Author Topic: log file (Read 1521 times)

treasurechest · « **on:** March 14, 2009, 10:53:48 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:45 PM, on 3/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\WINDOWS\system32\RVHOST.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RVHOST.exe
D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\iTunes\iTunes.exe
C:\program files\mozilla firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\DAP\DAP.EXE
D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] E:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSUpdate] C:\DOCUME~1\ARJUNA~1\LOCALS~1\Temp\pi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SF5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus T10 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SC2C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = E:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10134 bytes

heres a logfile of my friend's pc.

need help, his YM IMs automatically.

guestolo · « **Reply #1 on:** March 14, 2009, 11:49:43 AM »

Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe and choose to Run it
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Post both those logs please

NOTE: If you get an error message trying to post the logs back here to the forum
Just post info.txt back here
And upload log.txt

treasurechest · « **Reply #2 on:** March 22, 2009, 09:05:40 AM »

info.txt logfile of random's system information tool 1.06 2009-03-22 22:02:18

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"D:\Program Files\7-Zip\Uninstall.exe"
A4 TECH PC Camera H-->C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe -runfromtemp -l0x0009 -removeonly
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0x9 UNINST
ccff7_screensaver-->C:\WINDOWS\system32\ccff7_screensaver.scr /u
CDCheck-->"D:\Program Files\CDCheck\uninst.exe"
Cooking Dash-->"E:\Program Files\Cooking Dash\ReflexiveArcade\unins000.exe"
Diner Dash - Hometown Hero-->E:\Program Files\Uninstal.exe
Diner Dash 2 Free Trial-->"E:\Program Files\DinerDash2_at\unins000.exe"
Diner Dash Flo On The Go-->"E:\Program Files\Diner Dash Flo On The Go\ReflexiveArcade\unins000.exe"
Diner Dash Free Trial-->"E:\Program Files\DinerDash_at\unins000.exe"
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x9 UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Stylus S20_T10_T20 Manual-->C:\Program Files\EPSON\TPMANUAL\ESS20_T10_T20\ENG\USE_G\DOCUNINS.EXE
EPSON Stylus T10 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEBS.EXE /R /APD /P:"EPSON Stylus T10 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESET Smart Security-->MsiExec.exe /I{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}
Feeding Frenzy 2-->D:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U D:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
Feeding Frenzy-->"D:\Program Files\Feeding Frenzy\ReflexiveArcade\unins000.exe"
Free Video to iPod Converter version 3.1-->"D:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Graboid Video 1.4-->E:\Program Files\Graboid\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(tm) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(tm) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Left 4 Dead-->"C:\WINDOWS\Left 4 Dead\uninstall.exe" "/U:E:\Program Files\Left 4 Dead\Uninstall\uninstall.xml"
LimeWireTurbo-->D:\Program Files\LimeWireTurbo\uninstall.exe
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Monopoly Here & Now Edition-->C:\PROGRA~1\GAMEHO~1\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MONOPO~1\INSTALL.LOG
MOVAVI VideoSuite 3.5-->C:\Program Files\MOVAVI VideoSuite 3.5\uninst.exe
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.7)-->C:\program files\Mozilla Firefox\uninstall\helper.exe
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
P2P_Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE C:\PROGRA~1\P2P_EN~1\INSTALL.LOG
PlayStation®Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
PSP Video 9 2.25-->E:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Sallys Spa-->"E:\Program Files\Sallys Spa\ReflexiveArcade\unins000.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sony Media Manager for PSP 3.0-->MsiExec.exe /X{21C6344A-918B-4D35-ADB6-7614F97B78EA}
The Sims-->C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Maxis\The Sims\Uninst.isu"
Trojan Remover 6.7.6-->"E:\Program Files\Trojan Remover\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
WindowBlinds-->E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Essentials Media Codec Pack 1.0-->E:\Program Files\Essentials Codec Pack\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"D:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Your Uninstaller! 2008 Version 6.0-->"D:\Program Files\Your Uninstaller 2008\unins000.exe"

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

======System event log======

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8194
Source Name: Tcpip
Time Written: 20090227175624.000000-480
Event Type: warning
User:

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8193
Source Name: Tcpip
Time Written: 20090227162538.000000-480
Event Type: warning
User:

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8192
Source Name: Tcpip
Time Written: 20090227154900.000000-480
Event Type: warning
User:

Computer Name: EMILYGUEVARA
Event Code: 1002
Message: The IP address lease 202.128.38.126 for the Network Card with network address 00E0B1055E04 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 8168
Source Name: Dhcp
Time Written: 20090227151841.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 8164
Source Name: Tcpip
Time Written: 20090227150130.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000057.

Record Number: 897
Source Name: Application Error
Time Written: 20090202200107.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x003a0050.

Record Number: 896
Source Name: Application Error
Time Written: 20090202181417.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035, faulting module kernel32.dll, version 5.1.2600.2180, stamp 411096b4, debug? 0, fault address 0x0001eb33.

Record Number: 895
Source Name: Microsoft Office 12
Time Written: 20090202065014.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x003a0100.

Record Number: 891
Source Name: Application Error
Time Written: 20090201223826.000000-480
Event Type: error
User:

Computer Name: EMILYGUEVARA
Event Code: 1000
Message: Faulting application wmplayer.exe, version 9.0.0.3250, faulting module unknown, version 0.0.0.0, fault address 0x00197c03.

Record Number: 887
Source Name: Application Error
Time Written: 20090201160510.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Arjuna Das F Guevara at 2009-03-22 22:02:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 83 GB (82%) free of 100 GB
Total RAM: 3071 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:17 PM, on 3/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\DAP\DAP.EXE
D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\iTunes\iTunes.exe
C:\program files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Arjuna Das F Guevara\Desktop\RSIT.exe
D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\Arjuna Das F Guevara.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] E:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSUpdate] C:\DOCUME~1\ARJUNA~1\LOCALS~1\Temp\pi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SF5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus T10 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SC2C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = E:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9731 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2008-11-24 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-07 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-01-09 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2009-01-21 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-01-09 2403392]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2008-11-24 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-16 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-16 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-16 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-20 16384512]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-02 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-05 136600]
"VMSnap3"=C:\WINDOWS\VMSnap3.EXE [2006-08-30 49152]
"Domino"=C:\WINDOWS\Domino.EXE [2006-06-28 49152]
"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Media Codec Update Service"=E:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-06 13574144]
"nwiz"=nwiz.exe /install []
"MSUpdate"=C:\DOCUME~1\ARJUNA~1\LOCALS~1\Temp\pi.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-06 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-07 198160]
"TrojanScanner"=E:\Program Files\Trojan Remover\Trjscan.exe [2009-03-15 1303432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus T10 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE [2007-11-29 188928]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-21 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"EPSON Stylus T10 Series (Copy 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE [2007-11-29 188928]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2009-03-02 6959104]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]

C:\Documents and Settings\Arjuna Das F Guevara\Start Menu\Programs\Startup
Registration Assassin's Creed.LNK - E:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
Stardock ObjectDock.lnk - D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-02-04 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\Left 4 Dead\left4dead.exe"="D:\Program Files\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"E:\Program Files\Left 4 Dead\left4dead.exe"="E:\Program Files\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"D:\Program Files\LimeWireTurbo\LimeWireTurbo.exe"="D:\Program Files\LimeWireTurbo\LimeWireTurbo.exe:*:Enabled:LimeWireTurbo"
"E:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="E:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="E:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="E:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"E:\Program Files\MediaManager.exe"="E:\Program Files\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac458960-fbdf-11dd-97dd-000272ca4156}]
shell\AutoRun\command - G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
shell\open\command - G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe

======List of files/folders created in the last 1 months======

2009-03-22 22:02:15 ----D---- C:\rsit
2009-03-21 10:28:08 ----D---- C:\New Folder
2009-03-20 23:47:39 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2009-03-19 20:29:18 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-03-19 20:29:17 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\Azureus
2009-03-19 20:28:49 ----D---- C:\Program Files\Vuze
2009-03-15 22:25:08 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-03-15 22:25:08 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-03-15 22:25:08 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-03-15 22:25:08 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-03-15 22:25:08 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-03-15 22:24:53 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\Simply Super Software
2009-03-15 22:24:53 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-03-15 01:14:49 ----D---- C:\Graboid
2009-03-14 21:14:31 ----D---- C:\WINDOWS\CSC
2009-03-12 22:57:43 ----RASH---- C:\WINDOWS\system32\setting.ini
2009-03-12 22:57:42 ----A---- C:\WINDOWS\system32\RVHOST.exe.vir
2009-03-12 22:57:42 ----A---- C:\WINDOWS\RVHOST.exe
2009-03-12 11:19:38 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\vlc
2009-03-12 10:15:40 ----D---- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2009-03-12 10:15:34 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\MozillaControl
2009-03-12 10:09:47 ----D---- C:\Program Files\VideoLAN
2009-03-07 20:58:54 ----D---- C:\Program Files\Common Files\xing shared
2009-03-07 20:58:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-03-07 20:58:47 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-03-07 20:58:47 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-03-07 20:58:46 ----D---- C:\Program Files\Real
2009-03-07 20:58:46 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-03-07 20:58:45 ----D---- C:\Program Files\Common Files\Real
2009-03-07 20:58:44 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\Real
2009-03-03 18:56:20 ----A---- C:\WINDOWS\system32\ssdinerdash2.txt
2009-03-02 07:42:07 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2009-03-02 07:41:52 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-03-02 07:41:44 ----D---- C:\Program Files\DAP
2009-03-01 19:21:42 ----D---- C:\Downloads
2009-02-28 18:18:51 ----HD---- C:\WINDOWS\PIF
2009-02-28 15:00:48 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2009-02-28 14:50:16 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\PlayFirst
2009-02-28 14:50:16 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-02-27 07:59:44 ----D---- C:\Program Files\Safari
2009-02-27 07:53:49 ----D---- C:\Program Files\iPod
2009-02-27 07:53:47 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-27 07:52:16 ----D---- C:\Program Files\QuickTime
2009-02-27 07:33:30 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2009-03-22 22:02:08 ----D---- C:\WINDOWS\Temp
2009-03-22 21:58:49 ----D---- C:\Program Files\Mozilla Firefox
2009-03-22 21:15:08 ----A---- C:\WINDOWS\win.ini
2009-03-22 17:27:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-22 11:35:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-22 01:21:52 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-21 13:27:49 ----SHD---- C:\WINDOWS\Installer
2009-03-21 13:27:43 ----D---- C:\WINDOWS\system32
2009-03-21 10:27:27 ----D---- C:\WINDOWS
2009-03-20 23:47:39 ----RD---- C:\Program Files
2009-03-20 08:24:06 ----SD---- C:\WINDOWS\Tasks
2009-03-19 20:13:05 ----D---- C:\WINDOWS\system32\config
2009-03-19 20:12:54 ----D---- C:\WINDOWS\system32\wbem
2009-03-19 20:12:54 ----D---- C:\WINDOWS\Registration
2009-03-18 07:36:03 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\BitTorrent
2009-03-16 19:35:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-15 16:54:12 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-15 07:41:49 ----SD---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\Microsoft
2009-03-14 22:51:10 ----D---- C:\WINDOWS\Prefetch
2009-03-14 22:51:05 ----D---- C:\Program Files\Yahoo!
2009-03-14 22:51:05 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-03-14 21:14:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-14 21:14:35 ----D---- C:\Documents and Settings
2009-03-08 08:38:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-07 20:58:54 ----D---- C:\Program Files\Common Files
2009-03-07 20:58:46 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-07 20:58:46 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-03-05 21:40:27 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\Adobe
2009-02-27 08:08:26 ----D---- C:\Documents and Settings\Arjuna Das F Guevara\Application Data\Apple Computer
2009-02-27 07:53:49 ----D---- C:\Program Files\Common Files\Apple
2009-02-25 08:14:46 ----D---- C:\Program Files\P2P_Energy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-06 6133856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 vmfilter303;vmfilter303; C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-02 250496]
R3 ZSMC303;A4 TECH PC Camera H; C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-12-01 392122]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-05 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-06 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-09 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

guestolo · « **Reply #3 on:** March 22, 2009, 11:16:14 AM »

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Media Codec Update Service] E:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [MSUpdate] C:\DOCUME~1\ARJUNA~1\LOCALS~1\Temp\pi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'Default user')

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows
Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also post a fresh Hijackthis log please and let me know how things are running

arjunadas · « **Reply #4 on:** March 23, 2009, 07:58:14 AM »

Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 2

3/23/2009 8:26:10 PM
mbam-log-2009-03-23 (20-26-10).txt

Scan type: Quick Scan
Objects scanned: 71705
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\RVHOST.exe (Worm.Sality) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:03 PM, on 3/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\DAP\DAP.EXE
D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\program files\mozilla firefox\firefox.exe
D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SF5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus T10 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SC2C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Registration Assassin's Creed.LNK = E:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8901 bytes

Hi, I'm the friend and this is the latest log files..

Tnx man..

guestolo · « **Reply #5 on:** March 23, 2009, 08:35:33 AM »

That's looking better, how's things running on your end?

Did you purposely install this toolbar>>P2P Energy Toolbar

I see you have that toolbar installed with Yahoo toolbar and Google toolbar
Do you find any browsing slowdown or loss of browser space with all 3 of them installed?

arjunadas · « **Reply #6 on:** March 23, 2009, 10:10:39 PM »

Better than before..haha..tnx again..

Hmm..I'm not sure if it's slowing down or something..what do you recommend?

guestolo · « **Reply #7 on:** March 23, 2009, 10:18:17 PM »

Uninstall ALL your toolbars from Add and Remove Programs, ensure to close your browsers ahead of time
Open FIREFOX and click on TOOLS>>ADD ONS>>Remove any toolbar from there also

Restart your browsers and let me know if you need any of them

arjunadas · « **Reply #8 on:** March 23, 2009, 10:23:10 PM »

the toolbars' UNINSTALL is not lit up..in the firefox and how do I maximize my computer's speed and my net's bandwidth?

guestolo · « **Reply #9 on:** March 23, 2009, 10:41:13 PM »

Quote

the toolbars' UNINSTALL is not lit up

Not sure what you mean by that, can you explain please

arjunadas · « **Reply #10 on:** March 23, 2009, 10:48:03 PM »

uhmm..I'm not good at these things..hmm..let's just say it's not available to click..

arjunadas · « **Reply #11 on:** March 24, 2009, 12:19:52 AM »

hmm..I just disabled it anyway..hmm..about my other question, how do I maximize my computer's and Internet's speed?

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #12 on:** March 24, 2009, 08:16:57 AM »

<Removed>
Actually, I'm not sure if the computer is totally clean yet
Can you do the following
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

arjunadas · « **Reply #13 on:** March 24, 2009, 08:42:45 AM »

ComboFix 09-03-23.01 - Arjuna Das F Guevara 2009-03-24 21:38:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2470 [GMT -7:00]
Running from: c:\documents and settings\Arjuna Das F Guevara\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
c:\windows\system32\setting.ini

----- BITS: Possible infected sites -----

hxxp://sunmicro.ht.rd.llnw.net
.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 11:43 . 2009-03-24 11:45 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\dvdcss
2009-03-23 20:19 . 2009-03-23 20:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 20:19 . 2009-03-23 20:19 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\Malwarebytes
2009-03-23 20:19 . 2009-03-23 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 20:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 20:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-23 11:52 . 2009-03-23 11:52 <DIR> d-------- c:\program files\iPod
2009-03-23 11:52 . 2009-03-23 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-22 22:02 . 2009-03-22 22:02 <DIR> d-------- C:\rsit
2009-03-21 10:28 . 2009-03-21 10:28 <DIR> d-------- C:\New Folder
2009-03-21 10:28 . 2009-03-21 10:28 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder (4)
2009-03-21 10:28 . 2009-03-21 10:28 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder (3)
2009-03-21 10:27 . 2009-03-21 10:27 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder (2)
2009-03-21 10:27 . 2009-03-21 10:27 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder
2009-03-20 23:47 . 2009-03-20 23:47 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-19 20:29 . 2009-03-24 12:42 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\Azureus
2009-03-19 20:29 . 2009-03-19 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-03-19 20:28 . 2009-03-19 20:29 <DIR> d-------- c:\program files\Vuze
2009-03-15 22:25 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-15 22:25 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-15 22:25 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-03-15 22:25 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-15 22:25 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-03-15 22:24 . 2009-03-15 22:24 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\Simply Super Software
2009-03-15 22:24 . 2009-03-15 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-15 16:54 . 2009-03-15 16:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ESET
2009-03-15 01:14 . 2009-03-15 01:14 <DIR> d-------- C:\Graboid
2009-03-14 21:14 . 2009-03-19 20:12 <DIR> d-------- c:\documents and settings\Administrator
2009-03-12 22:57 . 2019-09-04 21:03 529,920 --a------ c:\windows\system32\RVHOST.exe.vir
2009-03-12 11:19 . 2009-03-12 11:19 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\vlc
2009-03-12 10:15 . 2009-03-12 10:15 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\MozillaControl
2009-03-12 10:15 . 2009-03-12 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc
2009-03-12 10:09 . 2009-03-12 10:09 <DIR> d-------- c:\program files\VideoLAN
2009-03-07 20:58 . 2009-03-07 20:58 <DIR> d-------- c:\program files\Real
2009-03-07 20:58 . 2009-03-07 20:58 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-07 20:58 . 2009-03-07 20:58 <DIR> d-------- c:\program files\Common Files\Real
2009-03-03 18:56 . 2006-04-17 16:06 106,496 --a------ c:\windows\system32\ssdinerdash2.scr
2009-03-02 07:42 . 2009-03-02 07:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-02 07:41 . 2009-03-02 07:44 <DIR> d-------- c:\program files\DAP
2009-03-02 07:41 . 2009-03-02 07:41 479,298 --a------ c:\windows\system32\wbocx.ocx
2009-03-02 07:41 . 2009-03-02 07:41 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-03-02 07:41 . 2009-03-02 07:41 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-03-02 07:33 . 2009-03-02 07:33 56,568 --ah----- c:\windows\system32\mlfcache.dat
2009-03-01 19:21 . 2009-03-01 19:51 <DIR> d-------- C:\Downloads
2009-02-28 18:18 . 2009-02-28 18:18 <DIR> d--h----- c:\windows\PIF
2009-02-28 15:00 . 2009-02-28 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-28 14:50 . 2009-03-01 11:57 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\PlayFirst
2009-02-28 14:50 . 2009-02-28 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-02-27 07:59 . 2009-02-27 07:59 <DIR> d-------- c:\program files\Safari
2009-02-27 07:52 . 2009-02-27 07:52 <DIR> d-------- c:\program files\QuickTime
2009-02-27 07:33 . 2009-02-27 07:33 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 18:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-24 18:25 --------- d-----w c:\program files\Yahoo!
2009-03-24 18:24 --------- d-----w c:\program files\Google
2009-03-23 18:51 --------- d-----w c:\program files\Common Files\Apple
2009-03-18 14:36 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\BitTorrent
2009-03-17 02:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-15 05:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-08 03:58 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-08 03:58 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-27 15:08 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Apple Computer
2009-02-19 05:44 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-02-17 22:11 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Sony
2009-02-17 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-02-17 22:10 --------- d-----w c:\program files\Common Files\Sony Shared
2009-02-17 22:09 --------- d-----w c:\program files\Sony
2009-02-17 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-02-17 21:22 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Sony Setup
2009-02-13 14:38 --------- d-----w c:\program files\ESET
2009-02-11 06:16 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 05:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-07 19:35 --------- d-----w c:\program files\NOS
2009-02-07 11:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-06 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-02-02 05:46 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Ubisoft
2009-02-02 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-02-02 05:26 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-02 05:26 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-30 08:33 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\LimeWireTurbo
2009-01-30 06:35 --------- d-----w c:\program files\LimeWireTurbo
2009-01-30 06:28 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\LimeWire
2009-01-29 07:24 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\URSoft
2009-01-29 06:27 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\ESET
2009-01-29 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-28 07:33 --------- d-----w c:\program files\MOVAVI VideoSuite 3.5
2009-01-28 07:33 --------- d-----w c:\program files\MOVAVI
2009-01-09 04:13 203,264 ----a-w c:\windows\system32\ccff7_screensaver.scr
2009-01-06 06:39 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-06 04:51 61,248 ----a-w c:\documents and settings\Arjuna Das F Guevara\Application Data\GDIPFONTCACHEV1.DAT
2009-01-03 17:32 315,392 ----a-w c:\windows\HideWin.exe
2008-12-25 14:07 811,008 ----a-w c:\windows\FeedingFrenzy.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus T10 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE" [2007-11-29 188928]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"EPSON Stylus T10 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE" [2007-11-29 188928]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-03-02 6959104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-06 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-06 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"TrojanScanner"="e:\program files\Trojan Remover\Trjscan.exe" [2009-03-15 1303432]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-02 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-06 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\Arjuna Das F Guevara\Start Menu\Programs\Startup\
Registration Assassin's Creed.LNK - e:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2009-02-21 967304]
Stardock ObjectDock.lnk - d:\local disk (d)\Program Files\Stardock\ObjectDock\ObjectDock.exe [2009-01-03 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-04 15:27 229376 e:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Left 4 Dead\\left4dead.exe"=
"d:\\Program Files\\LimeWireTurbo\\LimeWireTurbo.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26347:TCP"= 26347:TCP:BitComet 26347 TCP
"26347:UDP"= 26347:UDP:BitComet 26347 UDP

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-01-06 428160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac458960-fbdf-11dd-97dd-000272ca4156}]
\Shell\AutoRun\command - g:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
\Shell\open\command - g:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644242}]
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{97973A9C-AD14-9AE6-076F-450CC8F92160}]
c:\docume~1\ARJUNA~1\LOCALS~1\Temp\pi.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Arjuna Das F Guevara\Application Data\Mozilla\Firefox\Profiles\8kajheec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 21:39:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

?0?

??@?Y?

??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-606747145-2147145749-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="A3jdEBG664cwDkMtNqV5GDiowouxN28teBD9u7JXLQrRN3YsLD0iOA=="
"PLCK"="sG5Bs2Qh+Id/ji57G6TXWteRC9DaBLqv"
"Percents"="0 0.0635 0.1938 0.3594 0.8354 0.9083 0.9135 "
"Increment"=".004651"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
e:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-03-24 21:40:05
ComboFix-quarantined-files.txt 2009-03-25 04:40:03

Pre-Run: 86,897,086,464 bytes free
Post-Run: 88,505,745,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

247 --- E O F --- 2009-01-15 02:25:21

did everything you said..and here's the lates log file..^^

guestolo · « **Reply #14 on:** March 24, 2009, 08:51:24 AM »

How many external Flash drives, hard drives, etc.. do you have?
What letter does G: drive represent on your computer?

EDIT>>Just on my way to work, I'll check back later

arjunadas · « **Reply #15 on:** March 24, 2009, 09:00:32 AM »

I have one 250gb hard drive which is partitioned into 3 local disks, C:,D:, and E: then there's my DVD-ROM F:, then my Webcam but it's not labeled then a printer,speakers and a router..

guestolo · « **Reply #16 on:** March 24, 2009, 06:26:48 PM »

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
File::
c:\docume~1\ARJUNA~1\LOCALS~1\Temp\pi.exe
g:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
c:\windows\system32\RVHOST.exe.vir
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac458960-fbdf-11dd-97dd-000272ca4156}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644242}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{97973A9C-AD14-9AE6-076F-450CC8F92160}]
[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
Can you post that log please

In addition, post a fresh Hijackthis log and keep me informed how things are now running

arjunadas · « **Reply #17 on:** March 24, 2009, 10:10:38 PM »

ComboFix 09-03-23.01 - Arjuna Das F Guevara 2009-03-25 11:04:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.1940 [GMT -7:00]
Running from: c:\documents and settings\Arjuna Das F Guevara\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Arjuna Das F Guevara\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

FILE ::
c:\docume~1\ARJUNA~1\LOCALS~1\Temp\pi.exe
c:\windows\system32\RVHOST.exe.vir
g:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\RVHOST.exe.vir

.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 00:58 . 2009-03-25 00:58 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-24 11:43 . 2009-03-24 11:45 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\dvdcss
2009-03-23 20:19 . 2009-03-23 20:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 20:19 . 2009-03-23 20:19 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\Malwarebytes
2009-03-23 20:19 . 2009-03-23 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 20:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 20:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-23 11:52 . 2009-03-23 11:52 <DIR> d-------- c:\program files\iPod
2009-03-23 11:52 . 2009-03-23 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-22 22:02 . 2009-03-22 22:02 <DIR> d-------- C:\rsit
2009-03-21 10:28 . 2009-03-21 10:28 <DIR> d-------- C:\New Folder
2009-03-21 10:28 . 2009-03-21 10:28 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder (4)
2009-03-21 10:28 . 2009-03-21 10:28 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder (3)
2009-03-21 10:27 . 2009-03-21 10:27 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder (2)
2009-03-21 10:27 . 2009-03-21 10:27 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\New Folder
2009-03-20 23:47 . 2009-03-20 23:47 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-19 20:29 . 2009-03-24 12:42 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\Azureus
2009-03-19 20:29 . 2009-03-19 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-03-19 20:28 . 2009-03-19 20:29 <DIR> d-------- c:\program files\Vuze
2009-03-15 22:25 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-15 22:25 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-15 22:25 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-03-15 22:25 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-15 22:25 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-03-15 22:24 . 2009-03-15 22:24 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\Simply Super Software
2009-03-15 22:24 . 2009-03-15 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-15 16:54 . 2009-03-15 16:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ESET
2009-03-15 01:14 . 2009-03-15 01:14 <DIR> d-------- C:\Graboid
2009-03-14 21:14 . 2009-03-19 20:12 <DIR> d-------- c:\documents and settings\Administrator
2009-03-12 11:19 . 2009-03-12 11:19 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\vlc
2009-03-12 10:15 . 2009-03-12 10:15 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\MozillaControl
2009-03-12 10:15 . 2009-03-12 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc
2009-03-12 10:09 . 2009-03-12 10:09 <DIR> d-------- c:\program files\VideoLAN
2009-03-07 20:58 . 2009-03-07 20:58 <DIR> d-------- c:\program files\Real
2009-03-07 20:58 . 2009-03-07 20:58 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-07 20:58 . 2009-03-07 20:58 <DIR> d-------- c:\program files\Common Files\Real
2009-03-03 18:56 . 2006-04-17 16:06 106,496 --a------ c:\windows\system32\ssdinerdash2.scr
2009-03-02 07:42 . 2009-03-02 07:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-02 07:41 . 2009-03-02 07:44 <DIR> d-------- c:\program files\DAP
2009-03-02 07:41 . 2009-03-02 07:41 479,298 --a------ c:\windows\system32\wbocx.ocx
2009-03-02 07:41 . 2009-03-02 07:41 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-03-02 07:41 . 2009-03-02 07:41 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-03-02 07:33 . 2009-03-02 07:33 56,568 --ah----- c:\windows\system32\mlfcache.dat
2009-03-01 19:21 . 2009-03-01 19:51 <DIR> d-------- C:\Downloads
2009-02-28 18:18 . 2009-02-28 18:18 <DIR> d--h----- c:\windows\PIF
2009-02-28 15:00 . 2009-02-28 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-28 14:50 . 2009-03-01 11:57 <DIR> d-------- c:\documents and settings\Arjuna Das F Guevara\Application Data\PlayFirst
2009-02-28 14:50 . 2009-02-28 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-02-27 07:59 . 2009-02-27 07:59 <DIR> d-------- c:\program files\Safari
2009-02-27 07:52 . 2009-02-27 07:52 <DIR> d-------- c:\program files\QuickTime
2009-02-27 07:33 . 2009-02-27 07:33 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 18:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-24 18:25 --------- d-----w c:\program files\Yahoo!
2009-03-24 18:24 --------- d-----w c:\program files\Google
2009-03-23 18:51 --------- d-----w c:\program files\Common Files\Apple
2009-03-18 14:36 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\BitTorrent
2009-03-17 02:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-15 05:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-08 03:58 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-08 03:58 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-27 15:08 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Apple Computer
2009-02-19 05:44 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-02-17 22:11 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Sony
2009-02-17 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-02-17 22:10 --------- d-----w c:\program files\Common Files\Sony Shared
2009-02-17 22:09 --------- d-----w c:\program files\Sony
2009-02-17 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-02-17 21:22 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Sony Setup
2009-02-13 14:38 --------- d-----w c:\program files\ESET
2009-02-11 06:16 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 05:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-07 19:35 --------- d-----w c:\program files\NOS
2009-02-07 11:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-06 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-02-02 05:46 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\Ubisoft
2009-02-02 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-02-02 05:26 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-02 05:26 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-30 08:33 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\LimeWireTurbo
2009-01-30 06:35 --------- d-----w c:\program files\LimeWireTurbo
2009-01-30 06:28 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\LimeWire
2009-01-29 07:24 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\URSoft
2009-01-29 06:27 --------- d-----w c:\documents and settings\Arjuna Das F Guevara\Application Data\ESET
2009-01-29 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-28 07:33 --------- d-----w c:\program files\MOVAVI VideoSuite 3.5
2009-01-28 07:33 --------- d-----w c:\program files\MOVAVI
2009-01-09 04:13 203,264 ----a-w c:\windows\system32\ccff7_screensaver.scr
2009-01-06 06:39 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-06 04:51 61,248 ----a-w c:\documents and settings\Arjuna Das F Guevara\Application Data\GDIPFONTCACHEV1.DAT
2009-01-03 17:32 315,392 ----a-w c:\windows\HideWin.exe
2008-12-25 14:07 811,008 ----a-w c:\windows\FeedingFrenzy.scr
.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_21.39.27.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-25 17:28:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_144.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus T10 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE" [2007-11-29 188928]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"EPSON Stylus T10 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE" [2007-11-29 188928]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-03-02 6959104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-06 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-06 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"TrojanScanner"="e:\program files\Trojan Remover\Trjscan.exe" [2009-03-15 1303432]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-02 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-06 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\Arjuna Das F Guevara\Start Menu\Programs\Startup\
Registration Assassin's Creed.LNK - e:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2009-02-21 967304]
Stardock ObjectDock.lnk - d:\local disk (d)\Program Files\Stardock\ObjectDock\ObjectDock.exe [2009-01-03 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-04 15:27 229376 e:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Left 4 Dead\\left4dead.exe"=
"d:\\Program Files\\LimeWireTurbo\\LimeWireTurbo.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26347:TCP"= 26347:TCP:BitComet 26347 TCP
"26347:UDP"= 26347:UDP:BitComet 26347 UDP

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-01-06 428160]
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Arjuna Das F Guevara\Application Data\Mozilla\Firefox\Profiles\8kajheec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 11:05:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-606747145-2147145749-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="A3jdEBG664cwDkMtNqV5GDiowouxN28teBD9u7JXLQrRN3YsLD0iOA=="
"PLCK"="sG5Bs2Qh+Id/ji57G6TXWteRC9DaBLqv"
"Percents"="0 0.0635 0.1938 0.3594 0.8354 0.9083 0.9135 "
"Increment"=".004651"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
e:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-03-25 11:06:44
ComboFix-quarantined-files.txt 2009-03-25 18:06:43
ComboFix2.txt 2009-03-25 04:40:06

Pre-Run: 88,420,388,864 bytes free
Post-Run: 88,410,112,000 bytes free

232 --- E O F --- 2009-01-15 02:25:21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:58 AM, on 3/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\program files\mozilla firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\Local Disk (D)\Stardock Window Blinds 6.3 Final + Crack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SF5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus T10 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\WINDOWS\TEMP\E_SC2C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Registration Assassin's Creed.LNK = E:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Local Disk (D)\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7246 bytes

Followed every single steps and here are the latest logs..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />

guestolo · « **Reply #18 on:** March 24, 2009, 10:42:59 PM »

You just forgot to tell me how things are now running

Please do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Afterwards:
Go to START>>RUN>>
copy and paste the following

[color=\"#FF0000\"]combofix /u[/color]
and press enter
This will uninstall ComboFix and it's components

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool
At the link you can read more about it then continue with
Free Download on the right>>Continue Download at next page
Basically it

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Ensure your AntiVirus software is enabled>>Updated and run a complete system scan
Then come back and let me know how things are running

arjunadas · « **Reply #19 on:** March 25, 2009, 08:26:33 AM »

sorry for the late reply, just got home from school..
Things are working better than before and the my anti-virus did not find any threats..
Though I got a lot of 'File Name' - error opening..I'm using Eset Nod32..

News:

Author Topic: log file (Read 1521 times)