Hello Im having some problems with my computer

JChretienJChretien Vancouver, BC, Canada
edited December 2008 in Spyware & Virus Removal
WIndows security center keeps disabling automatic updates, i get random popups and NOD32 keeps telling me i have a kryptik.bn trojan. I hit delete every time but it always comes back! Help please:respect:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:29 AM, on 11/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chidori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
O4 - HKLM\..\Run: [ecb97926] rundll32.exe "C:\WINDOWS\system32\ftbrowan.dll",b
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Chidori\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\overclocked.nsu"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chidori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://dvrlink.net/webdvr/webdvr2.5.10.2_233.0.0.0.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O20 - AppInit_DLLs: oehshi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BelkinAPMmanager - Macrovision - C:\PROGRA~1\BELKIN~1\BE8806~1.EXE
O23 - Service: BelkinAPMmonitor - Macrovision - C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - Macrovision - C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 6304 bytes

Comments

  • VekaVeka Finland
    edited November 2008
    Hi there. :)

    Step 1:

    Please download to your desktop:

    Malwarebytes' Anti-Malware (MBAM)
    Random's System Iformation Tool (RSIT)

    Step 2:
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Step 3:
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • Please post the contents of both log.txt (will be maximized) and info.txt (will be minimized)

    In your next reply, please include:
    • The results of MBAM scan.
    • Both, log.txt and info.txt, logs.
  • JChretienJChretien Vancouver, BC, Canada
    edited November 2008
    Malwarebytes' Anti-Malware 1.30
    Database version: 1401
    Windows 5.1.2600 Service Pack 2

    11/16/2008 10:20:31 AM
    mbam-log-2008-11-16 (10-20-31).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|L:\|P:\|)
    Objects scanned: 249388
    Time elapsed: 2 hour(s), 10 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 4
    Registry Keys Infected: 16
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 28

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\ddcDvvUN.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ftbrowan.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\oehshi.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\iifEwvvW.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47080957-7903-41fc-b655-ceba0a65e64a} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifewvvw (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{47080957-7903-41fc-b655-ceba0a65e64a} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652bb3d5-6e01-46aa-83cf-bbcc01f79dc8} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{652bb3d5-6e01-46aa-83cf-bbcc01f79dc8} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7ef49d8-1dc0-4944-8f4a-42d3d21c2c5c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b7ef49d8-1dc0-4944-8f4a-42d3d21c2c5c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7ef49d8-1dc0-4944-8f4a-42d3d21c2c5c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{47080957-7903-41fc-b655-ceba0a65e64a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{652bb3d5-6e01-46aa-83cf-bbcc01f79dc8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecb97926 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{47080957-7903-41fc-b655-ceba0a65e64a} (Trojan.Vundo.H) -> Delete on reboot.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdvvun -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdvvun -> Delete on reboot.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\iifEwvvW.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ddcDvvUN.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\NUvvDcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NUvvDcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oehshi.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ftbrowan.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\naworbtf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vlkgwpqj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jqpwgklv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wjhngkbi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ibkgnhjw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temp\yaafjhkr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temp\bxvxoddb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\912CMWXG\70bd6[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\912CMWXG\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\912CMWXG\kb600179[1] (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\AKHJKGM1\70bd6[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\AKHJKGM1\70bd6[2].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\AKHJKGM1\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\M5EYC2E7\70bd6[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\QR1B3DWF\70bd6[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chidori\Local Settings\Temporary Internet Files\Content.IE5\QR1B3DWF\index[1] (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\kdjiua.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\mhvvkf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\puoghwdm.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\cluudvqn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\muqqgeri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\krgfyhvs.dll (Trojan.Vundo) -> Delete on reboot.
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Chidori at 2008-11-16 10:28:57
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (11%) free of 29 GB
    Total RAM: 2047 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:29:02 AM, on 11/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Chidori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
    C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Chidori\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Chidori.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: {02f17671-2d3f-a07a-77b4-1c52ca09ede7} - {7ede90ac-25c1-4b77-a70a-f3d217671f20} - C:\WINDOWS\system32\kdjiua.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D366F4E4-FD2F-4E5C-A97E-14A3944EFD6E} - C:\WINDOWS\system32\tuvUKBtr.dll (file missing)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Chidori\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\overclocked.nsu"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chidori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://dvrlink.net/webdvr/webdvr2.5.10.2_233.0.0.0.cab
    O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
    O20 - AppInit_DLLs: kdjiua.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BelkinAPMmanager - Macrovision - C:\PROGRA~1\BELKIN~1\BE8806~1.EXE
    O23 - Service: BelkinAPMmonitor - Macrovision - C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
    O23 - Service: BelkinAPMRMI - Macrovision - C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

    --
    End of file - 6802 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ede90ac-25c1-4b77-a70a-f3d217671f20}]
    C:\WINDOWS\system32\kdjiua.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D366F4E4-FD2F-4E5C-A97E-14A3944EFD6E}]
    C:\WINDOWS\system32\tuvUKBtr.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
    "AS00_Gear311T"=C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe [2004-11-11 475136]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-17 8491008]
    "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
    "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-09-25 950664]
    "UltraMon"=C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-09-17 81920]
    "WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
    "itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
    "BelkinAPM"=C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe [2008-11-10 114688]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-07-03 81920]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-12-31 15360]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
    "Google Update"=C:\Documents and Settings\Chidori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chidori^Start Menu^Programs^Startup^MagicDisc.lnk]
    C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2007-09-05 557568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "FLEXnet Licensing Service"=3
    "Bonjour Service"=2
    "StarWindServiceAE"=2
    "npkcmsvc"=2

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Documents and Settings\Chidori\Start Menu\Programs\Startup
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="kdjiua.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:μTorrent"
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
    "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"
    "H:\FEAR\FEARXP\FEARXP.exe"="H:\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2008-11-16 10:28:57 ----D---- C:\rsit
    2008-11-16 01:15:37 ----SH---- C:\WINDOWS\system32\svhyfgrk.ini
    2008-11-16 01:04:29 ----D---- C:\Documents and Settings\Chidori\Application Data\Malwarebytes
    2008-11-16 01:04:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-16 01:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-15 11:12:21 ----D---- C:\Program Files\Trend Micro
    2008-11-13 11:05:13 ----A---- C:\WINDOWS\system32\lzfidg.dll
    2008-11-13 11:05:12 ----A---- C:\WINDOWS\system32\cygeqdrf.dll
    2008-11-13 10:19:35 ----ASH---- C:\WINDOWS\system32\rtBKUvut.ini2
    2008-11-13 10:19:14 ----A---- C:\WINDOWS\wininit.ini
    2008-11-13 09:54:06 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-13 09:54:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-10 22:28:08 ----A---- C:\WINDOWS\system32\TrayIcon12.dll
    2008-11-10 22:28:08 ----A---- C:\WINDOWS\system32\smemory.dll
    2008-11-10 22:28:08 ----A---- C:\WINDOWS\system32\jspWinRnia.DLL
    2008-11-10 22:28:08 ----A---- C:\WINDOWS\system32\jspWinRni.DLL
    2008-11-10 22:28:08 ----A---- C:\WINDOWS\system32\jspWinNm.DLL
    2008-11-10 22:28:08 ----A---- C:\WINDOWS\system32\jspWin.dll
    2008-11-10 22:18:52 ----D---- C:\Program Files\Belkin Bulldog Plus
    2008-11-10 16:56:44 ----D---- C:\Program Files\Easy Duplicate Finder
    2008-11-09 23:30:55 ----A---- C:\WINDOWS\system32\e79abd58-.txt
    2008-11-09 23:30:39 ----ASH---- C:\WINDOWS\system32\rtBKUvut.ini
    2008-11-09 12:00:40 ----D---- C:\Documents and Settings\Chidori\Application Data\Apple Computer
    2008-11-09 12:00:19 ----A---- C:\WINDOWS\system32\GEARAspi.dll
    2008-11-09 11:59:54 ----D---- C:\Program Files\iPod
    2008-11-09 11:59:52 ----D---- C:\Program Files\iTunes
    2008-11-09 11:59:52 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 00:18:42 ----D---- C:\Program Files\Common Files\Apple
    2008-11-05 00:18:38 ----D---- C:\Program Files\QuickTime
    2008-11-05 00:18:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-11-05 00:18:28 ----D---- C:\Program Files\Apple Software Update
    2008-11-05 00:18:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
    2008-11-05 00:11:52 ----SHD---- C:\Config.Msi
    2008-11-05 00:04:20 ----D---- C:\Program Files\CCleaner

    ======List of files/folders modified in the last 1 months======

    2008-11-16 10:26:54 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-16 10:25:19 ----D---- C:\WINDOWS\Temp
    2008-11-16 10:24:49 ----D---- C:\Documents and Settings\Chidori\Application Data\Hamachi
    2008-11-16 10:23:48 ----D---- C:\WINDOWS\system32
    2008-11-16 10:23:47 ----RD---- C:\Program Files
    2008-11-16 10:23:47 ----D---- C:\WINDOWS\system32\drivers
    2008-11-16 10:23:03 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-16 10:22:52 ----D---- C:\Documents and Settings\Chidori\Application Data\uTorrent
    2008-11-16 08:10:13 ----D---- C:\Program Files\Belkin Automatic Power Management Software
    2008-11-16 01:15:47 ----D---- C:\WINDOWS\Prefetch
    2008-11-15 11:45:29 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-15 11:30:31 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-11-13 10:19:14 ----D---- C:\WINDOWS
    2008-11-10 22:21:52 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-10 22:20:04 ----HD---- C:\WINDOWS\inf
    2008-11-10 14:35:21 ----D---- C:\Program Files\Zoom Player
    2008-11-09 12:00:43 ----SHD---- C:\WINDOWS\Installer
    2008-11-09 12:00:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-09 11:59:43 ----D---- C:\Program Files\Bonjour
    2008-11-05 00:18:42 ----D---- C:\Program Files\Common Files
    2008-11-05 00:18:30 ----SD---- C:\WINDOWS\Tasks
    2008-11-05 00:08:56 ----D---- C:\WINDOWS\Minidump
    2008-11-05 00:08:56 ----D---- C:\WINDOWS\Debug
    2008-11-04 23:45:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-04 23:43:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-11-04 17:50:23 ----D---- C:\WINDOWS\Help
    2008-10-29 09:52:19 ----D---- C:\Program Files\EA Games
    2008-10-29 09:42:07 ----RSD---- C:\WINDOWS\Fonts
    2008-10-26 21:12:56 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-26 21:09:26 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-26 21:07:40 ----D---- C:\WINDOWS\RegisteredPackages
    2008-10-23 09:10:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-18 17:48:16 ----A---- C:\WINDOWS\cdplayer.ini
    2008-10-17 09:52:52 ----D---- C:\Program Files\Combined Community Codec Pack

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-12-31 37376]
    R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-09-25 15424]
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-12-31 12032]
    R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-09-25 512096]
    R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-09-25 15781]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-12-31 88448]
    R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-12-31 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-12-31 55936]
    R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys []
    R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
    R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-12-31 60800]
    R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-11-16 25280]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
    R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-08-13 395840]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-12-31 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-17 6853088]
    R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
    R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764]
    R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
    R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
    R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-12-31 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-12-31 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-12-31 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-12-31 17024]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S2 npkcrypt;npkcrypt; \??\I:\Nexon\Mabinogi\npkcrypt.sys []
    S3 ahifhj1f;ahifhj1f; C:\WINDOWS\system32\drivers\ahifhj1f.sys []
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
    S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
    S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
    S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
    S3 npkcusb;npkcusb; \??\I:\Nexon\Mabinogi\npkcusb.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-12-31 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 BelkinAPMmonitor;BelkinAPMmonitor; C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE [2008-11-10 114688]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-09-25 549256]
    R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-07-03 131072]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-17 155716]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
    R3 BelkinAPMRMI;BelkinAPMRMI; C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE [2008-11-10 114688]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 BelkinAPMmanager;BelkinAPMmanager; C:\PROGRA~1\BELKIN~1\BE8806~1.EXE [2008-11-10 114688]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-12-31 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-27 654848]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
    S4 npkcmsvc;npkcmsvc; I:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
    S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

    EOF

    info.txt logfile of random's system information tool 1.04 2008-11-16 10:29:03

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3Dカスタム少女-->MsiExec.exe /X{311EBF70-9282-41D1-BAB0-AD22220301B9}
    7-Zip 4.52 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    abcAVI-->"C:\Program Files\abcAVI\unins000.exe"
    ACDSee Classic-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
    Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
    Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
    Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
    AoA Audio Extractor 1.0-->"C:\Program Files\AoA Audio Extractor\unins000.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Belkin Automatic Power Management Software-->"C:\Program Files\Belkin Automatic Power Management Software\UninstallerData\Uninstall.exe"
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
    Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
    Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
    Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
    CoreAVC Professional Edition (remove only)-->"C:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    Easy Duplicate Finder v. 2.1-->"C:\Program Files\Easy Duplicate Finder\unins000.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    FEAR Extraction Point-->C:\Program Files\InstallShield Installation Information\{909BBDB7-BABE-434C-9124-863A9F8D1CF8}\setup.exe -runfromtemp -l0x0009 -removeonly
    Flash Slideshow Maker Pro 4.85-->C:\Program Files\Flash Slideshow Maker Professional\uninst.exe
    Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    FreeRIP v3.081-->"C:\Program Files\FreeRIP3\unins000.exe"
    Futuremark SystemInfo-->C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
    Gordian Knot Rip Pack 0.35.0-->C:\Program Files\GordianKnot\uninst.exe
    Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    ILLUSION すくぅ~るメイト『写真撮影会』-->MsiExec.exe /X{A4A132BC-D64F-4B89-91F2-60DDF5199D55}
    ILLUSION すくぅ~るメイト-->MsiExec.exe /X{6746BEC6-EE67-4173-A2FF-D9A21D8FF27D}
    iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
    lolifox (0.3.6)-->C:\Program Files\lolifox\uninstall\helper.exe
    MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MatrixMixer (remove only)-->C:\Program Files\MatrixMixer\uninstall.exe
    MechWarrior 2-->C:\WINDOWS\uninst.exe -fC:\Mech2\DeIsL1.isu
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
    Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
    Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Pro Photo Tools-->MsiExec.exe /I{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}
    Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)-->MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
    mIRC-->"F:\Backup\mIRC\mirc.exe" -uninstall
    Morgan Stream Switcher-->"C:\Program Files\Morgan\mmswitch\uninst.exe"
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NETGEAR Wireless Adapter WG311T-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A49306CE-84C6-4024-BAD2-80FE34679069}\Setup.exe" -l0x9
    Nikon RAW Codec-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}\Setup.exe" -l0x9 -removeonly
    NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
    NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
    NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
    PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"
    Red Alert Windows 95-->C:\WINDOWS\RAUNINST.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\REDALERT\DeIsL1.isu
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Slab DSP - Virtuoso v1.0 (remove only)-->"C:\Program Files\Winamp\Plugins\Virtuoso\uninst.exe"
    SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
    UltraMon-->MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
    UltraVNC v1.0.2-->"C:\Program Files\UltraVNC\unins000.exe"
    Unreal Anthology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}\Setup.exe" -l0x9 -removeonly
    VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
    VU Meter for Winamp-->C:\Program Files\Winamp\Plugins\SXUNINST.EXE
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    x264vfw - H.264/MPEG-4 AVC codec (remove only)-->C:\WINDOWS\system32\x264vfw-uninstall.exe
    XnView 1.92.1-->"C:\Program Files\XnView\unins000.exe"
    XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
    YAMAHA Wave Sound Decorator-->MsiExec.exe /I{100E6299-4AA4-425E-9915-57B7011A908F}
    Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"
    らき☆すた デスクトップアクセサリー-->MsiExec.exe /I{7B689946-FC65-4DA3-9537-3FD23641905C}

    ======Security center information======

    AV: ESET NOD32 antivirus system 2.70

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0a00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    EOF
  • JChretienJChretien Vancouver, BC, Canada
    edited November 2008
    erasing double post
  • JChretienJChretien Vancouver, BC, Canada
    edited November 2008
    lol i think it doubleposted heh
  • VekaVeka Finland
    edited November 2008
    Much better now. :)

    Please print out these instructions or save them to your dekstop with Notepad, so that you can operate with all browser windows closed.

    Step 1:

    Run HijackThis and click on Do a system scan only.

    When the scan is complete, place a check next to the following entries:

    O2 - BHO: {02f17671-2d3f-a07a-77b4-1c52ca09ede7} - {7ede90ac-25c1-4b77-a70a-f3d217671f20} - C:\WINDOWS\system32\kdjiua.dll (file missing)
    O2 - BHO: (no name) - {D366F4E4-FD2F-4E5C-A97E-14A3944EFD6E} - C:\WINDOWS\system32\tuvUKBtr.dll (file missing)
    O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://dvrlink.net/webdvr/webdvr2.5.10.2_233.0.0.0.cab
    O20 - AppInit_DLLs: kdjiua.dll

    Now close all open windows/programs and click on Fix Checked.

    Step 2:

    Please download OTMoveIt3 by OldTimer and save it to your desktop.
    • Double-click OTMoveIt3.exe to run it.
    • Copy the lines in the codebox below.
      :Services
      ahifhj1f
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLS"=""
      
      :Files
      C:\WINDOWS\system32\svhyfgrk.ini
      C:\WINDOWS\system32\lzfidg.dll
      C:\WINDOWS\system32\cygeqdrf.dll
      C:\WINDOWS\system32\rtBKUvut.ini2
      C:\WINDOWS\system32\e79abd58-.txt
      C:\WINDOWS\system32\rtBKUvut.ini
      C:\WINDOWS\system32\drivers\ahifhj1f.sys
      C:\WINDOWS\system32\tuvUKBtr.dl
      C:\WINDOWS\system32\kdjiua.dll
      
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt3
    Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

    Reboot your computer at this stage.

    Step 3:

    Click on Start and then Run.

    Type Notepad C:\WINDOWS\wininit.ini and click OK.

    Notepad will open.

    Please copy & paste the whole contents of that file here.


    In your next reply, please include
    • Results of OTMoveIT3
    • The contents of Notepad (wininit.ini)
    • Fresh HijackThis log.
  • edited November 2008
    vekarppe,

    I came across this thread from a web search because I was having the same problem.

    I had to register for the forum just to thank you for your expertise. I was following along and kinda reverse engineering the things you outlined as most of the items on my computer were named differently. But I followed up to your last post and viola, the virus seems to be gone.

    I am interested to see what your response will be once the OP posts his winnt.ini file. I had an entry in it, I just commented it out until I see what your instructions were.

    The entry looked like:

    [Rename]
    NUL=C:\DOCUME~1\(my username)\LOCALS~1\Temp\VIES5E0B



    Again, thank you so much, there is no telling how many other people you may be helping that you aren't even aware of.
    :respect::rockon:
  • JChretienJChretien Vancouver, BC, Canada
    edited November 2008
    ========== SERVICES/DRIVERS ==========
    Unable to stop service ahifhj1f .
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
    ========== FILES ==========
    File/Folder C:\WINDOWS\system32\svhyfgrk.ini not found.
    File/Folder C:\WINDOWS\system32\lzfidg.dll not found.
    File/Folder C:\WINDOWS\system32\cygeqdrf.dll not found.
    File/Folder C:\WINDOWS\system32\rtBKUvut.ini2 not found.
    File/Folder C:\WINDOWS\system32\e79abd58-.txt not found.
    File/Folder C:\WINDOWS\system32\rtBKUvut.ini not found.
    File/Folder C:\WINDOWS\system32\drivers\ahifhj1f.sys not found.
    File/Folder C:\WINDOWS\system32\tuvUKBtr.dl not found.
    File/Folder C:\WINDOWS\system32\kdjiua.dll not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Chidori\LOCALS~1\Temp\etilqs_jGIibbJAtgfgBLij99S0 scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF1923.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF1928.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF3368.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF3390.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4f8.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\urlclassifier3.sqlite scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_003524

    Files moved on Reboot...
    File C:\DOCUME~1\Chidori\LOCALS~1\Temp\etilqs_jGIibbJAtgfgBLij99S0 not found!
    File C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF1923.tmp not found!
    File C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF1928.tmp not found!
    File C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF3368.tmp not found!
    File C:\DOCUME~1\Chidori\LOCALS~1\Temp\~DF3390.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_4f8.dat not found!
    C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Chidori\Local Settings\Application Data\Mozilla\Firefox\Profiles\1qczdj0s.des\urlclassifier3.sqlite moved successfully.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:43:29 AM, on 11/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Chidori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Chidori\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\overclocked.nsu"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chidori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

    --
    End of file - 5528 bytes


    wininit.ini


    [rename]
    c:\tempjunk3057.tmp=C:\WINDOWS\system32\fwufmqhf.dll_old
    nul=c:\tempjunk3057.tmp
  • VekaVeka Finland
    edited November 2008
    Hello mdot and welcome to Icrontic.

    Please note that instructions given under this topic are customised for JChretien's computer only. The tools used may cause damage if used on a computer with different infections. If you have any questions or requests, please start your own thread instead. :)
  • VekaVeka Finland
    edited November 2008
    Thank you JChretien. Your HijackThis log looks clean.

    Please do an additional scan with Kaspersky Online Scanner

    Note: Internet Explorer should be used
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
    • Click on My Computer under Scan and then put the kettle on!
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Copy and paste the report into your next reply.
  • JChretienJChretien Vancouver, BC, Canada
    edited November 2008

    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, November 17, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, November 17, 2008 03:50:44
    Records in database: 1389091

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    L:\
    M:\
    N:\
    P:\

    Scan statistics:
    Files scanned: 250603
    Threat name: 22
    Infected objects: 36
    Suspicious objects: 1
    Duration of the scan: 07:46:36


    File name / Threat name / Threats count
    C:\Program Files\UltraVNC\WinVNC.exe/C:\Program Files\UltraVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
    C:\Program Files\ESET\cache\FND0.NFI Infected: Trojan.Win32.Agent.amyt 1
    C:\Program Files\ESET\cache\FND1.NFI Infected: Trojan.Win32.Monderb.wqe 1
    C:\Program Files\ESET\infected\3KGQ3PDA.NQF Infected: Worm.Win32.Antinny.j 1
    C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
    C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
    C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
    C:\_OTMoveIt\MovedFiles\11172008_002646\WINDOWS\system32\cygeqdrf.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.etr 1
    C:\_OTMoveIt\MovedFiles\11172008_002646\WINDOWS\system32\lzfidg.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.etr 1
    D:\Download\Matrix3DSetup.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
    D:\Download\Matrix3DSetup.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    D:\Download\Matrix3DSetup.exe Infected: not-a-virus:AdWare.Win32.EZula.u 1
    D:\Download\Matrix3DSetup.exe Infected: not-a-virus:AdWare.Win32.WebRebates.g 1
    D:\Download\Matrix3DSetup.exe Infected: not-a-virus:AdWare.Win32.WebRebates.b 2
    D:\Download\Matrix3DSetup.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 1
    D:\FlyakiteOSXv2.0.exe Infected: not-a-virus:NetTool.Win32.PsKill.a 1
    E:\Backup\nov1105\desktop\NetTools4.zip Suspicious: Backdoor.Win32.VB.gen 1
    E:\Backup\nov1105\mIRC\BACKUP\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
    E:\Backup\nov1105\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
    E:\Backup\Tracer\Tracer\TracerScript.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.571 1
    E:\Backup\Tracer.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.571 1
    E:\blah\UPP\upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1
    E:\dap53.exe Infected: not-a-virus:AdWare.Win32.Dap.g 1
    E:\Matrix3DSetup.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    E:\mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
    E:\susetup1.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.40 1
    E:\UPP\upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1
    E:\upp.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1
    E:\vnc-3.3.3r9_x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1
    F:\Backup\mIRC\BACKUP\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
    F:\Backup\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
    H:\New Folder (2)\DrCorp\DrScriptv2w\DrScript.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
    I:\Count Zero CG Collections\Vol.37 Gekkan Ohno Kanako (Genshiken).rar Infected: Exploit.HTML.CodeBaseExec 1
    I:\Laptop Backup\Desktop\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2
    I:\Laptop Backup\Desktop\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1

    The selected area was scanned.
  • VekaVeka Finland
    edited November 2008
    How is your computer running atm? :)
  • JChretienJChretien Vancouver, BC, Canada
    edited November 2008
    It seems to be ok, but i havent had time to use it much the last couple of days. I'll let you know in a day or two?
  • VekaVeka Finland
    edited November 2008
    That's ok for me. :)
    • Double-click OTMoveIt3.exe to run it.
    • Copy the lines in the codebox below.
      :Files
      C:\WINDOWS\wininit.ini
      
    • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt3
    Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
  • JChretienJChretien Vancouver, BC, Canada
    edited November 2008
    ========== FILES ==========
    C:\WINDOWS\wininit.ini moved successfully.

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11202008_102926

    Everything seems to be running fine. No more funny firefox popups, security center doesnt automatically disable automatic updates, and NOD32 does not report any issues. Thanks so much for your help!
  • VekaVeka Finland
    edited November 2008
    You're welcome. :)

    There is one thing I'd like to point out at this point; although it's not my job to pass judgment on you. It appears from your logs that you're using cracked NOD32. Why so when there is plenty of free antivirus programs availabled? Why to steal from those who are trying to make computing more safe?

    Please run OTMoveIt3:
    • Click on the CleanUp! button. If your Firewall gives a warning about OTMoveIt wanting to download a file, allow it.
    • Answer Yes to the prompt.
    • The program will ask for a reboot. Answer Yes.
    Empty your Recycle Bin after this.


    Please take time to read my "All Clean" speech:


    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Clean up System Restore

    You can find instructions on how to disable and enable System Restore from these guides:

    Disable And Enable System Restore
    Windows XP System Restore Guide

    Make Your Internet Explorer More Secure

    This can be done by following these simple instructions:
    • From within Internet Explorer click on the tools menu and then click on Options
    • Click once on the "Security" tab
    • Click once on the "Internet" icon so it becomes highlighted
    • Click once on the Custom Level button.
      • Change the "Download signed ActiveX" controls to Prompt
      • Change the "Download unsigned ActiveX" controls to Disable
      • Change the "Initialize and script ActiveX controls" not marked as safe to Disable
      • Change the "Launching programs and files in an IFRAME" to Prompt
      • Change the "Navigate sub-frames across different domains" to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Note that Internet Explorer is not the most secure browser. There are safer (and better) alternatives available like Opera and Firefox.

    Keep Your System Up to date

    It is imperative that you keep your Windows, Antivirus, and other softwares up to date. Otherwise you are not protected against new threats and your system is vulnerable and unsafe. Update your Antivirus software at least once a week, and visit Microsoft Windows Update site regularly.

    Install SpywareBlaster

    SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

    Additional Utilities and Tips to Enhance Your Safety

    • MVPS Hosts file --- The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    • Comodo BOCLEAN --- Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
    • Winpatrol --- Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software
    Get more knowledge about how to protecet your computer and prevent malware issues by reading these short articles:

    Happy surfing! :)
  • VekaVeka Finland
    edited December 2008
    Glad we could be of assistance! The help you received here was free.

    This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
    _______________________________
    Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.
Sign In or Register to comment.