I seem to be getting slow internet and popups.Here is my log Logfile of HijackThis v1.99.1Scan saved at 7:40:27 AM, on 13/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\s ystem32\winlogon.exeC:\WINDOWS\system32\services.e xeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 \svchost.exeC:\WINDOWS\System32\svchost.exeC:\WIND OWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\System32\svchost.exeC:\Pro gram Files\Common Files\LightScribe\LSSrvc.exeC:\AC Web Ultimate Repack\Server\mysql\bin\mysqld-nt.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Ex plorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS \system32\wscntfy.exeC:\WINDOWS\system32\rundll32. exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\syst em32\rundll32.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Steam\Steam.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.localO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [BM73a33207] Rundll32.exe "C:\WINDOWS\system32\bxhjrcki.dll",sO 4 - HKLM\..\Run: [7090019b] rundll32.exe "C:\WINDOWS\system32\eohfwvrq.dll",bO 4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorunO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk.disabledO4 - Global Startup: InterVideo WinCinema Manager.lnk.disabledO4 - Global Startup: Microsoft Office.lnk.disabledO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.htmlO8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/reso...SNPUpld.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/r...cab?lmi=100O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: mysql - Unknown owner - C:\AC.exe (file missing)O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Hmm having trouble making it post correctly.

Welcome, yeah that is a mess and unreadable, try this:


Please download and install the latest version of HijackThis v2.0.2:Delete the old version you have

CLICK HERE to download the HijackThis Installer:http://www.trendsecure.com/portal/en...HJTInstall.exe

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:22 PM, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [BM73a33207] Rundll32.exe "C:\WINDOWS\system32\slvuyxxt.dll",s
O4 - HKLM\..\Run: [7090019b] rundll32.exe "C:\WINDOWS\system32\rcqtntok.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\AC.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4958 bytes

Welcome,



If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

New hijackthis log also please.

ComboFix 08-03-18.1 - Owner 2008-03-20 15:46:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1446 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 132 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 132 bytes in 1 streams.
ADS - explorer.exe: deleted 228 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM73a33207.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bahatrpw.dll
C:\WINDOWS\system32\ditgkiki.ini
C:\WINDOWS\system32\eeipejro.dll
C:\WINDOWS\system32\eeswhvaa.dll
C:\WINDOWS\system32\fmpnmnmy.dll
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\hrijblrs.dll
C:\WINDOWS\system32\ikikgtid.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\orjepiee.ini
C:\WINDOWS\system32\slvuyxxt.dll
C:\WINDOWS\system32\tuvstqr.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\wmcjemyh.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.
2008-03-19 15:52 . 2008-03-19 15:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:45 . 2008-03-19 15:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ubisoft
2008-03-19 13:22 . 2008-03-19 16:04 714 ---hs---- C:\WINDOWS\system32\kotntqcr.ini
2008-03-18 13:19 . 2008-03-19 13:20 594 ---hs---- C:\WINDOWS\system32\wmhnkwgu.ini
2008-03-17 13:19 . 2008-03-17 13:19 534 ---hs---- C:\WINDOWS\system32\qcgthyev.ini
2008-03-16 13:04 . 2008-03-16 13:13 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-16 13:04 . 2008-03-16 13:13 55,327 --a------ C:\WINDOWS\War3Unin.dat
2008-03-16 13:04 . 2008-03-16 13:13 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-16 13:00 . 2008-03-20 13:40 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-14 15:44 . 2008-03-14 15:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ubisoft
2008-03-14 15:44 . 2008-03-14 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-14 08:18 . 2008-03-14 08:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-03-14 08:01 . 2008-03-14 08:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-14 07:54 . 2008-03-14 07:56 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-14 07:50 . 2008-03-20 15:27 <DIR> d-------- C:\Program Files\AdVantage
2008-03-14 07:49 . 2008-03-14 07:58 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-13 08:31 . 2008-03-13 08:31 0 --a------ C:\WINDOWS\VPC32.INI
2008-03-13 08:25 . 2008-03-13 08:23 124,167 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-03-13 08:25 . 2008-03-13 08:23 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-13 08:25 . 2008-03-13 08:23 73,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-13 08:24 . 2008-03-13 08:24 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2008-03-13 08:24 . 2008-03-13 08:25 <DIR> d-------- C:\Program Files\Symantec
2008-03-13 08:24 . 2008-03-13 08:25 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-13 08:24 . 2008-03-13 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 07:52 . 2008-03-13 08:21 147 --a------ C:\WINDOWS\wininit.ini
2008-03-12 08:23 . 2008-03-17 13:13 474 ---hs---- C:\WINDOWS\system32\qrvwfhoe.ini
2008-03-11 21:16 . 2008-03-12 08:15 354 --ahs---- C:\WINDOWS\system32\xftmypvr.ini
2008-03-11 08:04 . 2008-03-11 08:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-11 08:03 . 2008-03-11 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-11 08:03 . 2007-05-30 23:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-10 18:32 . 2008-03-10 18:32 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-10 18:27 . 2008-03-10 19:52 <DIR> d-------- C:\SDFix
2008-03-10 17:55 . 2008-03-10 17:55 <DIR> d-------- C:\Program Files\CleanUp!
2008-03-10 14:49 . 2008-03-10 14:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-10 08:22 . 2008-03-10 08:22 <DIR> d-------- C:\Documents and Settings\Owner\killbox
2008-03-09 21:21 . 2008-03-10 17:52 1,308,221 --ahs---- C:\WINDOWS\system32\mgrimaqj.ini
2008-03-09 19:55 . 2008-03-10 18:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-09 19:55 . 2008-03-09 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 14:36 . 2008-03-10 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 21:21 . 2008-03-09 21:15 1,307,681 --ahs---- C:\WINDOWS\system32\rswuylwi.ini
2008-03-07 23:15 . 2008-03-07 23:15 <DIR> d-------- C:\WINDOWS\9580813D94B14C289426A441E2BB29A5.TMP
2008-03-07 19:40 . 2008-03-07 19:40 <DIR> d-------- C:\Program Files\Xvid
2008-03-07 19:40 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-07 19:40 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-07 19:38 . 2008-03-07 19:38 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.15
2008-03-07 19:32 . 2008-03-07 19:32 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-07 18:57 . 2008-03-07 18:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\STOIK
2008-03-07 18:57 . 2008-03-07 19:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Any Video Converter
2008-03-07 17:54 . 2008-03-07 17:54 <DIR> d-------- C:\Program Files\Cucusoft
2008-03-07 17:54 . 2008-03-07 17:54 <DIR> d-------- C:\ConverterOutput
2008-03-07 17:54 . 2007-03-25 00:51 3,049,984 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-03-07 17:54 . 2007-03-25 21:40 2,174,976 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-03-07 17:54 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2008-03-07 17:54 . 2007-03-25 00:51 404,480 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-03-07 17:54 . 2007-01-01 05:30 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-03-07 17:54 . 2007-03-25 00:51 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-07 17:54 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-07 17:54 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-03-07 17:53 . 2008-03-07 17:53 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-07 07:56 . 2008-03-07 08:05 <DIR> d-------- C:\Downloads
2008-03-07 07:56 . 2008-03-07 08:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Orbit
2008-03-06 19:46 . 2008-03-06 19:46 <DIR> d-------- C:\Program Files\iTunes
2008-03-06 19:46 . 2008-03-06 19:46 <DIR> d-------- C:\Program Files\iPod
2008-03-06 18:48 . 2008-03-06 18:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-06 17:10 . 2008-03-07 08:08 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-03-06 17:10 . 2008-03-06 17:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-03-04 19:57 . 2008-03-04 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-03-04 07:10 . 2008-03-04 07:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-04 07:10 . 2008-03-04 07:11 419 --ah----- C:\IPH.PH
2008-03-03 17:09 . 2008-03-03 17:09 <DIR> d-------- C:\Program Files\Bomber Game Server
2008-03-02 10:35 . 2008-03-02 11:02 <DIR> d-------- C:\WINDOWS\vf_hip
2008-03-02 10:35 . 2008-03-02 11:02 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-03-02 10:35 . 2008-03-02 10:35 32 --a------ C:\WINDOWS\go
2008-03-02 09:02 . 2008-03-02 09:02 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-03-01 01:30 . 2008-03-01 01:30 <DIR> d-------- C:\Program Files\GameArena
2008-02-27 08:28 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-02-27 08:27 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-26 20:11 . 2008-03-10 18:16 <DIR> d-------- C:\temp
2008-02-26 20:11 . 2008-02-26 20:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-26 07:42 . 2008-02-26 07:42 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-02-26 07:39 . 2007-12-19 11:34 211 --ahs---- C:\BOOT.BKK
2008-02-25 21:43 . 2008-03-09 22:22 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-02-25 21:41 . 2008-02-25 21:41 <DIR> d-------- C:\Program Files\WinCustomize
2008-02-25 21:41 . 2008-02-25 21:41 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-25 21:41 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-02-25 21:32 . 2008-02-25 21:32 <DIR> d-------- C:\Program Files\TGTSoft
2008-02-25 20:50 . 2008-02-25 20:50 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-02-23 11:24 . 2008-02-23 11:24 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-23 11:22 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-23 11:21 . 2008-02-23 11:22 <DIR> d-------- C:\WESTWOOD
2008-02-23 11:21 . 1996-11-07 06:11 69,632 --a------ C:\WINDOWS\RAUNINST.EXE
2008-02-23 11:20 . 2008-02-23 11:20 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2008-02-21 13:05 . 2008-02-21 13:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 13:05 . 2008-02-21 13:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 13:05 . 2008-02-21 13:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 13:05 . 2008-02-21 13:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 13:05 . 2008-02-21 13:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-21 13:03 . 2008-02-21 13:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-21 13:03 . 2008-02-21 13:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-02-21 13:03 . 2008-02-21 13:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-18 03:24 --------- d-----w C:\Program Files\Steam
2008-03-13 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 21:10 --------- d-----w C:\Program Files\Ubisoft
2008-03-13 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-03-10 07:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 03:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-03-07 23:12 --------- d-----w C:\Program Files\Java
2008-03-07 07:54 --------- d-----w C:\Program Files\NCH Software
2008-03-07 07:20 --------- d-----w C:\Program Files\DivX
2008-03-06 21:08 --------- d-----w C:\Program Files\Common Files\Real
2008-03-03 20:10 --------- d-----w C:\Program Files\AIM6
2008-03-02 01:27 --------- d-----w C:\Program Files\Fury
2008-02-23 08:46 --------- d-----w C:\Program Files\FinalAlert 2 Yuri's Revenge
2008-02-16 22:06 --------- d-----w C:\Program Files\Opera
2008-02-15 21:58 --------- d-----w C:\Program Files\0x90.org
2008-02-13 16:03 0 ----a-w C:\WINDOWS\system32\drivers\ag3jok0e.sys
2008-02-13 16:03 0 ----a-w C:\WINDOWS\system32\drivers\a8njrkem.sys
2008-02-12 08:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-12 05:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
2008-02-11 21:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-02-11 21:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-09 16:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-09 03:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-09 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-08 09:46 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-02-08 09:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-03 01:58 --------- d-----w C:\Program Files\Microsoft Games
2008-02-02 22:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2008-02-02 10:27 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-30 07:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-01-28 21:54 --------- d-----w C:\Program Files\MagicISO
2008-01-28 21:22 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-01-28 20:59 --------- d-----w C:\Program Files\THQ
2008-01-28 11:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-01-28 09:52 --------- d-----w C:\Program Files\Valve
2008-01-26 12:04 --------- d-----w C:\Program Files\World of Warcraft
2008-01-25 23:32 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-25 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-25 04:14 --------- d-----w C:\Program Files\BitTorrent
2008-01-25 00:38 --------- d-----w C:\Program Files\GIGABYTE
2008-01-23 23:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-22 23:22 --------- d-----w C:\Program Files\DNA
2008-01-22 22:13 --------- d-----w C:\Program Files\BitLord
2008-01-22 21:54 --------- d-----w C:\Program Files\Azureus
2008-01-22 10:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-22 10:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-01-22 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-22 09:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\My Games
2008-01-22 01:28 --------- d-----w C:\Program Files\EA Games
2008-01-21 23:23 --------- d-----w C:\Program Files\Firaxis Games
2008-01-21 23:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Firaxis Games
2008-01-21 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-20 08:51 --------- d-----w C:\Program Files\HeidiSQL
2008-01-20 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\HeidiSQL
2008-01-20 08:22 --------- d-----w C:\Program Files\QuickTime
2008-01-20 07:02 --------- d-----w C:\Program Files\Valve Hammer Editor
2008-01-20 01:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-01-20 01:57 --------- d-----w C:\Program Files\PlayFirst
2008-01-20 00:01 --------- d-----w C:\Program Files\GCFScape
2007-12-29 00:09 21 ----a-w C:\Program Files\Common Files\appop.log
2007-12-20 00:24 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-20 00:24 245,760 ----a-w C:\WINDOWS\Setup1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32636750-620D-4A7A-93CB-B8A5E732EE0D}]
C:\WINDOWS\system32\sstqn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC5D5991-C094-45F3-9ADC-9FBD322B05AA}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-17 19:52 136136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 23:00 15360]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 10:29 8466432]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 20:25 6731312]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2006-07-13 07:12 729088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 23:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-12-19 11:55:23 1757]
InterVideo WinCinema Manager.lnk.disabled [2007-12-19 12:54:11 1787]
Microsoft Office.lnk.disabled [2008-01-12 13:47:30 1730]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvstqr]
tuvstqr.dll
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Steam"="c:\program files\steam\steam.exe" -silent
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Aim6"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe"
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Fury\\Binaries\\Fury.exe"=
"C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5999:UDP"= 5999:UDP:MaxiVista Server
"5951:TCP"= 5951:TCP:MaxiVista Server
"6001:UDP"= 6001:UDP:MaxiVista Server B
"3306:TCP"= 3306:TCP:WowPrivate Server
S3 bbedxb;bbedxb;C:\Documents and Settings\Owner\My Documents\WowGlider\bbedxb.sys []
S3 btguixipl;btguixipl;C:\Documents and Settings\Owner\My Documents\WowGliderFour\btguixipl.sys []
S3 bwueqxmsh;bwueqxmsh;C:\Documents and Settings\Owner\My Documents\WowGlider\bwueqxmsh.sys []
S3 cucwbmmvh;cucwbmmvh;C:\Documents and Settings\Owner\My Documents\WowGliderSeven\cucwbmmvh.sys []
S3 das;das;C:\Documents and Settings\Owner\My Documents\WowGlider\das.sys []
S3 emtovr;emtovr;C:\Documents and Settings\Owner\My Documents\WowGliderThree\emtovr.sys []
S3 ewejvkipal;ewejvkipal;C:\Documents and Settings\Owner\My Documents\WowGliderThree\ewejvkipal.sys []
S3 flek;flek;C:\Documents and Settings\Owner\My Documents\WowGlideSix\flek.sys [2008-02-09 17:26]
S3 guiragrjad;guiragrjad;C:\Documents and Settings\Owner\My Documents\WowGliderTwo\guiragrjad.sys []
S3 iwrvqiww;iwrvqiww;C:\Documents and Settings\Owner\My Documents\WowGliderTwo\iwrvqiww.sys []
S3 iyouzj;iyouzj;C:\Documents and Settings\Owner\My Documents\WowGlider\iyouzj.sys []
S3 jrtonquql;jrtonquql;C:\Documents and Settings\Owner\My Documents\WowGlider\jrtonquql.sys []
S3 jssjuk;jssjuk;C:\Documents and Settings\Owner\My Documents\WowGliderThree\jssjuk.sys []
S3 kobb;kobb;C:\Documents and Settings\Owner\My Documents\WowGliderThree\kobb.sys []
S3 krkzi;krkzi;C:\Documents and Settings\Owner\My Documents\WowGlider\krkzi.sys []
S3 lxv;lxv;C:\Documents and Settings\Owner\My Documents\WowGliderThree\lxv.sys []
S3 maxidemo;Maxi_Vista_Demo_Driver;C:\WINDOWS\system3 2\DRIVERS\maxidemo.sys []
S3 maximir;maximir;C:\WINDOWS\system32\DRIVERS\maximi r.sys []
S3 maxivista;Maxi_Vista_DriverA;C:\WINDOWS\system32\D RIVERS\maxivista.sys []
S3 maxivistb;Maxi_Vista_DriverB;C:\WINDOWS\system32\D RIVERS\maxivistb.sys []
S3 mcyrvrrdj;mcyrvrrdj;C:\Documents and Settings\Owner\My Documents\WowGliderSeven\mcyrvrrdj.sys []
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys []
S3 ogo;ogo;C:\Documents and Settings\Owner\My Documents\WowGliderTwo\ogo.sys []
S3 opn3thyB;opn3thyB;C:\Documents and Settings\Owner\My Documents\WowGliderThree\opn3thyB.sys [2008-03-20 08:37]
S3 pjmupqe;pjmupqe;C:\Documents and Settings\Owner\My Documents\WowGlider\pjmupqe.sys []
S3 qszamdjcsy;qszamdjcsy;C:\Documents and Settings\Owner\My Documents\WowGliderThree\qszamdjcsy.sys []
S3 rkuymkg;rkuymkg;C:\Documents and Settings\Owner\My Documents\WowGliderSeven\rkuymkg.sys []
S3 ShadowD;ShadowD;C:\Documents and Settings\Owner\My Documents\WowGliderThree\ShadowD.sys []
S3 svqlygubeb;svqlygubeb;C:\Documents and Settings\Owner\My Documents\WowGlider\svqlygubeb.sys []
S3 txzkrc;txzkrc;C:\Documents and Settings\Owner\My Documents\WowGliderThree\txzkrc.sys []
S3 uahzmvbkv;uahzmvbkv;C:\Documents and Settings\Owner\My Documents\WowGlider\uahzmvbkv.sys []
S3 urqwjmbim;urqwjmbim;C:\Documents and Settings\Owner\My Documents\WowGliders\OrginalGlider\urqwjmbim.sys [2008-02-09 14:39]
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 14:51]
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 14:52]
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 14:53]
S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 14:54]
S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 14:55]
S3 vcxooylcqb;vcxooylcqb;C:\Documents and Settings\Owner\My Documents\WowGlider\vcxooylcqb.sys []
S3 WowGliderTwo;WowGliderTwo;C:\Documents and Settings\Owner\My Documents\WowGlider\WowGliderTwo.sys []
S3 wyciqlwvnq;wyciqlwvnq;C:\Documents and Settings\Owner\My Documents\WowGliderTwo\wyciqlwvnq.sys []
S3 xgugqe;xgugqe;C:\Documents and Settings\Owner\My Documents\WowGlider\xgugqe.sys []
S3 xtauowov;xtauowov;C:\Documents and Settings\Owner\My Documents\WowGliderThree\xtauowov.sys []
S3 ycvvpcdws;ycvvpcdws;C:\Documents and Settings\Owner\My Documents\WowGlider\ycvvpcdws.sys []
S3 ytkslro;ytkslro;C:\Documents and Settings\Owner\My Documents\WowGliderTwo\ytkslro.sys []
S3 yznfldlo;yznfldlo;C:\Documents and Settings\Owner\My Documents\WowGliderThree\yznfldlo.sys []
S3 zkrg;zkrg;C:\Documents and Settings\Owner\My Documents\WowGliderTwo\zkrg.sys []
S3 zrplk;zrplk;C:\Documents and Settings\Owner\My Documents\WowGliderTwo\zrplk.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 08:38]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7f405324-adce-11dc-9519-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F3E5D49A-C1F4-FFD8-651F-7DED939481DF}]
C:\WINDOWS: .exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 21:37:51 C:\WINDOWS\Tasks\BitLord.job"
- C:\PROGRA~1\BitLord\BitLord.exe
"2008-03-13 11:39:01 C:\WINDOWS\Tasks\GliderMonkey.job"
- C:\Documents and Settings\Owner\My Documents\Glider Monkey\GliderMonkey.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 15:56:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 1
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m ysql]
"ImagePath"="\"C:\AC Web Ultimate Repack\Server\mysql\bin\mysqld-nt\" \"--defaults-file=C:\AC Web Ultimate Repack\Server\mysql\bin\my.cnf\" mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\AC Web Ultimate Repack\Server\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-03-20 16:01:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 05:01:14
.
2008-03-12 16:03:57 --- E O F ---



And the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:53 PM, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\AC Web Ultimate Repack\Server\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {32636750-620D-4A7A-93CB-B8A5E732EE0D} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DC5D5991-C094-45F3-9ADC-9FBD322B05AA} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: tuvstqr - tuvstqr.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\AC.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6298 bytes

Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE

Files::
C:\WINDOWS\system32\kotntqcr.ini
C:\WINDOWS\system32\wmhnkwgu.ini
C:\WINDOWS\system32\qcgthyev.ini
C:\WINDOWS\system32\qrvwfhoe.ini
C:\WINDOWS\system32\xftmypvr.ini
C:\WINDOWS\system32\rswuylwi.ini
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\vtutu.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32636750-620D-4A7A-93CB-B8A5E732EE0D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC5D5991-C094-45F3-9ADC-9FBD322B05AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvstqr]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

I did what you said, and got a blue screen.

Should i try again?

Give me another combofix log and we will delete manually.