1-918C-44C9-8E93-46DB1240ECC2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F3249610-7B2E-40F7-8041-3CCD410FE6A6}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B3FE81E3-AE8F-47B7-851D-AA106865D45C}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{7B11553E-036F-4874-8B07-255A7C74072B}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{E1E98ED7-CB38-4670-8360-65953A030A3D}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/23/2008 12:01:42 PM 28544]
R2 EZSERVICE;EZSERVICE;c:\program files\ASUS\EZVCR\EZSERVICE.exe [3/27/2007 6:32:10 PM 61440]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2/28/2008 10:44:58 AM 668936]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;"c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe" [2/8/2007 1:06:10 AM 49152]
R2 WebGuideTranscode;WebGuideTranscode;"d:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe" [8/8/2007 8:28:42 PM 40960]
R2 wmcGuideServiceProxy;Windows Media Center Guide Service Proxy;"c:\program files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe" [9/28/2008 1:20:32 AM 22016]
R2 xmltvDownload;XMLTV Download Schedule Service;"c:\program files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe" [9/28/2008 1:12:00 AM 40960]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [10/31/2007 8:53:04 AM 3168768]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13B.sys [10/16/2007 6:14:24 PM 256512]
R3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\Drivers\u3kmini.sys [10/16/2006 5:15:58 PM 350720]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [3/21/2008 7:34:26 PM 47624]
S3 Mea0xxoe;Mea0xxoe; []
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2/29/2008 2:08:14 PM 894216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e61a0ef-f72b-11dc-8675-001b2f2ce128}]
\shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fee477-fcae-11dc-a19d-001d7daf31dc}]
\shell\AutoRun\command - g:\portableapps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64f9c3cd-022e-11dd-afd1-001d7daf31dc}]
\shell\Auto\command - auto.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Media Centre\AppData\Roaming\Mozilla\Firefox\Profiles\dwft2yz6.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 15:01:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-23 15:01:59
ComboFix-quarantined-files.txt  2008-11-23 04:01:57
ComboFix2.txt  2008-11-23 03:05:08

Pre-Run: 7,915,225,088 bytes free
Post-Run: 7,893,602,304 bytes free

230

MALWARE:

Malwarebytes' Anti-Malware 1.30
Database version: 1417
Windows 6.0.6001 Service Pack 1

23/11/2008 2:55:25 PM
mbam-log-2008-11-23 (14-55-25).txt

Scan type: Quick Scan
Objects scanned: 44913
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Infected: 8
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\Windows\System32\solewxte.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\noytcyr.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\roytctm.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\tdydowkc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\wsldoekd.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\solewxte (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\solewxte (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\solewxte (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\solewxte.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\noytcyr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\roytctm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\soxpeca.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\tdydowkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\wsldoekd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:31 PM, on 23/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files\No-IP\DUC20.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\dllhost.exe
C:\Windows\ehome\EHTray.exe
C:\Windows\ehome\ehshell.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehExtHost.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\tmp\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Media Centre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
O4 - HKCU\..\Run: [Nero DriveSpeed] "C:\PROGRA~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx  Portable Media Serial Service (afisicx) - Unknown owner - C:\Windows\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\ASUS\EZVCR\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mabidwe  Service (mabidwe) - Unknown owner - C:\Windows\system32\mabidwe.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nobicyt  Service (nobicyt) - Unknown owner - C:\Windows\system32\Nobicyt.exe (file missing)
O23 - Service: noxtcyr  Settings storage service (noxtcyr) - Unknown owner - C:\Windows\system32\noxtcyr.exe
O23 - Service: noytcyr  Service (noytcyr) - Unknown owner - C:\Windows\system32\noytcyr.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: perfmons - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: roytctm  Service (roytctm) - Unknown owner - C:\Windows\system32\roytctm.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: solewxte  Service (solewxte) - Unknown owner - C:\Windows\system32\solewxte.exe
O23 - Service: soxpeca  Service (soxpeca) - Unknown owner - C:\Windows\system32\soxpeca.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: tdydowkc  Service (tdydowkc) - Unknown owner - C:\Windows\system32\tdydowkc.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: WebGuideTranscode - WebGuide LLC - D:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
O23 - Service: Windows Media Center Guide Service Proxy (wmcGuideServiceProxy) - epgStream.net - C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe
O23 - Service: wsldoekd  Co. Ltd. (wsldoekd) - Unknown owner - C:\Windows\system32\wsldoekd.exe
O23 - Service: XMLTV Download Schedule Service (xmltvDownload) - epgStream.net - C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe

--
End of file - 10158 bytes

During the malware scan - i had the audio problem again - sounded like an ad for something :-(

14
Tech Clinic / Vista and the case of the mysterious audio
« on: November 22, 2008, 10:06:53 PM »
ComboFix 08-11-22.02 - Media Centre 2008-11-23 13:57:06.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Ultimate   6.0.6001.1.1252.1.1033.18.1611 [GMT 11:00]
Running from: c:\users\Media Centre\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\update.exe
c:\users\Media Centre\AppData\Roaming\inst.exe
c:\windows\BM95ef33eb.txt
c:\windows\BM95ef33eb.xml
c:\windows\Install.txt
c:\windows\pskt.ini
c:\windows\system32\afisicx.exe
c:\windows\system32\atsxyzd.sys
c:\windows\system32\comsa32.sys
c:\windows\system32\filtkfoc.ini
c:\windows\system32\lwaemjij.ini
c:\windows\system32\mabidwe.exe
c:\windows\system32\noxtcyr.exe
c:\windows\system32\noytcyr.exe
c:\windows\system32\perfs.exe
c:\windows\system32\routing.exe
c:\windows\system32\roytctm.exe
c:\windows\system32\soxpeca.exe
c:\windows\system32\tdydowkc.exe
c:\windows\system32\tmp0_115047810747.bk
c:\windows\system32\tmp0_186804389726.bk
c:\windows\system32\tmp0_224977588242.bk
c:\windows\system32\tmp0_514739119399.bk
c:\windows\system32\tmp0_576990597331.bk
c:\windows\system32\tmp0_620659106581.bk
c:\windows\system32\tmp0_62837460417.bk
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wsldoekd.exe
c:\windows\system32\wvwvw.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_afisicx
-------\Service_mabidwe
-------\Service_nobicyt
-------\Service_noxtcyr
-------\Service_noytcyr
-------\Service_perfmons
-------\Service_Routing
-------\Service_roytctm
-------\Service_soxpeca
-------\Service_tdydowkc
-------\Service_wsldoekd


(((((((((((((((((((((((((   Files Created from 2008-10-23 to 2008-11-23  )))))))))))))))))))))))))))))))
.

2008-11-23 12:40 . 2008-11-23 12:40   <DIR>   d--------   C:\rsit
2008-11-23 12:01 . 2008-11-23 12:01   <DIR>   d--------   c:\program files\Panda Security
2008-11-23 12:01 . 2008-06-19 17:24   28,544   --a------   c:\windows\System32\drivers\pavboot.sys
2008-11-23 11:58 . 2008-11-23 12:00   <DIR>   d--------   c:\users\Media Centre\.housecall6.6
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\users\All Users\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\programdata\MC Menu Mender BETA
2008-11-23 11:19 . 2008-11-23 11:19   <DIR>   d--------   c:\program files\MC Menu Mender
2008-11-23 11:16 . 2008-11-23 11:16   <DIR>   d--------   c:\program files\SamSoft
2008-11-16 20:17 . 2008-11-16 20:17   <DIR>   d--------   c:\program files\Xvid
2008-11-16 20:17 . 2007-06-28 18:52   765,952   --a------   c:\windows\System32\xvidcore.dll
2008-11-16 20:17 . 2007-06-28 18:54   180,224   --a------   c:\windows\System32\xvidvfw.dll
2008-11-16 19:28 . 2008-11-16 19:28   <DIR>   d--------   c:\program files\avi.NET
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\users\All Users\VistaCodecs
2008-11-16 17:58 . 2008-11-16 17:58   <DIR>   d--------   c:\programdata\VistaCodecs
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\users\All Users\OpenMediaLibrary
2008-11-15 12:21 . 2008-11-15 12:23   <DIR>   d--------   c:\programdata\OpenMediaLibrary
2008-11-15 12:20 . 2008-11-15 12:20   <DIR>   d--------   c:\program files\OpenMediaLibrary

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 06:46   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\uTorrent
2008-11-21 23:48   ---------   d---a-w   c:\programdata\TEMP
2008-11-21 23:46   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\VideoReDoPlus
2008-11-17 07:29   ---------   d-----w   c:\program files\AviSynth 2.5
2008-11-16 22:03   ---------   d-----w   c:\programdata\VideoBrowser
2008-11-16 09:15   ---------   d-----w   c:\program files\DivX
2008-11-16 09:13   ---------   d-----w   c:\program files\Winnydows
2008-11-16 07:00   ---------   d-----w   c:\program files\Common Files\PX Storage Engine
2008-10-19 03:24   ---------   d-----w   c:\programdata\IsolatedStorage
2008-10-19 03:24   ---------   d-----w   c:\programdata\epgStream.net
2008-10-19 03:24   ---------   d-----w   c:\program files\epgStream.net
2008-10-07 04:11   ---------   d-----w   c:\program files\Red Kawa
2008-09-30 23:23   ---------   d-----w   c:\users\Media Centre\AppData\Roaming\MusicIP
2008-09-30 23:23   ---------   d-----w   c:\program files\MusicIP
2008-07-24 01:07   47,360   ----a-w   c:\users\Media Centre\AppData\Roaming\pcouffin.sys
2008-03-21 09:33   174   --sha-w   c:\program files\desktop.ini
2008-02-14 03:28   29   ----a-w   c:\program files\version.ini
2008-02-14 03:23   231,944   ----a-w   c:\program files\gwflash.exe
2007-09-21 08:42   19,008   ----a-w   c:\program files\markfun.a64
2007-08-21 08:49   17,912   ----a-w   c:\program files\markfun.w32
2007-08-21 08:49   125,504   ----a-w   c:\program files\MarkFunDrv.dll
2007-04-04 07:35   207,680   ----a-w   c:\program files\updateutility.exe
2007-03-29 17:36   301   ----a-w   c:\program files\update.ini
2007-03-01 17:48   240,448   ----a-w   c:\program files\gwf32.exe
2006-11-23 12:47   207,680   ----a-w   c:\program files\BIOS_Run.exe
2006-11-23 12:40   60,224   ----a-w   c:\program files\HUADRV.DLL
2006-11-03 07:09   528   ----a-w   c:\program files\CONFIG.INI
2005-04-27 08:40   6,800   ----a-w   c:\program files\W95_HUA.vxd
2008-05-07 08:37   16,496   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2007-02-23 139816]
"Windows Media Center"="c:\windows\ehome\ehuihlp.dll" [2008-01-18 1499136]
"Nero DriveSpeed"="c:\progra~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE" [2007-09-20 1975592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneEngine.exe" [2007-06-14 69632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-04-03 136080]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]

c:\users\Media Centre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [5/10/2008 7:27:33 PM 1172992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [4/22/2008 11:42:26 AM 36864]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [8/31/2005 11:46:50 AM 1691648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.CDVC"= cdvccodc.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AEAB85D1-5BDF-44BE-B1E5-0AFE137237E9}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{88B75BFA-0E87-48C8-ACCC-64504BDBAA65}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{651256BB-6D67-49C0-90DB-1174C4F5FEDF}c:\\program files\\gigabyte\\gest\\run.exe"= UDP:c:\program files\gigabyte\gest\run.exe:update
"UDP Query User{8F5BE7E9-D5F4-4D35-BE47-F8CAD9CA4644}c:\\program files\\gigabyte\\gest\\run.exe"= TCP:c:\program files\gigabyte\gest\run.exe:update
"TCP Query User{3176DAF5-F46E-43E0-B540-13A846A82E04}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"UDP Query User{70F4429B-2439-419B-83FF-DA766D263D61}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:c:\program files\gigabyte\@bios\gwflash.exe:gwflash
"TCP Query User{43FAAC04-9451-4360-9EAA-1F1B364B3CD1}c:\\program files\\gwflash.exe"= UDP:c:\program files\gwflash.exe:gwflash
"UDP Query User{FDB4E5B5-5285-415F-9806-B389D2B09A13}c:\\program files\\gwflash.exe"= TCP:c:\program files\gwflash.exe:gwflash
"TCP Query User{F204A39D-B297-49FF-B63B-C4D9F639D8EB}c:\\program files\\gigabyte\\@bios\\update.exe"= UDP:c:\program files\gigabyte\@bios\update.exe:update
"UDP Query User{BE296ADA-9CC5-46D0-87F5-A7E18186440F}c:\\program files\\gigabyte\\@bios\\update.exe"= TCP:c:\program files\gigabyte\@bios\update.exe:update
"TCP Query User{3367E75B-FFF5-4413-BF67-C7D933706696}d:\\program files\\tmnationsforever\\tmforever.exe"= UDP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{C2630B7A-93F5-4D51-9450-CD343A773C42}d:\\program files\\tmnationsforever\\tmforever.exe"= TCP:d:\program files\tmnationsforever\tmforever.exe:TmForever
"{8A86151E-16AA-4308-A077-9FE605C9F5C0}"= UDP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"{DA808245-DD19-4E61-85A7-AC37F31800E9}"= TCP:c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:UltiDev Cassini Web Server for ASP.NET 2.0
"TCP Query User{B61B2908-E781-4FD2-9214-29C99ED0E153}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{8BAF1DF4-D050-4971-A25B-7C2AF68A5C09}d:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:d:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{963CC70A-5B6D-4869-AA0A-89C5C268AB98}"= UDP:56484:WebGuide
"{AAA7EFBE-C8E3-4590-A219-47EBEDF338FF}"= UDP:56485:WebGuide
"TCP Query User{4F3FFA99-7D4E-4E2A-9D3A-6ADAD9A3EFC3}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"UDP Query User{A51263EA-0DD2-44DC-875A-B59D3AD8D540}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime Essentials
"{46A11C06-2E57-436B-BFAE-FF65419BF063}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{236B0E50-A09C-4E5D-91B1-4A1FBDB104F0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{90C63744-6260-4009-ABFF-89AD6FD2957B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{54A692D9-818D-481C-8529-E4F1241206A9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{70C45649-7952-4C31-8A2A-4012C8E0FF9B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BCC11C71-76AF-45D3-BBB3-F5484424EA8C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BB4C64AA-3F0B-4B51-8ED8-37CC961C3510}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{738A84E1-918C-44C9-8E93-46DB1240ECC2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F3249610-7B2E-40F7-8041-3CCD410FE6A6}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B3FE81E3-AE8F-47B7-851D-AA106865D45C}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{7B11553E-036F-4874-8B07-255A7C74072B}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{E1E98ED7-CB38-4670-8360-65953A030A3D}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/23/2008 12:01:42 PM 28544]
R2 EZSERVICE;EZSERVICE;c:\program files\ASUS\EZVCR\EZSERVICE.exe [3/27/2007 6:32:10 PM 61440]
R2 noytcyr;noytcyr  Service;c:\windows\system32\noytcyr.exe [11/2/2006 8:46:03 PM 46080]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2/28/2008 10:44:58 AM 668936]
R2 solewxte;solewxte  Service;c:\windows\system32\solewxte.exe [11/2/2006 8:46:03 PM 45056]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;"c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe" [2/8/2007 1:06:10 AM 49152]
R2 WebGuideTranscode;WebGuideTranscode;"d:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe" [8/8/2007 8:28:42 PM 40960]
R2 wmcGuideServiceProxy;Windows Media Center Guide Service Proxy;"c:\program files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe" [9/28/2008 1:20:32 AM 22016]
R2 xmltvDownload;XMLTV Download Schedule Service;"c:\program files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe" [9/28/2008 1:12:00 AM 40960]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [10/31/2007 8:53:04 AM 3168768]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13B.sys [10/16/2007 6:14:24 PM 256512]
R3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\Drivers\u3kmini.sys [10/16/2006 5:15:58 PM 350720]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [3/21/2008 7:34:26 PM 47624]
S3 Mea0xxoe;Mea0xxoe; []
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2/29/2008 2:08:14 PM 894216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e61a0ef-f72b-11dc-8675-001b2f2ce128}]
\shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fee477-fcae-11dc-a19d-001d7daf31dc}]
\shell\AutoRun\command - g:\portableapps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64f9c3cd-022e-11dd-afd1-001d7daf31dc}]
\shell\Auto\command - auto.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

*Newly Created Service* - PAVBOOT
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Media Centre\AppData\Roaming\Mozilla\Firefox\Profiles\dwft2yz6.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 14:01:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\ASUS\EZVCR\Agent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxy.exe
c:\program files\Raxco\PerfectDisk2008\PD91AgentS1.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\program files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehshell.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\MagicTune Premium\MagicTune.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\System32\wercon.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
d:\program files\WebGuide\WebGuide4\bin\WebGuideServiceMonitor.exe
c:\windows\System32\tpszxyd.sys
c:\windows\System32\wsldoekd.exe
c:\windows\System32\afisicx.exe
c:\windows\System32\roytctm.exe
c:\windows\System32\udxfytw.sys
c:\windows\System32\tdydowkc.exe
c:\windows\System32\mabidwe.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\soxpeca.exe
.
**************************************************************************
.
Completion time: 2008-11-23 14:05:07 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-23 03:05:04

Pre-Run: 8,297,168,896 bytes free
Post-Run: 7,967,449,088 bytes free

277


HJK LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:31 PM, on 23/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files\No-IP\DUC20.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\dllhost.exe
C:\Windows\ehome\EHTray.exe
C:\Windows\ehome\ehshell.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehExtHost.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\tmp\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Media Centre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
O4 - HKCU\..\Run: [Nero DriveSpeed] "C:\PROGRA~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx  Portable Media Serial Service (afisicx) - Unknown owner - C:\Windows\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\ASUS\EZVCR\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mabidwe  Service (mabidwe) - Unknown owner - C:\Windows\system32\mabidwe.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nobicyt  Service (nobicyt) - Unknown owner - C:\Windows\system32\Nobicyt.exe (file missing)
O23 - Service: noxtcyr  Settings storage service (noxtcyr) - Unknown owner - C:\Windows\system32\noxtcyr.exe
O23 - Service: noytcyr  Service (noytcyr) - Unknown owner - C:\Windows\system32\noytcyr.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: perfmons - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: roytctm  Service (roytctm) - Unknown owner - C:\Windows\system32\roytctm.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: solewxte  Service (solewxte) - Unknown owner - C:\Windows\system32\solewxte.exe
O23 - Service: soxpeca  Service (soxpeca) - Unknown owner - C:\Windows\system32\soxpeca.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: tdydowkc  Service (tdydowkc) - Unknown owner - C:\Windows\system32\tdydowkc.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: WebGuideTranscode - WebGuide LLC - D:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
O23 - Service: Windows Media Center Guide Service Proxy (wmcGuideServiceProxy) - epgStream.net - C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe
O23 - Service: wsldoekd  Co. Ltd. (wsldoekd) - Unknown owner - C:\Windows\system32\wsldoekd.exe
O23 - Service: XMLTV Download Schedule Service (xmltvDownload) - epgStream.net - C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe

--
End of file - 10158 bytes

Can I delete combofix now?

15
Tech Clinic / Vista and the case of the mysterious audio
« on: November 22, 2008, 08:45:20 PM »
Norton working again - it says C;/Windows/System32/tmpxr_31905682307.bk

It calls the files a varitey of things - trojan horse, trojan adclicker, securityrisk etc

16
Tech Clinic / Vista and the case of the mysterious audio
« on: November 22, 2008, 08:42:03 PM »
Logfile of random's system information tool 1.04 (written by random/random)
Run by Media Centre at 2008-11-23 12:40:28
Microsoft® Windows Vistaâ„¢ Ultimate  Service Pack 1
System drive C: has 8 GB (21%) free of 40 GB
Total RAM: 3582 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:31 PM, on 23/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files\No-IP\DUC20.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\dllhost.exe
C:\Windows\ehome\EHTray.exe
C:\Windows\ehome\ehshell.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehExtHost.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\tmp\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Media Centre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
O4 - HKCU\..\Run: [Nero DriveSpeed] "C:\PROGRA~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx  Portable Media Serial Service (afisicx) - Unknown owner - C:\Windows\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\ASUS\EZVCR\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mabidwe  Service (mabidwe) - Unknown owner - C:\Windows\system32\mabidwe.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nobicyt  Service (nobicyt) - Unknown owner - C:\Windows\system32\Nobicyt.exe (file missing)
O23 - Service: noxtcyr  Settings storage service (noxtcyr) - Unknown owner - C:\Windows\system32\noxtcyr.exe
O23 - Service: noytcyr  Service (noytcyr) - Unknown owner - C:\Windows\system32\noytcyr.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: perfmons - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: roytctm  Service (roytctm) - Unknown owner - C:\Windows\system32\roytctm.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: solewxte  Service (solewxte) - Unknown owner - C:\Windows\system32\solewxte.exe
O23 - Service: soxpeca  Service (soxpeca) - Unknown owner - C:\Windows\system32\soxpeca.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: tdydowkc  Service (tdydowkc) - Unknown owner - C:\Windows\system32\tdydowkc.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: WebGuideTranscode - WebGuide LLC - D:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
O23 - Service: Windows Media Center Guide Service Proxy (wmcGuideServiceProxy) - epgStream.net - C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe
O23 - Service: wsldoekd  Co. Ltd. (wsldoekd) - Unknown owner - C:\Windows\system32\wsldoekd.exe
O23 - Service: XMLTV Download Schedule Service (xmltvDownload) - epgStream.net - C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe

--
End of file - 10158 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"MagicTuneEngine"=C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-06-14 69632]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-09 289576]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-01 115560]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2008-04-03 136080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"PowerArchiver Tray"=C:\Program Files\PowerArchiver\PASTARTER.EXE [2007-02-23 139816]
"Windows Media Center"=C:\Windows\ehome\ehuihlp.dll [2008-01-18 1499136]
"Nero DriveSpeed"=C:\PROGRA~1\Nero\Nero8\NEROTO~1\DRIVES~1.EXE [2007-09-20 1975592]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\WG311v3.exe

C:\Users\Media Centre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e61a0ef-f72b-11dc-8675-001b2f2ce128}]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fee477-fcae-11dc-a19d-001d7daf31dc}]
shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64f9c3cd-022e-11dd-afd1-001d7daf31dc}]
shell\Auto\command - auto.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-23 12:40:28 ----D---- C:\rsit
2008-11-23 12:01:17 ----D---- C:\Program Files\Panda Security
2008-11-23 11:19:13 ----D---- C:\ProgramData\MC Menu Mender BETA
2008-11-23 11:19:00 ----D---- C:\Program Files\MC Menu Mender
2008-11-23 11:16:50 ----D---- C:\Program Files\SamSoft
2008-11-16 20:17:22 ----D---- C:\Program Files\Xvid
2008-11-16 20:17:22 ----A---- C:\Windows\system32\xvidvfw.dll
2008-11-16 20:17:22 ----A---- C:\Windows\system32\xvidcore.dll
2008-11-16 19:28:43 ----D---- C:\Program Files\avi.NET
2008-11-16 17:58:41 ----D---- C:\ProgramData\VistaCodecs
2008-11-15 12:21:02 ----D---- C:\ProgramData\OpenMediaLibrary
2008-11-15 12:20:30 ----D---- C:\Program Files\OpenMediaLibrary

======List of files/folders modified in the last 1 months======

2008-11-23 12:40:29 ----D---- C:\Windows\temp
2008-11-23 12:03:38 ----D---- C:\Windows\system32\drivers
2008-11-23 12:01:17 ----D---- C:\Program Files
2008-11-23 11:54:17 ----SD---- C:\Windows\Downloaded Program Files
2008-11-23 11:38:25 ----D---- C:\Windows\Prefetch
2008-11-23 11:35:40 ----D---- C:\Windows
2008-11-23 11:26:57 ----D---- C:\Windows\ehome
2008-11-23 11:19:13 ----D---- C:\ProgramData
2008-11-23 11:19:02 ----SHD---- C:\Windows\Installer
2008-11-23 11:18:54 ----SHD---- C:\System Volume Information
2008-11-23 11:16:51 ----RSD---- C:\Windows\assembly
2008-11-23 11:15:27 ----D---- C:\Windows\System32
2008-11-23 11:15:27 ----D---- C:\Windows\inf
2008-11-23 11:15:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-23 11:09:08 ----D---- C:\Windows\registration
2008-11-23 11:08:27 ----A---- C:\Windows\ezvcr.ini
2008-11-22 17:46:50 ----D---- C:\Users\Media Centre\AppData\Roaming\uTorrent
2008-11-22 10:48:50 ----AD---- C:\ProgramData\TEMP
2008-11-22 10:46:38 ----D---- C:\Users\Media Centre\AppData\Roaming\VideoReDoPlus
2008-11-17 18:29:31 ----D---- C:\Program Files\AviSynth 2.5
2008-11-17 09:03:54 ----D---- C:\ProgramData\VideoBrowser
2008-11-16 20:15:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-16 20:15:08 ----D---- C:\Program Files\DivX
2008-11-16 20:13:43 ----D---- C:\Program Files\Winnydows
2008-11-16 18:32:53 ----D---- C:\Windows\system32\catroot2
2008-11-16 18:00:26 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-16 17:43:20 ----D---- C:\TEMP
2008-11-16 17:26:04 ----A---- C:\Windows\NeroDigital.ini
2008-11-15 13:27:36 ----SD---- C:\Users\Media Centre\AppData\Roaming\Microsoft
2008-11-13 04:02:55 ----D---- C:\Windows\system32\catroot
2008-11-13 04:02:54 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2008-05-11 33408]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-05 371248]
R1 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2007-06-11 12672]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-01-17 420400]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-02-04 279088]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-02-04 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2008-02-04 68624]
R2 Hardlock;Hardlock; C:\Windows\system32\drivers\hardlock.sys [2006-11-22 693760]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-31 3168768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver; C:\Windows\system32\DRIVERS\MRVW13B.sys [2007-10-16 256512]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081121.003\NAVENG.SYS [2008-11-22 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081121.003\NAVEX15.SYS [2008-11-22 876112]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-07-24 47360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-09-12 123952]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 u3kmini;ASUS My Cinema-U3000 Mini; C:\Windows\System32\Drivers\u3kmini.sys [2006-10-16 350720]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-05-11 16608]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-04-04 86097]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-02-04 317616]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 afisicx;afisicx  Portable Media Serial Service; C:\Windows\system32\afisicx.exe [2006-11-02 37888]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-31 622592]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\system32\bgsvcgen.exe [2008-05-11 118784]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-01 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-01 108392]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2008-04-03 31120]
R2 EZSERVICE;EZSERVICE; C:\Program Files\ASUS\EZVCR\EZSERVICE.exe [2007-03-27 61440]
R2 mabidwe;mabidwe  Service; C:\Windows\system32\mabidwe.exe [2006-11-02 46080]
R2 noxtcyr;noxtcyr  Settings storage service; C:\Windows\system32\noxtcyr.exe [2006-11-02 37888]
R2 noytcyr;noytcyr  Service; C:\Windows\system32\noytcyr.exe [2006-11-02 45568]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-02-28 668936]
R2 perfmons;perfmons; C:\Windows\system32\perfs.exe [2006-11-02 34304]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Routing;Routing Service; C:\Windows\system32\routing.exe [2006-11-02 34816]
R2 roytctm;roytctm  Service; C:\Windows\system32\roytctm.exe [2006-11-02 44544]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2008-04-03 121744]
R2 solewxte;solewxte  Service; C:\Windows\system32\solewxte.exe [2006-11-02 45056]
R2 soxpeca;soxpeca  Service; C:\Windows\system32\soxpeca.exe [2006-11-02 43520]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2008-04-03 1956240]
R2 tdydowkc;tdydowkc  Service; C:\Windows\system32\tdydowkc.exe [2006-11-02 46080]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 WebGuideTranscode;WebGuideTranscode; D:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [2007-08-08 40960]
R2 wmcGuideServiceProxy;Windows Media Center Guide Service Proxy; C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe [2008-09-28 22016]
R2 wsldoekd;wsldoekd  Co. Ltd.; C:\Windows\system32\wsldoekd.exe [2006-11-02 38400]
R2 xmltvDownload;XMLTV Download Schedule Service; C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost.exe [2008-09-28 40960]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-09 536872]
S2 nobicyt;nobicyt  Service; C:\Windows\system32\Nobicyt.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-31 68096]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-02-29 894216]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-23 12:40:33

======Uninstall list======

@BIOS -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9  -removeonly
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Premiere Pro 1.5-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS EZVCR-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{01051276-3213-4A6A-8FEF-CFFF0BE26633}
ASUS My Cinema-U3000 Mini-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2A1A00-F630-49ED-8E6C-C199544DD3AB}\Setup.exe" -l0x9
ASUS TSSI-->MsiExec.exe /I{76A2DC7C-D385-498E-9C6B-CF9626F8BE1E}
ASUSDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
avi.NET 2.5.8.0-->C:\Program Files\avi.NET\Uninstall.exe
Avidemux 2.4-->C:\Program Files\Avidemux 2.4\uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0-->"C:\Program Files\DVDFab 5\unins000.exe"
Dynamic Energy Saver B7.1214.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}\setup.exe" -l0x9  -removeonly
Handbrake 0.9.2-->C:\Program Files\Handbrake\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9  -removeonly
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MagicTunePremium-->C:\Program Files\InstallShield Installation Information\{59625CC8-69B3-4917-864B-3CE27B76DCF3}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MC Menu Mender-->MsiExec.exe /I{08579D83-B23F-418F-9F61-1D38F667B9C9}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MKVtoolnix 2.2.0-->C:\Program Files\MKVtoolnix\uninst.exe
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MusicIP Mixer 1.8.1-->"C:\Program Files\MusicIP\MusicIP Mixer\unins000.exe"
Nero 8 Essentials-->MsiExec.exe /X{523DF39E-DF7D-488F-8022-783946571033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR WG311v3 PCI Adapter-->C:\Program Files\InstallShield Installation Information\{70014586-7BBA-4A92-A610-CDC896C48F8F}\setup.exe -runfromtemp -l0x0409
No-IP.com DUC (remove only)-->"C:\Program Files\No-IP\DUC20.exe" -uninstall
Open Media Library-->MsiExec.exe /X{282FFE47-5856-4F07-A5E1-617A24A9B4A5}
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
PowerArchiver 2007-->MsiExec.exe /I{4D1CF286-EBD1-4B08-9B71-A439712D1150}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Sansa Media Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{B798631A-E543-492B-9063-1F4D8336D377}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TMPGEnc 4.0 XPress-->MsiExec.exe /I{34E89C10-3E14-4396-A58C-72047CD458AD}
TMPGEnc DVD Author 3 with DivX Authoring-->MsiExec.exe /I{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}
TMPGEnc MPEG Editor 2.0-->MsiExec.exe /I{06607A48-98DC-48F9-922F-40FD2D7FF6D1}
UltiDev Cassini Web Server Explorer-->MsiExec.exe /I{40247AAC-AB0D-449C-882F-90401C3351E8}
UltiDev Cassini Web Server for ASP.NET 2.0-->MsiExec.exe /I{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}
Unreal Tournament 3 Demo-->MsiExec.exe /X{3266FEA9-98E9-448B-B235-DAC63D4CE781}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Browser-->MsiExec.exe /X{C704736F-45F7-46FF-943E-7D24C2FB33C2}
Videora iPhone Converter 3.08-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Videora iPod Converter 4.00-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
VideoReDo/Plus Version 2.5.4.507-->"C:\Program Files\VideoReDoPlus\unins000.exe"
Vista Shortcut Manager-->MsiExec.exe /I{47609E69-4C5E-48B1-A889-24C6B82B5C04}
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WebGuide4-->MsiExec.exe /I{C9C0C251-3ECD-4DBC-A30F-1D996BC78400}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinSCP 4.1.6-->"C:\Program Files\WinSCP\unins000.exe"
XMLTV Guide Pack v1.0.17-->MsiExec.exe /I{0B05386C-A9A2-4903-80FE-F1192FD97AEA}
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: {6a0d8b83-aa89-06ba-4964-e1835081729d} - {d9271805-381e-4694-ab60-98aa38b8d0a6} - C:\Windows\system32\sggdmjhs.dll (file missing)
O2 - BHO: (no name) - {98159628-D979-45A1-A568-C148B40ECAF8} - C:\Windows\system32\wvwvw.dll (file missing)
O20 - Winlogon Notify: cupluadx - cupluadx.dll (file missing)
O4 - HKLM\..\Run: [96dc0077] rundll32.exe "C:\Windows\system32\cofktlif.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O20 - Winlogon Notify: ysntnefw - ysntnefw.dll (file missing)

======Hosts File======

127.0.0.1 madderwort.com

======Security center information======

AV: Symantec AntiVirus
AS: Symantec AntiVirus
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Norton seems to say it finds in in its onw folder, program files/symantec --> but norton is locking up so I can't give you all the details

17
Software / Vista and the case of the mysterious audio
« on: November 22, 2008, 08:24:06 PM »
Done! Cheers Guestolo!!

18
Tech Clinic / Vista and the case of the mysterious audio
« on: November 22, 2008, 08:23:14 PM »
Ok, this is an odd one and has been happening now for the past month.

 I will be either: doing nothing yet have my HTPC on OR
                      watching a recorded video on my HTPC

 When all of a sudden, music (or more recently what sounded like an ad) will start to play for about 5 seconds �" then just go away. I can't stop it myself be pressing stop on my remote or closing windows media centre - so it coming from elsewhere

 The music didn't sound like anything I have in my library and the ad, well. didn't have that either.

 So...any clues as to what it could be and what could be causing it (other than a ghost!!)

Also - Symantec virus scan has been going crazy saying i haev a trojan - when i delete it, it looks like another takes its place...HELP!!

Here is m hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:38 PM, on 8/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Windows\ehome\ehShell.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [GEST] "C:\Program Files\GIGABYTE\GEST\run.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\ASUS\EZVCR\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6178 bytes

19
Software / Vista and the case of the mysterious audio
« on: November 22, 2008, 08:06:53 PM »
Ok, this is an odd one and has been happening now for the past month.

 I will be either: doing nothing yet have my HTPC on OR
                      watching a recorded video on my HTPC

 When all of a sudden, music (or more recently what sounded like an ad) will start to play for about 5 seconds �" then just go away. I can't stop it myself be pressing stop on my remote or closing windows media centre - so it coming from elsewhere

 The music didn't sound like anything I have in my library and the ad, well. didn't have that either.

 So...any clues as to what it could be and what could be causing it (other than a ghost!!)

Also - Symantec virus scan has been going crazy saying i haev a trojan - when i delete it, it looks like another takes its place...HELP!!

P.S This should be in the tech clinic - Sorry - looking forward to your help once again guestolo :-)

20
Tech Clinic / Spysheriff, vista, and a very sad man
« on: April 12, 2008, 08:19:46 PM »
Thank you very much for your help!! Everything seems very ahppy now

I will put that programme on as well :-)

I will let you know how it is going

Cheers

Pages: [1] 2