Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

rundll error loading tapi.nfo

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

rundll error loading tapi.nfo

Unread postby mughalj » September 1st, 2009, 10:45 pm

My computer is definatley infected with something. Please could you help to see if we can get this removed?

I have downloaded HiJackThis, DDS and GMER,

Aswell as that i also followed the instructions to de select the sections, IAT/EAT, Showall etc before running the GMER scan, once the scan was completed, it stated "WARNING, GMER has found system modification caused by ROOTKIT activity".??
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm
Advertisement
Register to Remove

Re: rundll error loading tapi.nfo

Unread postby mughalj » September 1st, 2009, 11:39 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:38:53, on 02/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 inetavirus.com
O1 - Hosts: 94.232.248.66 www.inetavirus.com
O1 - Hosts: 194.165.4.145 eggbank.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: MSN helper - {F675C54F-60B6-4FD8-BBA0-443C493305EB} - rant32.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Chi_DESTROYS_XpWGA.lnk = ?
O4 - Startup: procexp.lnk = C:\Documents and Settings\Administrator\Desktop\procexp.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12489 bytes
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm

Re: rundll error loading tapi.nfo

Unread postby Shaba » September 4th, 2009, 2:04 am

Hi mughalj

Please post GMER log next :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: rundll error loading tapi.nfo

Unread postby mughalj » September 4th, 2009, 7:39 am

Hi there thanks for your reply, the following information is from my GMER scan.


GMER 1.0.15.15077 [yyv5bl2i.exe] - http://www.gmer.net
Rootkit scan 2009-09-04 12:37:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x62 ? 83BDCBF8
INT 0x63 ? 83AAEF00
INT 0x82 ? 83BDCBF8
INT 0xB4 ? 83AAEF00

Code 8375C7B0 ZwEnumerateKey
Code 8375C778 ZwFlushInstructionCache
Code 83998956 ZwSaveKey
Code 8399891E ZwSaveKeyEx
Code 8399F10E IofCallDriver
Code 8399C236 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83BDB1F8
Device \Driver\usbuhci \Device\USBPDO-0 83AFD1F8
Device \Driver\usbuhci \Device\USBPDO-1 83AFD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 83B6F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 83B6F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 83B6F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 83B6F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{841ABA18-140B-4E3D-A8F0-7F1ED4A5D72E} 8358D1F8

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 83BDD1F8
Device \Driver\Cdrom \Device\CdRom0 83AB3500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8358D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DEEA16A5-5CB8-4EE8-8316-B0D2CDF4D886} 8358D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8358D1F8
Device \Driver\usbuhci \Device\USBFDO-0 83AFD1F8
Device \Driver\usbuhci \Device\USBFDO-1 83AFD1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 834F51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 834F51F8
Device \Driver\Ftdisk \Device\FtControl 83BDD1F8
Device \FileSystem\Cdfs \Cdfs 8375E1F8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmetdwokcp.sys (*** hidden *** ) [SYSTEM] kbiwkmsakwsspm <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm@imagepath \systemroot\system32\drivers\kbiwkmetdwokcp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main@aid 10438
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmetdwokcp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmssjgufem.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmblpvxhjd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmhjswswes.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmsakwsspm\modules@kbiwkm.dat \systemroot\system32\kbiwkmxqkysjea.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm@imagepath \systemroot\system32\drivers\kbiwkmetdwokcp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main@aid 10438
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmetdwokcp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmssjgufem.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmblpvxhjd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmhjswswes.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmsakwsspm\modules@kbiwkm.dat \systemroot\system32\kbiwkmxqkysjea.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm@imagepath \systemroot\system32\drivers\kbiwkmetdwokcp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main@aid 10438
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmetdwokcp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmssjgufem.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmblpvxhjd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmhjswswes.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmsakwsspm\modules@kbiwkm.dat \systemroot\system32\kbiwkmxqkysjea.dat

---- Files - GMER 1.0.15 ----

File C:\Program Files\Common Files\Adobe\Bridge CS3 Extensions\Bridge Start Meeting\AppleSoftwareUpdate.job 284 bytes
File C:\Program Files\Common Files\Adobe\Bridge CS3 Extensions\Bridge Start Meeting\desktop.ini 65 bytes
File C:\Program Files\Common Files\Adobe\Bridge CS3 Extensions\Bridge Start Meeting\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500Core.job 956 bytes
File C:\Program Files\Common Files\Adobe\Bridge CS3 Extensions\Bridge Start Meeting\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500UA.job 1008 bytes
File C:\Program Files\Common Files\Adobe\Bridge CS3 Extensions\Bridge Start Meeting\Norton Security Scan for Administrator.job 574 bytes
File C:\Program Files\Common Files\Adobe\Bridge CS3 Extensions\Bridge Start Meeting\SA.DAT 6 bytes
File C:\Program Files\Common Files\Adobe\Bridge CS3 Extensions\Bridge Start Meeting\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job 300 bytes

---- EOF - GMER 1.0.15 ----
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm

Re: rundll error loading tapi.nfo

Unread postby Shaba » September 4th, 2009, 7:52 am

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: rundll error loading tapi.nfo

Unread postby mughalj » September 4th, 2009, 9:06 am

If you can please help me to remove these Trojans, it would be much appreciated. I will ensure safety of my details. Would there be any recommended software that i could download in order to protect my computers vulnerability?

Its fine as I have ordered another computer and that is on its way over the next couple of days, so this should be just a temporary computer. I will not be using this computer to check online banking or purchase anything over the net, as that can all be done on our main computer.
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm

Re: rundll error loading tapi.nfo

Unread postby Shaba » September 4th, 2009, 9:59 am

I will give you some tips after you are clean.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: rundll error loading tapi.nfo

Unread postby mughalj » September 4th, 2009, 11:03 am

Following on from your last post I successfully downloaded ComboFix and run it according to the instructions on the web page. The Combo log is as follows:

ComboFix 09-09-03.02 - Administrator 04/09/2009 15:25.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.501 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-329068152-838170752-682003330-1003
c:\windows\Installer\1acbf9c.msp
c:\windows\Installer\25e3e3e.msp
c:\windows\system32\drivers\kbiwkmetdwokcp.sys
c:\windows\system32\kbiwkmblpvxhjd.dat
c:\windows\system32\kbiwkmhjswswes.dll
c:\windows\system32\kbiwkmssjgufem.dll
c:\windows\system32\kbiwkmxqkysjea.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmsakwsspm
-------\Legacy_kbiwkmsakwsspm


((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-02 02:24 . 2009-09-02 02:24 -------- d-----w- c:\program files\Trend Micro
2009-09-01 17:18 . 2009-09-01 17:18 44032 ----a-w- c:\windows\system32\rant32.dll
2009-08-29 20:02 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-29 20:01 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-29 20:01 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-29 20:01 . 2009-09-02 16:28 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-29 20:01 . 2009-08-29 20:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-29 20:01 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-29 20:01 . 2009-08-30 14:22 -------- d-----w- c:\program files\Spyware Doctor
2009-08-29 20:01 . 2009-08-29 20:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-08-29 20:01 . 2009-08-29 20:01 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\PC Tools
2009-08-12 20:54 . 2009-08-12 21:03 -------- d-----w- C:\Casino

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 21:12 . 2008-11-22 02:31 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\uTorrent
2009-09-02 17:01 . 2009-08-02 17:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-16 15:23 . 2009-05-18 08:11 -------- d-----w- c:\program files\AskBarDis
2009-08-16 12:39 . 2009-08-01 13:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-08-01 13:44 . 2009-08-01 13:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-08-01 13:44 . 2009-08-01 13:42 -------- d-----w- c:\program files\Yahoo!
2009-08-01 13:44 . 2009-08-01 13:44 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Yahoo!
2009-07-30 22:13 . 2009-01-24 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2009-07-29 17:01 . 2009-02-19 10:22 -------- d-----w- c:\program files\Norton Security Scan
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\program files\NortonInstaller
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-07-28 21:08 . 2009-07-28 21:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-28 21:07 . 2009-07-28 21:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\PC Suite
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Nokia
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Suite
2009-07-28 21:05 . 2009-07-28 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-28 21:05 . 2009-07-28 21:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-28 19:04 . 2009-07-28 18:59 -------- d-----w- c:\program files\DIFX
2009-07-28 19:02 . 2009-07-28 19:02 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-28 19:01 . 2009-07-28 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-28 19:01 . 2009-07-28 18:55 -------- d-----w- c:\program files\Nokia
2009-07-28 18:58 . 2009-07-28 18:58 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-28 18:53 . 2009-07-26 18:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-07-26 18:10 . 2009-07-26 18:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-26 18:10 . 2009-07-26 18:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-23 16:17 . 2009-07-23 15:47 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\ImgBurn
2009-07-23 15:38 . 2009-07-23 15:38 -------- d-----w- c:\program files\ImgBurn
2009-07-23 12:43 . 2008-11-20 11:35 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-15 16:51 . 2009-07-15 16:38 -------- d-----w- c:\program files\Project64 1.6
2009-07-15 16:16 . 2009-07-15 16:16 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-07-09 22:37 . 2009-04-05 21:05 -------- d-----w- c:\program files\mkv2vob
2009-07-09 13:02 . 2009-07-09 13:02 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Participatory Culture Foundation
2009-07-09 13:01 . 2009-07-09 13:01 -------- d-----w- c:\program files\Participatory Culture Foundation
2009-07-04 23:16 . 2008-11-20 11:34 20960 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F675C54F-60B6-4FD8-BBA0-443C493305EB}]
2009-09-01 17:18 44032 ----a-w- c:\windows\system32\rant32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-05-03 169984]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2009-2-3 884840]
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^µTorrent.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/08/2009 21:01 130936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 19:18 55152]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [06/11/2008 16:45 17149]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [15/07/2009 17:16 33792]
S2 AdobeAlerter;Adobe LM Service AdobeAlerter;c:\windows\TEMP\pkohuubmvr.exe service --> c:\windows\TEMP\pkohuubmvr.exe service [?]
S3 ATHFMWDL;NETGEAR WG111T Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [01/01/2009 22:09 43392]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [05/07/2009 20:26 12672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [05/07/2009 20:01 22640]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29/08/2009 21:01 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 01:34]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 01:34]

2009-09-02 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-29 17:01]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\9rmhhq3t.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 15:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3344)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-09-04 15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-04 14:45

Pre-Run: 2,835,300,352 bytes free
Post-Run: 4,947,030,016 bytes free

298 --- E O F --- 2009-08-17 22:13

Also I have attached as requested my new HijackThis Log, this is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:04, on 04/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: MSN helper - {F675C54F-60B6-4FD8-BBA0-443C493305EB} - rant32.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Chi_DESTROYS_XpWGA.lnk = ?
O4 - Startup: procexp.lnk = C:\Documents and Settings\Administrator\Desktop\procexp.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe LM Service AdobeAlerter (AdobeAlerter) - Unknown owner - C:\WINDOWS\TEMP\pkohuubmvr.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12006 bytes


Many Thanks

Mughalj
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm

Re: rundll error loading tapi.nfo

Unread postby Shaba » September 4th, 2009, 12:18 pm

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: rundll error loading tapi.nfo

Unread postby mughalj » September 4th, 2009, 3:19 pm

3DVIA player 4.1
Adobe Acrobat 7.0 Professional
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Search for Help
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask.com Search Assistant 1.0.1
Avira AntiVir Personal - Free Antivirus
Bonjour
Business Plan Pro 2007
CDisplay 1.8
Choice Guard
C-Media PCI Audio Device
CPUID CPU-Z 1.51
Critical Update for Windows Media Player 11 (KB959772)
Dolphin 1.3 beta
Driver Genius Professional Edition
EVEREST Ultimate v4.20.1257 + Corporate Edition Beta Registered
Free YouTube to Mp3 Converter version 3.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
ImgBurn
Intel(R) Network Connections 14.0.40.0
iTunes
Junk Mail filter update
LibUSB-Win32-0.1.10.1
Logitech QuickCam
Logitech QuickCam Driver Package
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Miro
mkv2vob
MKVtoolnix 2.6.0
Mozilla Firefox (3.0.13)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton Security Scan
NVIDIA Drivers
Opera 10.00
Opera 9.62
PC Connectivity Solution
PCI Audio Driver
PDF Settings
PowerISO
Project64 1.6
QuickTime
Safari
SDFormatter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Spyware Doctor 6.0
Starcraft
Suite Shared Configuration CS4
The Official DSA Theory Test for Car Drivers
TortoiseSVN 1.6.3.16613 (32 bit)
Uninstall 1.0.0.1
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VLC media player 0.9.8a
WBFS Manager 2.2.2
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinISO 5.3
WinRAR archiver
Xilisoft DVD to iPod Converter
Xilisoft iPod Rip
Xilisoft iPod Video Converter
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm

Re: rundll error loading tapi.nfo

Unread postby Shaba » September 5th, 2009, 4:22 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

Ask Toolbar
Ask.com Search Assistant 1.0.1

Install recovery console manually like described in my link, rerun combofix and post back a fresh combofix log, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: rundll error loading tapi.nfo

Unread postby mughalj » September 5th, 2009, 6:13 pm

Shaba wrote:IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

Ask Toolbar
Ask.com Search Assistant 1.0.1

Install recovery console manually like described in my link, rerun combofix and post back a fresh combofix log, please.



Thank you for your information regarding P2P's. I have successfully uninstalled all of the above as requested. Following is my fresh combofix log:

ComboFix 09-09-03.02 - Administrator 05/09/2009 22:41.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.409 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 03:50 . 2009-05-13 21:56 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-05 03:50 . 2009-05-13 21:56 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-05 03:49 . 2009-09-05 03:51 -------- d-----w- c:\program files\DivX
2009-09-05 03:49 . 2009-09-05 03:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-02 02:24 . 2009-09-02 02:24 -------- d-----w- c:\program files\Trend Micro
2009-08-29 20:02 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-29 20:01 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-29 20:01 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-29 20:01 . 2009-09-02 16:28 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-29 20:01 . 2009-08-29 20:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-29 20:01 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-29 20:01 . 2009-08-30 14:22 -------- d-----w- c:\program files\Spyware Doctor
2009-08-29 20:01 . 2009-08-29 20:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-08-29 20:01 . 2009-08-29 20:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-12 20:54 . 2009-08-12 21:03 -------- d-----w- C:\Casino

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 21:33 . 2008-11-22 02:31 -------- d-----w- c:\program files\uTorrent
2009-09-05 21:33 . 2008-11-22 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-04 17:01 . 2009-08-02 17:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-16 12:39 . 2009-08-01 13:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-08-01 13:44 . 2009-08-01 13:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-08-01 13:44 . 2009-08-01 13:42 -------- d-----w- c:\program files\Yahoo!
2009-08-01 13:44 . 2009-08-01 13:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-07-30 22:13 . 2009-01-24 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2009-07-29 17:01 . 2009-02-19 10:22 -------- d-----w- c:\program files\Norton Security Scan
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\program files\NortonInstaller
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-07-28 21:08 . 2009-07-28 21:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-28 21:07 . 2009-07-28 21:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Suite
2009-07-28 21:05 . 2009-07-28 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-28 21:05 . 2009-07-28 21:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-28 19:04 . 2009-07-28 18:59 -------- d-----w- c:\program files\DIFX
2009-07-28 19:02 . 2009-07-28 19:02 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-28 19:01 . 2009-07-28 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-28 19:01 . 2009-07-28 18:55 -------- d-----w- c:\program files\Nokia
2009-07-28 18:58 . 2009-07-28 18:58 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-28 18:53 . 2009-07-26 18:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-07-26 18:10 . 2009-07-26 18:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-26 18:10 . 2009-07-26 18:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-23 16:17 . 2009-07-23 15:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImgBurn
2009-07-23 15:38 . 2009-07-23 15:38 -------- d-----w- c:\program files\ImgBurn
2009-07-23 12:43 . 2008-11-20 11:35 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-15 16:51 . 2009-07-15 16:38 -------- d-----w- c:\program files\Project64 1.6
2009-07-15 16:16 . 2009-07-15 16:16 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-07-09 22:37 . 2009-04-05 21:05 -------- d-----w- c:\program files\mkv2vob
2009-07-09 13:02 . 2009-07-09 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Participatory Culture Foundation
2009-07-09 13:01 . 2009-07-09 13:01 -------- d-----w- c:\program files\Participatory Culture Foundation
2009-07-04 23:16 . 2008-11-20 11:34 20960 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-04_14.38.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-05 21:55 . 2009-09-05 21:55 16384 c:\windows\temp\Perflib_Perfdata_8c4.dat
+ 2008-12-31 12:34 . 2009-05-13 21:56 88824 c:\windows\system32\vxblock.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 64760 c:\windows\system32\pxinsa64.exe
- 2008-12-31 12:34 . 2007-03-07 23:51 64760 c:\windows\system32\pxinsa64.exe
+ 2008-12-31 12:34 . 2009-05-13 21:56 72440 c:\windows\system32\pxhpinst.exe
- 2008-12-31 12:34 . 2007-03-07 23:51 72440 c:\windows\system32\pxhpinst.exe
+ 2008-12-31 12:34 . 2009-05-13 21:56 66296 c:\windows\system32\pxcpya64.exe
+ 2009-05-13 21:54 . 2009-05-13 21:54 90112 c:\windows\system32\dpl100.dll
- 2008-12-31 12:34 . 2007-03-07 23:51 379640 c:\windows\system32\pxwave.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 379640 c:\windows\system32\pxwave.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 187128 c:\windows\system32\pxmas.dll
- 2008-12-31 12:34 . 2007-03-07 23:51 187128 c:\windows\system32\pxmas.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 518904 c:\windows\system32\pxdrv.dll
- 2008-12-31 12:34 . 2007-03-07 23:51 129784 c:\windows\system32\pxafs.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 129784 c:\windows\system32\pxafs.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 551672 c:\windows\system32\px.dll
+ 2009-05-13 21:54 . 2009-05-13 21:54 811008 c:\windows\system32\divx_xx16.dll
+ 2009-05-13 21:54 . 2009-05-13 21:54 802816 c:\windows\system32\divx_xx11.dll
+ 2009-05-13 21:54 . 2009-05-13 21:54 823296 c:\windows\system32\divx_xx0c.dll
+ 2009-05-13 21:54 . 2009-05-13 21:54 815104 c:\windows\system32\divx_xx0a.dll
+ 2009-05-13 21:54 . 2009-05-13 21:54 823296 c:\windows\system32\divx_xx07.dll
+ 2009-05-13 21:54 . 2009-05-13 21:54 685056 c:\windows\system32\DivX.dll
+ 2009-09-05 03:50 . 2009-09-05 03:50 152576 c:\windows\Installer\2c78fbe.msi
+ 2008-12-31 12:34 . 2009-05-13 21:56 1628920 c:\windows\system32\pxsfs.dll
- 2008-12-31 12:34 . 2007-03-07 23:51 1628920 c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-24 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-30 113664]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2009-2-3 884840]
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/08/2009 21:01 130936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 19:18 55152]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [06/11/2008 16:45 17149]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [15/07/2009 17:16 33792]
S2 AdobeAlerter;Adobe LM Service AdobeAlerter;c:\windows\TEMP\pkohuubmvr.exe service --> c:\windows\TEMP\pkohuubmvr.exe service [?]
S3 ATHFMWDL;NETGEAR WG111T Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [01/01/2009 22:09 43392]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [05/07/2009 20:26 12672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [05/07/2009 20:01 22640]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29/08/2009 21:01 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 01:34]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 01:34]

2009-09-04 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-29 17:01]
.
- - - - ORPHANS REMOVED - - - -

BHO-{F675C54F-60B6-4FD8-BBA0-443C493305EB} - rant32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rmhhq3t.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 22:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2408)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-09-05 23:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 22:02
ComboFix2.txt 2009-09-04 14:45

Pre-Run: 14,738,067,456 bytes free
Post-Run: 14,739,648,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

321 --- E O F --- 2009-08-17 22:13


Many Thanks

Mughalj
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm

Re: rundll error loading tapi.nfo

Unread postby Shaba » September 6th, 2009, 5:05 am

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Folder::
c:\program files\uTorrent
c:\documents and settings\Administrator\Application Data\uTorrent


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: rundll error loading tapi.nfo

Unread postby mughalj » September 6th, 2009, 12:51 pm

Shaba wrote:Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Folder::
c:\program files\uTorrent
c:\documents and settings\Administrator\Application Data\uTorrent


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.



Thank you for you reply, I have done the above as instructed, the following is my Combofix contents and also below that my new HijackThis log:

ComboFix 09-09-03.02 - Administrator 06/09/2009 17:21.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.497 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\uTorrent
c:\documents and settings\Administrator\Application Data\uTorrent\(PSX-PSP) Chrono Cross converted properly by KloWn.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\(PSX-PSP) Final Fantasy IX converted properly by KloWn.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\(PSX-PSP) Final Fantasy VII converted properly by KloWn.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\(PSX-PSP) Legend of Dragoon converted properly by KloWn.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\(PSX-PSP) Parasite Eve 1 & 2 converted properly (Kingdom-games by KloWn).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]100_Classic_Book_Collection[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Anno 1701[EUR][www.the-data-base.co.uk].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Anno_Create_a_New_World[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Big_Bang_Mini[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Big_Bang_Mini[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Boing_Docomodake[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Broken_Sword_Shadow_Of_The_Templars_The_Directors_Cut[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Dragon_Quest_The_Hand_of_The_Heavenly_Bride[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Eledees_The_Adventures_of_Kai_and_Zero[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Fire_Emblem_Shadow_Dragon[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Geometry_Wars_Galaxies[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Grand_Theft_Auto_Chinatown_Wars[FiX Cyclo, Edge EzFlash IV][USA][ESPALNDS.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Grand_Theft_Auto_Chinatown_Wars[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Hello Kitty Big City Dreams [EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Henry_Hatsworth_In_The_Puzzling_Adventure[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Peggle Dual Shot [USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Retro_Game_Challenge[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Rhythm_Heaven[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Suikoden_Tierkreis[EUR][ESPALNDS.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[NDS]Ultimate_Mortal_Kombat[EUR]ESPALNDS.com].zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[PSX-PSP]Crash_Team_Racing[EUR][ESPALPSP.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[PSX][PSP-EBOOT]CrashBandicoot3.rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Rp] Various - Miss Pooja In Desi Mood (By.AmBaRsaRia) [Rangla-5ab.Com] Dec.2k8.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Shinsen-Subs]_Fullmetal_Alchemist_2_-_Brotherhood_-_01_[1280x720_H.264_AAC][BAE6EB94].mkv.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Shinsen-Subs]_Fullmetal_Alchemist_2_-_Brotherhood_-_01_[848x480_H.264_AAC][3451F1E5].mkv.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[WII]Anno Create a New World [PAL][ESPALWII.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Wii]Boom_Blox_Bash_Party[PAL][MULTi6][WiiSOS.com].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Wii]Donkey_Kong_Jungle_Beat[PAL][MULTi6][WiiSOS.com].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Wii]Eledees[PAL][MULTI][ESPALWii.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[WII]Klonoa [PAL][ESPALWII.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Wii]Kororinpa[Pal][Multi][ESPALWii.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[WII]Little Kings Story [PAL][ESPALWII.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[WII]MadWorld [PAL][ESPALWII.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Wii]Mercury Meltdown Revolution [PAL][EspalWii.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[WII]PIKMIN 2 [PAL][ESPALWII.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[Wii]Trauma_Center_Second_Opinion[PAL][Multi5][ESPALWii.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[WII]Wii Music [PAL][ESPALWII.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\[WII]Zack & Wiki Quest for Barbaros Treasure [PAL][ESPALWII.com].rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\0681 - Final Fantasy III (U).zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\100 Greatest Dance Hits of the 90s[Dance][2008][Visit pctrecords].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\18 Year Old Virgin.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\2007.Dexter.Season02.Full.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\2495 - Final Fantasy IV (U) NDS [idgamez.co.uk].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\A.Mighty.Heart[2007[DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe Acrobat 7.0.zip.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.2.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.3.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe PhotoShop CS3 Extended Keygen + Activation.rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe photoshop cs3 keygen and actavtion.rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Adobe Photoshop CS4 Extended [CLEAN] [blaze69].7z.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Alcohol.120.v1.9.8.7612.Retail.MultiLang.PatCh.v4.1.1.ChVL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Alexandra Burke - Hallelujah [X-Factor][Single] [2008] - 320kbps - I.Tunes.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\American Beauty[1999]DvDrip[Eng]-Stealthmaster.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Angus.Thongs.and.Perfect.Snogging.DVDRip.XviD.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Arabic_Music_Tape_Three_2007-(Mixed_By_DJ_Nilo).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Arabic_Music_Tape_Two_2007-(Mixed_By_DJ_Nilo).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Armin Van Buuren - A State Of Trance 389 - 29.01.2009.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Baraka.1992.720p.BluRay.x264-CiNEFiLE.mkv.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Batoru Rowaiaru (Battle Royale)[2000]DvDrip[JAP][ENG SUBS]-BugZ.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\BB4E - JAMIE FOXX_STRAIGHT FROM THE FOXXHOLE.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Biggie_Smalls-Best_Of_Biggie_Smalls-2001-REV.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Blow[2001]DVDrip[ENG]-MissRipZ.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Body Harvest.z64.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Body.Of.Lies[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Bride Wars 2009 TELESYNC XviD-KingBen (Kingdom-Release).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Bridget.Jones's.Diary[2001]DvDrip[Eng.Subs]-kirklestat.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Bruno CAM XVID - STG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Buddha-Bar (CD Series).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Burn.After.Reading[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Business Plan Pro 2007 Premier Edition v9.06.0006 Incl Keymaker.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Casino[1995]DvDrip[Eng]-Zeus_Dias.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Changeling 2008 DVDSCR XviD-KingBen (Kingdom-Release).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\CHD@Heroes.S01E01.720p.HDDVD.x264-MiND.1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\CHD@Heroes.S01E01.720p.HDDVD.x264-MiND.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chicago.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Choke[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck - Season 1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck Season 2 Complete.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.2x02.Chuck.Versus.The.Seduction.HDTV.XviD-FoV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S01-Complete.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E01.HDTV.XViD-HiQT.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E03.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E07.HDTV.XviD-E7.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E09.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E10.Chuck.Versus.the.DeLorean.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Chuck.S02E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\DAEMON Tools Lite 4.11.2.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter - Season 2.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter Season 3.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S01.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E01.DVDScr.XviD-NOTYOU.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E02.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E03.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E04.HDTV.XviD-0TV.[VTV].avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E09.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E10.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E11.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.S03E12.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Dexter.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\dht.dat
c:\documents and settings\Administrator\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Administrator\Application Data\uTorrent\Donnie Brasco - Al Pacino, Johnny Depp (1997).avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\dont be a menace to south central[DVDRIP]XVID,AC3(KNIGHTY1973)1986.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug.1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug.2.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Duffy - Rockferry [2008][CD+2 SkidVid_XviD+Cov]192Kbps.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\EEEPC.iso.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Enigma.Best Of.2 Cds.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\ePSXe.rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Fall Out Boy - Folie A Deux [LE][2008][CD+2 SkidVid_XviD+Cov].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Fast.and.Furious.R5.LINE.XviD-COALiTiON.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Fight.Club.1999.DivX.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Final Fantasy 7, 8 & 9 for PSX.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Final Fantasy VIII converted properly by KloWn.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Firefox Setup 3.5 RC 3.exe.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Franz_Ferdinand-Tonight_Franz_Ferdinand-2009-DV8.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Gintama 1-90 engsub.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Gnarls Barkley - St.Elsewhere.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Goemon's Great Adventure.z64.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\GoldenEye 007.z64.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Gone Baby Gone[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Gran.Torino.2008.DvDRip-FxM.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Guide To G-Spot Orgasms & Female Ejaculation.pdf.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Harold.&.Kumar-Escape.From.Guantanamo.Bay[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Hash1.wmv.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Hash2.wmv.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\hash3.wmv.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Hash4.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Heat[1995]DvDrip[Eng]-kirklestat.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Heroes Season 1 Complete-Xvid-MFG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Heroes.S01E01.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Heroes.S01E02.HDTV.XviD-LOL[www.moviex.info].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Heroes.S01E03.HDTV.XviD-LOL[www.moviex.info].1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Heroes.S01E03.HDTV.XviD-LOL[www.moviex.info].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\HOME - a film by Yann Arthus-Bertrand (2009) [English] [HD MP4].mp4.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Hot Chip - Made In The Dark [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\howtoloose,friends,dothedog.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\I Am Legend[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Immortal Technique - 7 CDs -rap.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Inside Man 2006 Nl Subs Nlt Release By Zero Yuy.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Jamie.Foxx.Presents.Americas.Funniest.Comics.2006.DVDRip.XviD-FiCO.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Jumper.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\KaiserChiefs-OffWithTheirHds[LE][2008][2CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Keen.rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Keygen.exe.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Lady GaGa - The Fame [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Le.Fabuleux.Destin.d'Amélie.Poulain[2001].DvD-Rip-neno001.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Leon - The Professional (Director's Cut).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Lily Allen - It's Not Me It's You [mp3-320-2009].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Mad Men Season 1 Complete.1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Mad Men Season 1 Complete.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Mad Men Season 2 Complete.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Martyrs.FRENCH.DVDRip.XviD.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Men.in.Black-Pack.DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Menace II Society.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\MICHAEL JACKSON GREATEST HITS.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Nancy.Ajram-Betfakar.Fe.Eih.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\National.Treasure.2-Book.Of.Secrets[2007]DvDrip[NorSub] -mazabo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Notorious[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\OceanLab - Sirens of the Sea.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Office2003Lite-SFX.exe.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\One Piece.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Outlander[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Paul Blart Mall Cop[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Paul Oakenfold - Bunkka (2002).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Perfect Dark.z64.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Persepolis.Hardcoded.English.Subs.VoMiT.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pineapple.Express[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\PowerISO4.3+keygen.rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\prison break S01E20 VOSTFR + bonus.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E01 - Pilot.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E02 - Allen.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E03 - Cell Test.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E04 - Cute Poison.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E05 - English, Fitz or Percy.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E06 - Riots, Drills and The Devil [Part 1].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E07 - Riots, Drills and The Devil [Part 2].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E08 - The Old Head.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E09 - Tweener.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break Season 1 - S01E10 - Sleight of Hand.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison Break.S02E03.HDTV.XviD-LOL.avi [eztv].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\prison.break.210.hdtv-lol[Sent to you by SupremeL2.com].avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\prison.break.214.hdtv-lol.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E12.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E13.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E14.The.Rat.Screener.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E15.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E16.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E17.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E18.DVDSCR.XviD.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S01E19.PROPER.HDTV-iNT.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E01.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E02.HDTV.XviD-LOL[www.firstdown.nl].avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E04.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E05.HDTV.XviD.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E06.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E07.HDTV.XviD-LOL[www.moviex.info].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E08.HDTV.XviD.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E09.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E11.PROPER.HDTV.XviD-XOR.[www.torrentfive.com].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E12.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E13.HDTV.XviD-XOR[www.firstdown.nl].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E15.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E16.HDTV.XviD-NoTV.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E17.HDTV.XViD-NoTV.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E18.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E19.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E20.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E21.HDTV.XviD-LOL.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S02E22.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E01.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E02.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E03.PROPER.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E04.HDTV.XViD-Caph.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E05.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E06.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E07.HDTV.XviD-XOR.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E08.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S03E09.HDTV.XviD-NoTV.[www.torrentfive.com].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E01.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E02.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E03.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E05.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E07.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E09.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E12.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E13.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E14.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E15.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E16.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E17.REPACK.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E18.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E19.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E20.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E21.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.S04E22.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.The.Final.Break.WS.PDTV.XviD-iLM.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Prison.Break.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pulp.Fiction.[1994].DvDrip[ENG]-P4DGE_[www.superfundo.org].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Punisher-War.Zone[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Punjabi Bhangra Mix [wacky_p].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Push[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E01.Pie-lette.PROPER.DVDRip.XviD.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E02.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E03.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E04.HDTV.xViD-Caph.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E05.HDTV.xVID-Caph.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E06.HDTV.XViD-Caph.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E07.HDTV.XViD-Caph.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E08.HDTV.XViD-Caph.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Pushing.Daisies.S01E09.HDTV.XViD-DOT_[www.musicfilmsdownloads.net].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\resume.dat
c:\documents and settings\Administrator\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Administrator\Application Data\uTorrent\RnB Love Songs 2009 - Various(split tracks+covers).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\RocknRolla[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\rss.dat
c:\documents and settings\Administrator\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Administrator\Application Data\uTorrent\Saving Private Ryan [1999]DvDrip[Eng]-dbk.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Season 1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Sega Saturn Games.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\settings.dat
c:\documents and settings\Administrator\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Administrator\Application Data\uTorrent\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Sex.And.The.City-The.Movie.2008.[Movie-Torrentz].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Sex.Drive[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\SHIKAMARA.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Sin and Punishment.N64.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Slumdog.Millionaire.DVDSCR.XviD-NoGrp.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Slumdog.Millionaire.DVDSCR.XviD-NoGrp.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Spirited Away.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Spyware Doctor 6.0.1.441 - (Malestrom).rar.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Starcraft + BroodWar + Update Patch 1.151 + CD Key.1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Starcraft + BroodWar + Update Patch 1.151 + CD Key.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Step.Up[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Street Fighter III Third Strike.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Sukkar banat aka Caramel (2007).DVDRip-Arabic.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Super StarDust Portable [EUR] [PSP].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Terminator Salvation Trailer (HD)~shan.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Arrivals (The Series flv).1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Arrivals (The Series flv).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Curious Case of Benjamin Button.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Duchess[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Fratellis - Here We Stand [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Notebook DVDRip Occor.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Shawshank Redemption.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Spirit[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Transporter[2002]DVDrip[AC-3(5.1)ENG][a UKB-RG Xvid by]- keltz.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Watchmen.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The Wire Season 1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The.Accidental.Husband[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The.Casino.Job.2009.DVDRip.XviD-VH-PROD.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The.Dark.Knight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The.House.Bunny[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\The.Sixth.Sense.[1999].DVDRip.Xvid.Blood.avi.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Thick.As.Thieves[2009]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Top 100 Trance and Techno Party Songs of All Time.2008.www.lokotorrents.com.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Towelhead.2007.LiMiTED.DVDRip.XviD-LMG.[Movie-Torrent].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Training Day[DivX-MP3][DVDRip] [mattlb0619].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Transporter 2 [2005] Uncut.Eng.DvDrip.NeRoZ.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Transporter.3[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Tropic.Thunder[2008]DvDrip-aXXo.1.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Tropic.Thunder[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Twilight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Ultimate Bootable Rescue Toolkit v0.1 ( 10-03-2009 ).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\uTorrent 1.8.2 build 15167 with DHT patch.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Administrator\Application Data\uTorrent\Va-Arabic_Music_Tape_2007-(Mixed_By_DJ_Nilo).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Va-Arabic_Top_Hits_High_Quality_Songs-(Mixed_By_DJ_Nilo).torrent
c:\documents and settings\Administrator\Application Data\uTorrent\VA_-_MOS_The_Annual_Summer_2009-2CD-2009-BTARENA.org.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\valentine day arabic.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\What.Happens.In.Vegas[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\White Lies - To Lose My Life [mp3-224-2009].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Wigan Pier Presents-2009(split tracks + covers)barney's rg.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Wigan Pier.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Wii.Links.Crossbow.Training.DVD5.PAL.[WiiScrubbed].[Brickblocked].PBoy.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Wii.Super.Paper.Mario.DVD5.PAL.[WiiScrubbed].[Brickblocked].PBoy.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Wild.Child[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Windows XP Professional 32-bit en-US - Black Edition v2009.4.19.iso.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\WINDOWS XP SP3 - 2009 - ULTRA EDITION.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\World.of.Goo-SKIDROW.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\XIII-The.Conspiracy[2008]DvDrip-aXXo.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Xilisoft All Products Keygen.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Xilisoft iPod Mate v2.0 [ThE PaRaDiSe Serial][LMi keygen][BLiZZARD keygen][h33t][matt14].torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Zack.And.Miri.Make.A.Porno[2008]DvDrip-aXXo.torrent
c:\program files\uTorrent
c:\program files\uTorrent\15167-utorrent.1f24.dmp
c:\program files\uTorrent\15167-utorrent.ca67.dmp
c:\program files\uTorrent\15167-utorrent.f882.dmp

.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-05 03:50 . 2009-05-13 21:56 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-05 03:50 . 2009-05-13 21:56 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-05 03:49 . 2009-09-05 22:14 -------- d-----w- c:\program files\DivX
2009-09-02 02:24 . 2009-09-02 02:24 -------- d-----w- c:\program files\Trend Micro
2009-08-29 20:02 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-29 20:01 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-29 20:01 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-29 20:01 . 2009-09-02 16:28 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-29 20:01 . 2009-08-29 20:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-29 20:01 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-29 20:01 . 2009-08-30 14:22 -------- d-----w- c:\program files\Spyware Doctor
2009-08-29 20:01 . 2009-08-29 20:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-08-29 20:01 . 2009-08-29 20:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-12 20:54 . 2009-08-12 21:03 -------- d-----w- C:\Casino

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 00:19 . 2008-12-07 12:45 -------- d-----w- c:\program files\Common Files\Apple
2009-09-06 00:06 . 2009-01-24 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-05 22:18 . 2009-05-18 08:10 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-04 17:01 . 2009-08-02 17:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-16 12:39 . 2009-08-01 13:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-08-01 13:44 . 2009-08-01 13:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-08-01 13:44 . 2009-08-01 13:42 -------- d-----w- c:\program files\Yahoo!
2009-08-01 13:44 . 2009-08-01 13:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2009-07-29 17:01 . 2009-02-19 10:22 -------- d-----w- c:\program files\Norton Security Scan
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\program files\NortonInstaller
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-07-28 21:08 . 2009-07-28 21:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-28 21:07 . 2009-07-28 21:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-07-28 21:07 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Suite
2009-07-28 21:05 . 2009-07-28 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-28 21:05 . 2009-07-28 21:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-28 19:04 . 2009-07-28 18:59 -------- d-----w- c:\program files\DIFX
2009-07-28 19:02 . 2009-07-28 19:02 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-28 19:01 . 2009-07-28 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-28 19:01 . 2009-07-28 18:55 -------- d-----w- c:\program files\Nokia
2009-07-28 18:58 . 2009-07-28 18:58 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-28 18:53 . 2009-07-26 18:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-07-26 18:10 . 2009-07-26 18:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-26 18:10 . 2009-07-26 18:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-23 16:17 . 2009-07-23 15:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImgBurn
2009-07-23 15:38 . 2009-07-23 15:38 -------- d-----w- c:\program files\ImgBurn
2009-07-23 12:43 . 2008-11-20 11:35 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-15 16:51 . 2009-07-15 16:38 -------- d-----w- c:\program files\Project64 1.6
2009-07-15 16:16 . 2009-07-15 16:16 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-07-09 22:37 . 2009-04-05 21:05 -------- d-----w- c:\program files\mkv2vob
2009-07-09 13:02 . 2009-07-09 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Participatory Culture Foundation
2009-07-09 13:01 . 2009-07-09 13:01 -------- d-----w- c:\program files\Participatory Culture Foundation
2009-07-04 23:16 . 2008-11-20 11:34 20960 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-04_14.38.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 12:34 . 2009-05-13 21:56 88824 c:\windows\system32\vxblock.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 64760 c:\windows\system32\pxinsa64.exe
- 2008-12-31 12:34 . 2007-03-07 23:51 64760 c:\windows\system32\pxinsa64.exe
- 2008-12-31 12:34 . 2007-03-07 23:51 72440 c:\windows\system32\pxhpinst.exe
+ 2008-12-31 12:34 . 2009-05-13 21:56 72440 c:\windows\system32\pxhpinst.exe
+ 2008-12-31 12:34 . 2009-05-13 21:56 66296 c:\windows\system32\pxcpya64.exe
- 2008-12-31 12:34 . 2007-03-07 23:51 379640 c:\windows\system32\pxwave.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 379640 c:\windows\system32\pxwave.dll
- 2008-12-31 12:34 . 2007-03-07 23:51 187128 c:\windows\system32\pxmas.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 187128 c:\windows\system32\pxmas.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 518904 c:\windows\system32\pxdrv.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 129784 c:\windows\system32\pxafs.dll
- 2008-12-31 12:34 . 2007-03-07 23:51 129784 c:\windows\system32\pxafs.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 551672 c:\windows\system32\px.dll
- 2008-12-31 12:34 . 2007-03-07 23:51 1628920 c:\windows\system32\pxsfs.dll
+ 2008-12-31 12:34 . 2009-05-13 21:56 1628920 c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-24 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-30 113664]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2009-2-3 884840]
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/08/2009 21:01 130936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 19:18 55152]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [06/11/2008 16:45 17149]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [15/07/2009 17:16 33792]
S2 AdobeAlerter;Adobe LM Service AdobeAlerter;c:\windows\TEMP\pkohuubmvr.exe service --> c:\windows\TEMP\pkohuubmvr.exe service [?]
S3 ATHFMWDL;NETGEAR WG111T Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [01/01/2009 22:09 43392]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [05/07/2009 20:01 22640]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29/08/2009 21:01 348752]

--- Other Services/Drivers In Memory ---

*Deregistered* - cpuz132
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 01:34]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 01:34]

2009-09-04 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-29 17:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://today.ask.com/dvdvideosoft?o=13162&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rmhhq3t.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 17:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
.
Completion time: 2009-09-06 17:38
ComboFix-quarantined-files.txt 2009-09-06 16:38
ComboFix2.txt 2009-09-05 22:02
ComboFix3.txt 2009-09-04 14:45

Pre-Run: 15,104,872,448 bytes free
Post-Run: 15,296,221,184 bytes free

612 --- E O F --- 2009-08-17 22:13

As follows my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:06, on 06/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/dvdvideosoft?o=13162&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Chi_DESTROYS_XpWGA.lnk = ?
O4 - Startup: procexp.lnk = C:\Documents and Settings\Administrator\Desktop\procexp.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe LM Service AdobeAlerter (AdobeAlerter) - Unknown owner - C:\WINDOWS\TEMP\pkohuubmvr.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11115 bytes

Many Thanks

Mughalj
mughalj
Active Member
 
Posts: 9
Joined: September 1st, 2009, 10:33 pm

Re: rundll error loading tapi.nfo

Unread postby Shaba » September 6th, 2009, 1:35 pm

Looks like we have some illegal software to uninstall.

Uninstall these:

Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Search for Help
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Driver Genius Professional Edition
EVEREST Ultimate v4.20.1257 + Corporate Edition Beta Registered
PowerISO
Spyware Doctor 6.0
Suite Shared Configuration CS4
Xilisoft DVD to iPod Converter
Xilisoft iPod Rip
Xilisoft iPod Video Converter

Then:

Please go HERE (Microsoft website) using Internet Explorer (NOTE: Do not use Firefox or any other browser as they won't work)
- Click on Windows Validation Assistant
- Click on the Validate Now button.
- Be patient while the ActiveX loads, do not click on any links.
- Read the instructions on this page while it's loading. You will be prompted to install - click YES.
- Enter your product key then click continue
- When it says "Validation Complete" please click Continue to return to your previous activity
- Copy what it says and paste it here.

Post:

- a fresh uninstall list
- validation results
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware