Havin Some Problems With My Computer

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Havin Some Problems With My Computer, explorer.exe keeps crashing when i try to shutdown

Options

Shaba View Member Profile	Aug 19 2008, 12:58 AM Post #2
Koutsi Group: HJT Team Coach Posts: 5,768 Joined: 8-July 06 From: Finland Member No.: 75,186	Hello and welcome to BC We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. Please see here for instructions how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please. Next Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. Please post back with HijackThis log and Kaspersky report. Regards -------------------- Microsoft MVP Consumer Security

qpnguyen View Member Profile	Aug 22 2008, 12:09 AM Post #3
Member Group: Members Posts: 32 Joined: 19-November 07 Member No.: 171,073	HIJACKTHIS LOG: QUOTE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:52:48 PM, on 8/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM') O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- End of file - 9140 bytes KASPER SCAN: QUOTE -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, August 22, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, August 22, 2008 04:49:37 Records in database: 1122783 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Files scanned: 100759 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 01:14:14 File name / Threat name / Threats count C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP85\A0021500.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1 The selected area was scanned.

farbar View Member Profile	Aug 22 2008, 10:57 PM Post #4
Bleeping Curious Group: HJT Team Posts: 7,099 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Hi, Welcome to Bleeping Computer HijackThis forum. I am going to assist you with your problem. Please give me some time to look it over and I will get back to you as soon as possible. Please refrain from any system changes (updating Windows, installing applications, etc.) by yourself from now on until we are finished with the cleaning. I'll inform when we are done with the fixes and your are clean. You might want to save this page on your favorites, so you can find it again when you return. -------------------- This is a voluntary free service. However, if you would like to donate click on

farbar View Member Profile	Aug 22 2008, 11:48 PM Post #5
Bleeping Curious Group: HJT Team Posts: 7,099 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Hi again, Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent and eMule). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology." It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." Removal Instructions Please empty all the content of uTorrent and eMule downloaded files and don't use the applications as long as we are not finished with the fixes. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint Media Player. Also remove the folder in bold: C:\Program Files\Viewpoint You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components: Click "start" and then "Control Panel" icon. Doubleclick the "Add or Remove Programs" icon A list of programs installed will be "populated" this may take a bit of time. Uninstall the following by clicking on the following entries and selecting "remove": J2SE Runtime Environment 5.0 Java™ 6 Update 6 Additional instructions can be found here if needed. Please download ATF Cleaner by Atribune & save it to your desktop. Double-click ATF-Cleaner.exe to run the program. Under Main "*Select Files to Delete" choose: Select All. Click the Empty Selected* button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator". You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can. Besides the paid antivirus programs there are also some free antivirus programs:: Antivir Avast Free AVG Free Bitdefender Free Install and update. Run a full/complete scan, let removed/quarantined what it finds and copy and paste the report to your reply. Please copy and paste a fresh Hijackthis log to your reply. -------------------- This is a voluntary free service. However, if you would like to donate click on

qpnguyen View Member Profile	Aug 24 2008, 01:09 PM Post #6
Member Group: Members Posts: 32 Joined: 19-November 07 Member No.: 171,073	HIjackthis log: QUOTE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:07:51 PM, on 8/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\SpeedFan\speedfan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKUS\S-1-5-21-1012877476-3308353955-2259861281-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cuong Nguyen') O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM') O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- End of file - 10150 bytes i can't post the log for AVG antivirus, attachments wont let me upload it: " Upload failed. You are not permitted to upload this type of file"

farbar View Member Profile	Aug 24 2008, 02:20 PM Post #7
Bleeping Curious Group: HJT Team Posts: 7,099 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present): O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. Apply ATF cleaner once more for both Internet Explorer and Firefox. Please download Malwarebytes' Anti-Malware from MajorGeeks Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. In your next reply: The log of MBAM. A fresh Hijackthis log. -------------------- This is a voluntary free service. However, if you would like to donate click on

qpnguyen View Member Profile	Aug 25 2008, 07:50 PM Post #8
Member Group: Members Posts: 32 Joined: 19-November 07 Member No.: 171,073	MAlwarebyte's log: QUOTE Malwarebytes' Anti-Malware 1.25 Database version: 1087 Windows 5.1.2600 Service Pack 2 8:47:55 PM 8/25/2008 mbam-log-08-25-2008 (20-47-55).txt Scan type: Quick Scan Objects scanned: 41909 Time elapsed: 3 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a22b8fd2-4caa-4efb-82f7-680cd656d9b0} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{a22b8fd2-4caa-4efb-82f7-680cd656d9b0} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{2a25850a-737c-4405-93ca-bdc750496679} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b7181716-6892-4fde-beac-3a556314041e} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f83b7562-18a5-4562-8836-0173ebf533ca} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downupdater.exe (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.2 (Adware.CWS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DownUpdater.exe (Adware.CWS) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Downloaded Program Files\GNowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully. C:\WINDOWS\DownUpdater.exe (Adware.CWS) -> Quarantined and deleted successfully. C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully. ---------------- HIjackthis log: QUOTE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:50:12 PM, on 8/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-21-1012877476-3308353955-2259861281-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cuong Nguyen') O4 - S-1-5-21-1012877476-3308353955-2259861281-1007 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Cuong Nguyen') O4 - S-1-5-21-1012877476-3308353955-2259861281-1007 User Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Cuong Nguyen') O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- End of file - 9947 bytes

farbar View Member Profile	Aug 26 2008, 01:34 PM Post #9
Bleeping Curious Group: HJT Team Posts: 7,099 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Please copy and paste the content of AVG log to your reply. You don't need to attach the log. Apply ATF Cleaner once more. Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. Download Deckard's Association File Tool daft.exe and save it to your desktop. Double click on it and click Run. Click on the Scan button. If it finds faulty file associations, they will appear in red beside a checkbox Click Save Log and save daft.txt Copy and paste the content of daft.txt to your reply. Then place a checkmark (tick) in the boxes in question. Click the Fix button. Please copy and paste a fresh Hijackthis log to your reply and tell me how the computer is running. In your next reply: The scan results of AVG 8. The Kaspersky scan. A fresh Hijackthis log. Tell me how the computer is running. -------------------- This is a voluntary free service. However, if you would like to donate click on

qpnguyen View Member Profile	Aug 27 2008, 03:31 PM Post #10
Member Group: Members Posts: 32 Joined: 19-November 07 Member No.: 171,073	AVg results: QUOTE "Scan ""Scan whole computer"" was finished." "Infections found:";"12" "Infected objects removed or healed:";"12" "Not removed or healed:";"0" "Spyware found:";"0" "Spyware removed:";"0" "Not removed:";"0" "Warnings count:";"0" "Information count:";"0" "Scan started:";"Sunday, August 24, 2008, 1:22:09 PM" "Scan finished:";"Sunday, August 24, 2008, 2:03:46 PM (41 minute(s) 37 second(s))" "Total object scanned:";"450077" "User who launched the scan:";"Quoc Nguyen" "Infections" "File";"Infection";"Result" "F:\Applications\Apollo_No1_DVD_Ripper_7.2.6_www.softarchive.net.rar:\keygen.exe";"Virus found Win32/CryptExe";"Deleted" "F:\Applications\Apollo_No1_DVD_Ripper_7.2.6_www.softarchive.net.rar";"Virus found Win32/CryptExe";"Deleted" "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP99\A0025318.exe";"Trojan horse Generic5.HEW";"Moved to Virus Vault" "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP82\A0020352.exe";"Trojan horse Generic10.ABPB";"Moved to Virus Vault" "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP77\A0016260.exe";"Trojan horse BackDoor.Generic9.SCU";"Moved to Virus Vault" "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP77\A0016133.exe";"Virus found Win32/CryptExe";"Moved to Virus Vault" "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP146\A0036983.exe";"Trojan horse Clicker.OXE";"Moved to Virus Vault" "C:\Program Files\WinRAR\WinRAR.exe";"Trojan horse Clicker.OXE";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\WebcamMaxv4[1].2.1.4-patch.rar:\WebcamMaxv4.2.1.4-patch.exe";"Virus identified Win32/Delf.2.K";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\WebcamMaxv4[1].2.1.4-patch.rar";"Virus identified Win32/Delf.2.K";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\magiciso 5.5.259.rar:\patch.exe";"Trojan horse BackDoor.Generic9.SCU";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\magiciso 5.5.259.rar";"Trojan horse BackDoor.Generic9.SCU";"Moved to Virus Vault" "Warnings" "File";"Infection";"Result" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.f2c8d936";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.e0ebdba8";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.dc501518";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.d0ddedf8";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.ae85bc51";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.9720f220";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.85ff269a";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.7b77be84";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.781ea4c2";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.5bc05ef6";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.5359093f";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.3f84b34d";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.73228263";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.484dbb69";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.ebd2f9d9";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.daff51cb";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.a5d5c7aa";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.87e31e2e";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.73baf294";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.71faa69c";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.71b82370";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.69091047";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.62c3f44e";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.5e709ba4";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.46966b5f";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.2ba8dd8c";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.2a1738fe";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.1ebb0bd";"Found Tracking cookie.Statcounter";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\adrenaline.cz.e8b8beb6";"Found Tracking cookie.Adrenaline";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.e759e8e0";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.d2aa96c8";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.ae6e14c4";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.39bc6776";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.23a940be";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.1a6a6c0d";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt";"Found Tracking cookie.2o7";"Healed" ------------------------------- KAspersky: QUOTE -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, August 27, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, August 27, 2008 19:20:32 Records in database: 1151835 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Files scanned: 99763 Threat name: 2 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 01:33:33 File name / Threat name / Threats count C:\Program Files\WinRAR\WinRAR.exe Infected: Backdoor.Win32.Ceckno.cup 1 C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP152\A0037828.exe Infected: Backdoor.Win32.Ceckno.cup 1 C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP85\A0021500.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1 The selected area was scanned. --------------------------- Daft: QUOTE DAFT Log saved on 2008-08-27 16:28:52 ----------------------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -------------------- Hijackthis: QUOTE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:29:57 PM, on 8/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM\aim.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- End of file - 8600 bytes -------------- my computer stills run the same. programs are kinda slow, freeze and my fans are running ridiculously loud.

farbar View Member Profile	Aug 27 2008, 05:00 PM Post #11
Bleeping Curious Group: HJT Team Posts: 7,099 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	A deeper look into your log shows the traces of one or more backdoor trojans. A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though some of the trojans might have been removed, because of their backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can still try to search and if found clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to go on with checking and removing the infection please move on to the following steps. Removal Instructions Please empty AVG 8 quarantine/Virus Vault folder. If you can not find the following file make sure that you can view all hidden files make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Click on this link--> virustotal Click the browse button and navigate to the file below in bold, then click Send File. C:\Program Files\WinRAR\WinRAR.exe Please copy and paste the results of the scan in your next post. Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Scan with DrWeb-CureIt as follows: Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear. Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes* button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings Choose the "Scan tab" and UNcheck "Heuristic analysis" Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen). Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start. When done, a message will be displayed at the bottom advising if any viruses were found. Click "Yes to all" if it asks if you want to cure/move the file. When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable". (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured) Next, in the Dr.Web CureIt menu on top, click file and choose save report list. Save the DrWeb.csv report to your desktop. Exit Dr.Web Cureit when done. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report) Please download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's account* or an account with "Administrative rights"* Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next reply. Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) In your next reply: The scan results of Virustotal. The DrWeb log. SDfix log. Both the RSIT logs. This post has been edited by farbar: Aug 29 2008, 05:50 PM -------------------- This is a voluntary free service. However, if you would like to donate click on

qpnguyen View Member Profile	Aug 31 2008, 01:03 AM Post #12
Member Group: Members Posts: 32 Joined: 19-November 07 Member No.: 171,073	Virustotal: QUOTE MD5: 8dcbc42ece24447ae0aaf09ca2d069ec First received: 08.27.2008 00:31:33 (CET) Date: 08.28.2008 18:17:40 (CET) [>2D] Results: 1/35 Permalink: analisis/f92323774dcfefd9e3078ce35afec10d ------------------------ Drweb: QUOTE SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Quoc Nguyen\Desktop\SDFix.exe;Tool.Prockill;; SDFix.exe;C:\Documents and Settings\Quoc Nguyen\Desktop;Archive contains infected objects;Moved.; 8F2ABEC4d01\SDFix\apps\Process.exe;C:\Documents and Settings\Quoc Nguyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\Cache\8F2ABEC4d;Tool.Prockill;; 8F2ABEC4d01;C:\Documents and Settings\Quoc Nguyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\Cache;Archive contains infected objects;Moved.; data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data007;Adware.Yassist.21;; data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Archive contains infected objects;; data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data016;Adware.Yassist.origin;; data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Archive contains infected objects;; data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data045\data002;Adware.Cdn;; data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data045\data002;Adware.Cdn;; data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data045;Archive contains infected objects;; data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Archive contains infected objects;; data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Adware.Cdn;; data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe;Archive contains infected objects;; A0033060.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108;Archive contains infected objects;Moved.; data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data007;Adware.Yassist.21;; data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Archive contains infected objects;; data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data016;Adware.Yassist.origin;; data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Archive contains infected objects;; data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data045\data002;Adware.Cdn;; data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data045\data002;Adware.Cdn;; data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data045;Archive contains infected objects;; data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Archive contains infected objects;; data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Adware.Cdn;; data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe;Archive contains infected objects;; A0011459.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59;Archive contains infected objects;Moved.; data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data007;Adware.Yassist.21;; data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Archive contains infected objects;; data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data016;Adware.Yassist.origin;; data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Archive contains infected objects;; data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data045\data002;Adware.Cdn;; data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data045\data002;Adware.Cdn;; data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data045;Archive contains infected objects;; data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Archive contains infected objects;; data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Adware.Cdn;; data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe;Archive contains infected objects;; A0015090.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65;Archive contains infected objects;Moved.; data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data007;Adware.Yassist.21;; data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Archive contains infected objects;; data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data016;Adware.Yassist.origin;; data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Archive contains infected objects;; data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data045\data002;Adware.Cdn;; data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data045\data002;Adware.Cdn;; data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data045;Archive contains infected objects;; data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Archive contains infected objects;; data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Adware.Cdn;; data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe;Archive contains infected objects;; A0017677.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79;Archive contains infected objects;Moved.; ------------------------- SDfix: QUOTE SDFix: Version 1.220 Run by Quoc Nguyen on Sun 08/31/2008 at 01:41 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 01:49:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:f8,5c,7b,12,c8,a9,69,53,ce,b9,00,f5,ca,40,22,b7,f9,ff,ee,fd,cc,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:1c,35,10,4b,61,0a,19,34,aa,34,b7,5a,7d,ff,01,5e,a8,43,10,d4,58,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:f8,5c,7b,12,c8,a9,69,53,ce,b9,00,f5,ca,40,22,b7,f9,ff,ee,fd,cc,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:1c,35,10,4b,61,0a,19,34,aa,34,b7,5a,7d,ff,01,5e,a8,43,10,d4,58,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe::Enabled:AOL Instant Messenger" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe::Enabled:Veoh Client" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:æTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe"="C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe::Enabled:GOGOBOX????Daemon" "C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"="C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe::Enabled:gogobox???????" "C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe::Enabled:PaltalkScene" "C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe::Enabled:hl2" "C:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe"="C:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe::Enabled:TubeHunter Ultra" "C:\\WINDOWS\\system32\\fscagent.exe"="C:\\WINDOWS\\system32\\fscagent.exe::Enabled:???? ???? ??" "C:\\WINDOWS\\system32\\clubbox.exe"="C:\\WINDOWS\\system32\\clubbox.exe::Enabled:†ªú'1£«§ ‘„…‹…¬– ø,r…£" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe::Enabled:eMule" "C:\\Program Files\\GridService\\peer.exe"="C:\\Program Files\\GridService\\peer.exe::Enabled:muse peer" "C:\\Program Files\\SuperTV\\supernettv.exe"="C:\\Program Files\\SuperTV\\supernettv.exe::Enabled:supernettv" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe::Enabled:Firefox" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe::Enabled:Internet Explorer" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe::Enabled:avgemc.exe" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe::Enabled:avgupd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Tue 29 Jul 2008 4,840,736 A..H. --- "C:\Documents and Settings\Quoc Nguyen\Desktop\KellyBrook_Cal_2008.zip" Tue 29 Jul 2008 22,539,412 A..H. --- "C:\Documents and Settings\Quoc Nguyen\Desktop\PbGWG_2008.zip" Fri 14 Sep 2007 1,323,008 A..H. --- "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015091.exe" Tue 19 Jun 2007 50,688 A..H. --- "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015092.exe" Sat 14 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 29 Jul 2008 79,226,396 A..H. --- "C:\Documents and Settings\Quoc Nguyen\Desktop\Sofia Webber\10336_Sofia_Webber.zip" Finished! -------------------------- Rsit logs: INfo QUOTE info.txt logfile of random's system information tool 2008-08-31 01:59:27 Uninstall list -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Agere Systems PCI Soft Modem-->agrsmdel AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7e41 ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E} ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe" AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Counter-Strike: Source-->C:\Program Files\Counter-Strike Source\Uninst.exe DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule-->"C:\Program Files\eMule\Uninstall.exe" File Splitter and Joiner (FFSJ v3.3)-->"C:\WINDOWS\unins000.exe" High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Intel® PRO Network Adapters and Drivers-->Prounstl.exe InterVideo WinDVD for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} K-Lite Codec Pack 4.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876} Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG MagicDisc 2.7.97-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Megaupload Toolbar-->C:\Program Files\MegauploadToolbar\uninstall.exe Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} middle_man-->"C:\PROGRA~1\AIM\UninstallMM.exe" Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe OpenMG Limited Patch 4.1-05-13-31-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u OpenMG Secure Module 4.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe" Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins001.exe" /Log Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe" Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe" Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL VAIO Media Integrated Server 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly VAIO Media Redistribution 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL VAIO Structure Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E715FA41-46EB-4D3F-B4D9-A45973E76026}\setup.exe" -l0x9 VeohProxy-->C:\Program Files\VeohProxy\uninstall.exe VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xilisoft iPod Rip-->C:\Program Files\Xilisoft\iPod Rip\Uninstall.exe Hosts File 127.0.0.1 localhost Security center information AV: AVG Anti-Virus Free Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip -----------------EOF----------------- Log: QUOTE Logfile of random's system information tool (written by random/random) Run by Quoc Nguyen at 2008-08-31 01:59:14 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 35 GB (6%) free of 604 GB Total RAM: 1023 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:59:24 AM, on 8/31/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Quoc Nguyen\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Quoc Nguyen.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- End of file - 8233 bytes Scheduled tasks folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-13 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2008-08-04 1947080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-15 352256] {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2008-08-04 1947080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-04-13 88363] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-10 344064] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-02 77824] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-11-29 2748928] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-08 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-08 126976] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2007-10-04 307200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe [2004-07-16 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk] C:\PROGRA~1\PALTAL~1\paltalk.exe [2008-05-08 10452992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^MagicDisc.lnk] C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-05-27 547840] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2005-02-08 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe::Enabled:AOL Instant Messenger" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe::Enabled:Veoh Client" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\NextLink\GOGOBOX\gfscagent.exe"="C:\Program Files\NextLink\GOGOBOX\gfscagent.exe::Enabled:GOGOBOX????Daemon" "C:\Program Files\NextLink\GOGOBOX\gogobox.exe"="C:\Program Files\NextLink\GOGOBOX\gogobox.exe::Enabled:gogobox???????" "C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe::Enabled:PaltalkScene" "C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe::Enabled:hl2" "C:\Program Files\Neoretix\TubeHunter Ultra\TubeHunter.exe"="C:\Program Files\Neoretix\TubeHunter Ultra\TubeHunter.exe::Enabled:TubeHunter Ultra" "C:\WINDOWS\system32\fscagent.exe"="C:\WINDOWS\system32\fscagent.exe::Enabled:???? ???? ??" "C:\WINDOWS\system32\clubbox.exe"="C:\WINDOWS\system32\clubbox.exe::Enabled:å¬·´¹ú½º æäàïàü¼û °ü¸®àú" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe::Enabled:eMule" "C:\Program Files\GridService\peer.exe"="C:\Program Files\GridService\peer.exe::Enabled:muse peer" "C:\Program Files\SuperTV\supernettv.exe"="C:\Program Files\SuperTV\supernettv.exe::Enabled:supernettv" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe::Enabled:Internet Explorer" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe::Enabled:avgemc.exe" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" List of files/folders created in the last three months 2008-08-31 01:59:14 ----D---- C:\rsit 2008-08-31 01:37:31 ----D---- C:\WINDOWS\ERUNT 2008-08-31 01:33:29 ----D---- C:\SDFix 2008-08-30 21:30:27 ----A---- C:\WINDOWS\ntbtlog.txt 2008-08-27 13:40:02 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload 2008-08-27 13:40:01 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\EmailNotifier 2008-08-27 13:39:59 ----D---- C:\Program Files\MegauploadToolbar 2008-08-27 13:39:59 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\MegauploadToolbar 2008-08-27 13:34:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2008-08-25 21:29:34 ----D---- C:\WINDOWS\SxsCaPendDel 2008-08-25 20:42:29 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Malwarebytes 2008-08-25 20:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-25 20:42:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-24 16:07:59 ----A---- C:\WINDOWS\system32\lvci11801048.dll 2008-08-24 16:06:58 ----D---- C:\Program Files\Logitech 2008-08-24 13:25:04 ----HD---- C:\$AVG8.VAULT$ 2008-08-24 13:18:17 ----D---- C:\Program Files\AVG 2008-08-24 13:18:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-08-21 22:52:37 ----D---- C:\Program Files\Trend Micro 2008-08-19 13:08:18 ----D---- C:\Program Files\iPod 2008-08-18 12:04:02 ----D---- C:\Program Files\VeohProxy 2008-08-15 00:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-15 00:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-15 00:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-15 00:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-15 00:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-15 00:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-15 00:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-07 15:40:43 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\AccurateRip 2008-08-07 15:40:43 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe 2008-08-07 15:40:41 ----D---- C:\Program Files\Illustrate 2008-08-07 01:42:59 ----A---- C:\WINDOWS\avisplitter.INI 2008-08-06 17:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-06 13:25:35 ----D---- C:\WINDOWS\ERDNT 2008-08-06 13:25:27 ----D---- C:\Deckard 2008-08-05 23:45:23 ----D---- C:\Program Files\Common Files\Macrovision Shared 2008-08-05 23:45:11 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone 2008-08-03 22:14:23 ----A---- C:\WINDOWS\system32\unrar.dll 2008-08-03 22:14:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2008-08-03 22:14:19 ----A---- C:\WINDOWS\system32\xvidcore.dll 2008-08-03 22:14:18 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2008-08-03 22:14:18 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-08-03 22:14:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2008-08-03 22:14:16 ----D---- C:\Program Files\K-Lite Codec Pack 2008-08-03 00:53:19 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Nokia 2008-08-03 00:52:56 ----D---- C:\Nokia 2008-08-01 19:04:33 ----A---- C:\WINDOWS\system32\javaws.exe 2008-08-01 19:04:33 ----A---- C:\WINDOWS\system32\javaw.exe 2008-08-01 19:04:33 ----A---- C:\WINDOWS\system32\java.exe 2008-07-31 02:07:45 ----D---- C:\WINDOWS\system32\FFSJ 2008-07-31 02:07:45 ----A---- C:\WINDOWS\unins000.exe 2008-07-30 20:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier 2008-07-29 15:22:44 ----D---- C:\Program Files\NewsLeecher 2008-07-29 14:41:18 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\NewsLeecher 2008-07-28 23:29:40 ----A---- C:\WINDOWS\Powerplayer.ini 2008-07-28 23:27:41 ----A---- C:\WINDOWS\psnetwork.ini 2008-07-28 23:27:39 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\ppStream 2008-07-28 23:27:35 ----D---- C:\Program Files\SuperTV 2008-07-28 12:22:07 ----D---- C:\Program Files\SpeedFan 2008-07-27 20:51:31 ----D---- C:\Program Files\The Rosetta Stone 2008-07-25 23:37:43 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Atari 2008-07-25 23:32:04 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Leadertech 2008-07-20 16:43:33 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Google 2008-07-18 05:20:32 ----RA---- C:\WINDOWS\system32\clubbox.exe 2008-07-15 17:16:51 ----D---- C:\Program Files\Audacity 2008-07-13 18:07:24 ----D---- C:\Program Files\Alcohol Soft 2008-07-13 17:41:40 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\DAEMON Tools Pro 2008-07-13 17:40:57 ----D---- C:\Program Files\DAEMON Tools Pro 2008-07-11 22:18:09 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\GetRightToGo 2008-07-09 09:39:06 ----D---- C:\Program Files\IObit 2008-07-09 02:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-07-09 02:09:28 ----D---- C:\Program Files\PCPitstop 2008-07-09 00:49:50 ----D---- C:\Documents and Settings\All Users\Application Data\Grid 2008-07-08 03:05:24 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\InstallShield 2008-07-07 14:34:57 ----A---- C:\WINDOWS\system32\STKIT432.DLL 2008-07-07 14:34:53 ----D---- C:\Program Files\Registry Mechanic 2008-07-06 21:31:17 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\vlc 2008-07-06 01:49:04 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\SuperNZB 2008-07-04 23:59:36 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\InterVideo 2008-07-04 19:17:37 ----D---- C:\Program Files\Total Video Converter 2008-07-03 20:13:33 ----D---- C:\Program Files\MagicDisc 2008-07-03 20:09:25 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2008-07-03 20:09:14 ----D---- C:\Program Files\MagicISO 2008-07-02 22:24:51 ----A---- C:\WINDOWS\#1 DVD Ripper.INI 2008-06-30 20:57:13 ----D---- C:\Program Files\SystemRequirementsLab 2008-06-24 01:27:23 ----D---- C:\Program Files\Download Direct 2008-06-23 21:38:19 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\DivX 2008-06-23 15:19:13 ----D---- C:\Program Files\DivX 2008-06-22 21:20:28 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Move Networks 2008-06-22 14:51:32 ----D---- C:\WINDOWS\system32\crc 2008-06-22 03:28:35 ----A---- C:\WINDOWS\system32\fscflist.ini.tmp 2008-06-22 03:28:28 ----A---- C:\WINDOWS\system32\nod.dll 2008-06-22 03:28:00 ----A---- C:\WINDOWS\system32\fscflist.ini 2008-06-22 03:28:00 ----A---- C:\WINDOWS\system32\fscagent.ini.tmp 2008-06-22 03:27:59 ----A---- C:\WINDOWS\system32\fscagent.ini 2008-06-21 02:08:32 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\dvdcss 2008-06-20 15:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-06-17 12:17:50 ----D---- C:\Program Files\Counter-Strike Source 2008-06-15 21:34:06 ----D---- C:\Program Files\Xilisoft 2008-06-15 21:00:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-06-15 21:00:37 ----D---- C:\Program Files\Common Files\Adobe 2008-06-15 08:09:04 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Help 2008-06-15 05:22:49 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\AdobeUM 2008-06-15 02:26:44 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Nexon 2008-06-15 02:24:59 ----D---- C:\Program Files\Common Files\INCA Shared 2008-06-14 23:49:05 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Paltalk 2008-06-14 23:49:01 ----D---- C:\WINDOWS\PaltalkScene 2008-06-14 23:49:01 ----D---- C:\Program Files\Paltalk Messenger 2008-06-14 23:48:38 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt 2008-06-14 23:45:08 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2008-06-14 23:44:57 ----A---- C:\WINDOWS\system32\LVUI2RC.dll 2008-06-14 23:44:57 ----A---- C:\WINDOWS\system32\LVUI2.dll 2008-06-14 23:44:57 ----A---- C:\WINDOWS\system32\lvcodec2.dll 2008-06-14 23:44:15 ----A---- C:\WINDOWS\system32\lvcoinst.ini 2008-06-14 23:44:15 ----A---- C:\WINDOWS\system32\lvci1150.dll 2008-06-14 23:42:09 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd 2008-06-14 23:42:03 ----D---- C:\Program Files\Common Files\LogiShrd 2008-06-14 23:42:01 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech 2008-06-14 23:12:35 ----D---- C:\Program Files\Apple Software Update 2008-06-14 20:40:01 ----D---- C:\Program Files\GetData 2008-06-14 16:50:59 ----D---- C:\Logs 2008-06-14 15:38:51 ----D---- C:\Program Files\Common Files\Blizzard Entertainment 2008-06-14 15:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2008-06-14 15:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2008-06-14 15:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$ 2008-06-14 15:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$ 2008-06-14 15:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$ 2008-06-14 14:11:55 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\FFSJ 2008-06-14 11:04:28 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-14 10:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$ 2008-06-14 10:46:11 ----N---- C:\WINDOWS\system32\spmsg.dll 2008-06-14 10:46:07 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2008-06-14 10:45:53 ----D---- C:\Program Files\Windows Media Connect 2 2008-06-14 10:45:45 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2008-06-14 10:45:20 ----D---- C:\0705733c325efe18c8fcbe233ad79f6e 2008-06-14 10:45:03 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2008-06-14 10:44:39 ----D---- C:\9d3f053b841646cb95fedc4b6370 2008-06-14 10:44:27 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2008-06-14 10:43:55 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-06-13 23:17:53 ----D---- C:\Program Files\Common Files\xing shared 2008-06-13 23:17:31 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2008-06-13 23:17:08 ----A---- C:\WINDOWS\system32\pndx5032.dll 2008-06-13 23:17:08 ----A---- C:\WINDOWS\system32\pndx5016.dll 2008-06-13 23:17:04 ----A---- C:\WINDOWS\system32\pncrt.dll 2008-06-13 23:16:56 ----D---- C:\Program Files\Common Files\Real 2008-06-13 23:16:46 ----D---- C:\Program Files\Real 2008-06-13 23:15:29 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Real 2008-06-13 23:13:33 ----D---- C:\Program Files\RealPlayer v 11 0 0 372 Plus 2008-06-13 22:51:02 ----D---- C:\Program Files\NextLink 2008-06-13 20:13:07 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Macromedia 2008-06-13 20:11:24 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Sony Corporation 2008-06-13 20:11:02 ----SD---- C:\Documents and Settings\Quoc Nguyen\Application Data\Microsoft 2008-06-13 20:11:02 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Identities 2008-06-13 20:11:02 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Adobe 2008-06-13 20:11:02 ----ASH---- C:\Documents and Settings\Quoc Nguyen\Application Data\desktop.ini 2008-06-13 18:48:15 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Auslogics 2008-06-13 18:48:09 ----D---- C:\Program Files\Auslogics 2008-06-13 18:40:36 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Apple Computer 2008-06-13 18:40:23 ----D---- C:\Program Files\iTunes 2008-06-13 18:39:49 ----D---- C:\Program Files\QuickTime 2008-06-13 18:39:48 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-13 18:39:31 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-06-13 18:39:10 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-13 18:33:01 ----D---- C:\WINDOWS\Sun 2008-06-13 18:33:01 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Sun 2008-06-13 18:18:20 ----D---- C:\WINDOWS\system32\LogFiles 2008-06-13 18:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$ 2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\msir3jp.dll 2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\korwbrkr.dll 2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\chtbrkr.dll 2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\chsbrkr.dll 2008-06-13 18:01:46 ----A---- C:\WINDOWS\system32\kbd101a.dll 2008-06-13 18:01:46 ----A---- C:\WINDOWS\system32\c_g18030.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdnecNT.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdnecAT.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdnec95.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdlk41j.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdlk41a.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdibm02.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbd106n.dll 2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\f3ahvoas.dll 2008-06-13 18:01:43 ----A---- C:\WINDOWS\system32\kbdax2.dll 2008-06-13 18:01:43 ----A---- C:\WINDOWS\system32\kbd101.dll 2008-06-13 18:01:39 ----A---- C:\WINDOWS\system32\c_is2022.dll 2008-06-13 18:01:38 ----A---- C:\WINDOWS\system32\uniime.dll 2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\kbdkor.dll 2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\kbdjpn.dll 2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\kbd106.dll 2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\imjp81k.dll 2008-06-13 18:01:33 ----A---- C:\WINDOWS\system32\kbd103.dll 2008-06-13 18:01:33 ----A---- C:\WINDOWS\system32\kbd101c.dll 2008-06-13 18:01:31 ----A---- C:\WINDOWS\system32\kbd101b.dll 2008-06-13 18:01:30 ----A---- C:\WINDOWS\system32\Thawbrkr.dll 2008-06-13 18:01:30 ----A---- C:\WINDOWS\system32\kbdusa.dll 2008-06-13 18:01:30 ----A---- C:\WINDOWS\system32\c_iscii.dll 2008-06-13 18:01:28 ----A---- C:\WINDOWS\system32\ftlx041e.dll 2008-06-13 17:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$ 2008-06-13 17:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$ 2008-06-13 17:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$ 2008-06-13 17:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$ 2008-06-13 17:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$ 2008-06-13 17:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$ 2008-06-13 17:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$ 2008-06-13 17:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$ 2008-06-13 17:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$ 2008-06-13 17:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$ 2008-06-13 17:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$ 2008-06-13 17:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$ 2008-06-13 17:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$ 2008-06-13 17:50:37 ----D---- C:\WINDOWS\ie7updates 2008-06-13 17:50:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-13 17:50:18 ----D---- C:\WINDOWS\WBEM 2008-06-13 17:50:17 ----D---- C:\WINDOWS\system32\en-US 2008-06-13 17:49:22 ----HDC---- C:\WINDOWS\ie7 2008-06-13 17:49:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2008-06-13 17:48:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2008-06-13 17:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$ 2008-06-13 17:48:37 ----N---- C:\WINDOWS\system32\xmllite.dll 2008-06-13 17:47:57 ----A---- C:\WINDOWS\system32\MRT.exe 2008-06-13 17:47:54 ----D---- C:\WINDOWS\network diagnostic 2008-06-13 17:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$ 2008-06-13 17:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$ 2008-06-13 17:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$ 2008-06-13 17:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$ 2008-06-13 17:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$ 2008-06-13 17:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$ 2008-06-13 17:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$ 2008-06-13 17:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$ 2008-06-13 17:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$ 2008-06-13 17:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$ 2008-06-13 17:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$ 2008-06-13 17:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$ 2008-06-13 17:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$ 2008-06-13 17:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$ 2008-06-13 17:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$ 2008-06-13 17:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$ 2008-06-13 17:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$ 2008-06-13 17:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$ 2008-06-13 17:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$ 2008-06-13 17:44:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-06-13 17:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$ 2008-06-13 17:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$ 2008-06-13 17:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$ 2008-06-13 17:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$ 2008-06-13 17:44:02 ----D---- C:\Program Files\uTorrent 2008-06-13 17:44:00 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\uTorrent 2008-06-13 17:43:58 ----D---- C:\Program Files\eMule 2008-06-13 17:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$ 2008-06-13 17:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$ 2008-06-13 17:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$ 2008-06-13 17:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$ 2008-06-13 17:43:21 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$ 2008-06-13 17:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$ 2008-06-13 17:43:13 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$ 2008-06-13 17:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$ 2008-06-13 17:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$ 2008-06-13 17:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$ 2008-06-13 17:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$ 2008-06-13 17:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$ 2008-06-13 17:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2008-06-13 17:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$ 2008-06-13 17:42:24 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$ 2008-06-13 17:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-06-13 17:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$ 2008-06-13 17:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$ 2008-06-13 17:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$ 2008-06-13 17:41:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$ 2008-06-13 17:41:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$ 2008-06-13 17:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$ 2008-06-13 17:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$ 2008-06-13 17:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$ 2008-06-13 17:41:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$ 2008-06-13 17:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2008-06-13 17:41:13 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$ 2008-06-13 17:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$ 2008-06-13 17:41:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$ 2008-06-13 17:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$ 2008-06-13 17:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$ 2008-06-13 17:40:53 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$ 2008-06-13 17:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$ 2008-06-13 17:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$ 2008-06-13 17:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$ 2008-06-13 17:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$ 2008-06-13 17:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-06-13 17:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$ 2008-06-13 17:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$ 2008-06-13 17:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$ 2008-06-13 17:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2008-06-13 17:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$ 2008-06-13 17:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$ 2008-06-13 17:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$ 2008-06-13 17:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$ 2008-06-13 17:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$ 2008-06-13 17:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$ 2008-06-13 17:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$ 2008-06-13 17:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$ 2008-06-13 17:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$ 2008-06-13 17:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2008-06-13 17:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$ 2008-06-13 17:36:55 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\ATI 2008-06-13 17:36:55 ----D---- C:\Documents and Settings\All Users\Application Data\ATI 2008-06-13 17:28:29 ----D---- C:\Program Files\Veoh Networks 2008-06-13 17:26:16 ----D---- C:\WINDOWS\Downloaded Installations 2008-06-13 17:24:58 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Aim 2008-06-13 17:24:49 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-06-13 17:23:51 ----N---- C:\WINDOWS\system32\tzchange.exe 2008-06-13 17:23:08 ----D---- C:\Program Files\middle_man 2008-06-13 17:22:29 ----D---- C:\Program Files\AOD 2008-06-13 17:22:27 ----D---- C:\Program Files\AIM 2008-06-13 17:15:38 ----D---- C:\Program Files\VideoLAN 2008-06-13 17:13:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2008-06-13 17:12:46 ----D---- C:\WINDOWS\system32\PreInstall 2008-06-13 17:12:46 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2008-06-13 17:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2008-06-13 17:09:27 ----N---- C:\WINDOWS\system32\pxsfs.dll 2008-06-13 17:09:27 ----N---- C:\WINDOWS\system32\pxafs.dll 2008-06-13 17:09:24 ----D---- C:\Program Files\Winamp 2008-06-13 17:09:24 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Winamp 2008-06-13 17:08:49 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Media Player Classic 2008-06-13 17:08:46 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\WinRAR 2008-06-13 17:08:36 ----D---- C:\Program Files\WinRAR 2008-06-13 17:07:52 ----D---- C:\WINDOWS\pss 2008-06-13 17:06:57 ----D---- C:\Program Files\ATI 2008-06-13 17:06:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2008-06-13 17:06:04 ----D---- C:\WINDOWS\system32\Adobe 2008-06-13 17:05:55 ----N---- C:\WINDOWS\system32\ati2sgag.exe 2008-06-13 17:04:58 ----D---- C:\ATI 2008-06-13 16:54:29 ----A---- C:\WINDOWS\system32\LuResult.txt 2008-06-13 16:42:19 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\InterMute 2008-06-13 16:35:48 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla 2008-06-13 16:30:47 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Symantec 2008-06-13 16:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-13 16:29:24 ----A---- C:\WINDOWS\system32\ssmute.ini 2008-06-13 16:29:23 ----D---- C:\Program Files\InterMute 2008-06-13 16:29:08 ----D---- C:\Program Files\MoodLogic 2008-06-13 16:27:10 ----D---- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform 2008-06-13 16:26:51 ----D---- C:\Program Files\Mozilla Firefox 2008-06-13 16:25:35 ----D---- C:\Program Files\Quicken 2008-06-13 16:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit 2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll 2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizePX.dll 2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll 2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll 2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll 2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresize.dll 2008-06-13 16:24:58 ----D---- C:\Program Files\InterVideo 2008-06-13 16:23:56 ----A---- C:\WINDOWS\ODBC.INI 2008-06-13 16:23:52 ----A---- C:\WINDOWS\system32\mdimon.dll 2008-06-13 16:22:13 ----D---- C:\Program Files\Microsoft Office 2008-06-13 16:21:36 ----D---- C:\Program Files\Microsoft Works 2008-06-13 16:18:22 ----D---- C:\Program Files\Sonic 2008-06-13 16:16:41 ----A---- C:\WINDOWS\system32\CDDBUI.dll 2008-06-13 16:16:41 ----A---- C:\WINDOWS\system32\CDDBControl.dll List of drivers R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys [] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys [] R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488] R3 catchme;catchme; \??\C:\DOCUME~1\QUOCNG~1\LOCALS~1\Temp\catchme.sys [] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-11-29 2319808] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624] R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-07-26 13848] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520] R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [] S3 a94wxsyu;a94wxsyu; C:\WINDOWS\system32\drivers\a94wxsyu.sys [] S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-04-13 1266380] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-08 804572] S3 krait03;Razer krait USB Filter Driver; C:\WINDOWS\System32\Drivers\krait.sys [2005-12-07 13324] S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] List of services R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-05 658432] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-01-14 1839104] S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-01-14 57344] S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-01-14 745472] S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-01-14 188416] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF-----------------

farbar View Member Profile	Aug 31 2008, 08:21 AM Post #13
Bleeping Curious Group: HJT Team Posts: 7,099 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Note 1: It seems you have run DrWeb after downloading SDfix. SDFix should have been downloaded, extracted and run after applying DrWeb. Please follow the steps as they are written. Note 2: Please copy/paste the logs instead of using quotes. Please remove DrWeb from your desktop. Running it again might interfere with the proper working or proper uninstallation of Combofix. Turn off Windows automatic updates as it might lead to unexpected results at this stage: Go to start -> Control Panel -> double-click System to open it. Go to the Automatic Updates tab. Select the "Turn off Automatic Updates" box. Click Apply and then OK. Important: Reboot. Go to start - Run type eventvwr press enter. Open the logbooks and look for recent logged errors specifically under Application and System. To do that: Click the Application in the left pane, double click the recent events in the right pane one by one to see which one is related to the explorer. Copy and paste the related logs to your reply. Click the System in the left pane, double click the recent events in the right pane one by one to see which one is related to the explorer. Copy and paste the related logs to your reply. If there are other recent errors please copy/paste them too. Please tell me if you recognize these files/folder on your desktop (they are hidden): "C:\Documents and Settings\Quoc Nguyen\Desktop\KellyBrook_Cal_2008.zip" "C:\Documents and Settings\Quoc Nguyen\Desktop\PbGWG_2008.zip" "C:\Documents and Settings\Quoc Nguyen\Desktop\Sofia Webber\10336_Sofia_Webber.zip" Tell me if you are aware of running fscagent.exe form Nowcom Co., Ltd. Acompany in South Corea. This process has firewall permission to download and upload packets. This is what I have found on the this: "The process FSCAgent Service program belongs to the software FSCAgent by Nowcom Co., Ltd." "Description: File fscagent.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 155648 bytes (69% of all occurrence), 110592 bytes, 106496 bytes, 159744 bytes. The program is not visible. fscagent.exe is an unknown file in the Windows folder. File fscagent.exe is not a Windows system file. Program listens for or sends data on open ports to LAN or Internet. fscagent.exe is able to record inputs. Therefore the technical security rating is 70% dangerous." Source: http://www.file.net/process/fscagent.exe.html I see from the logs Megaupload Toolbar is installed on your computer: This program is known to be related to spyware. You may read more Megaupload Toolbar here http://www.castlecops.com/tk30914-Megaupload_Toolbar.html To uninstall Megaupload Toolbar: Click "start" on the taskbar and then click on the "Control Panel" icon. Please doubleclick the "Add or Remove Programs" icon. A list of programs installed will be "populated" this may take a bit of time. If they exist, uninstall the following by clicking on the following entries and selecting "remove": Megaupload Toolbar Also remove the folder in bold: C:\Program Files\Megaupload Toolbar We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully. You have to install the Recovery Console before running the tool because Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Instruction to install Recovery Console : Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. At the next prompt, click 'Yes' to run the full ComboFix scan. When the tool is finished, it will produce a report for you. Please copy and paste the content of C:\ComboFix.txt for further review. Please copy and paste a fresh Hijackthis log to your reply and tell about how it went. In your next reply: Tell me about those files and service. The Combofix log. A fresh Hijackthis log. -------------------- This is a voluntary free service. However, if you would like to donate click on

qpnguyen View Member Profile	Sep 6 2008, 07:32 PM Post #14
Member Group: Members Posts: 32 Joined: 19-November 07 Member No.: 171,073	3. many errors from Applications say the same description: QUOTE Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x0529ceb0. i couldn't find any errors from System that is related to explorer.exe the earliest error i got was when i tried to log into my window's xp user profile. i gotten a message that said my user setting could not be load. btw, it takes my computer quiet a while to show the right mouse click menu ----------- 4. yes i recognized those files ----- 5. i am not aware of the program fscagent.exe. but i think i might know wat it is because there is a game had installed once that keyloggs people so they wont hack it. so that might be the keylogger. but im not sure

qpnguyen View Member Profile	Sep 6 2008, 07:49 PM Post #15
Member Group: Members Posts: 32 Joined: 19-November 07 Member No.: 171,073	COMBOfix.txt: ComboFix 08-09-05.02 - Quoc Nguyen 2008-09-06 20:42:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.615 [GMT -4:00] Running from: C:\Documents and Settings\Quoc Nguyen\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Quoc Nguyen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\setup.exe . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-06 19:00 . 2008-09-06 19:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-06 18:54 . 2008-09-06 18:54 <DIR> d-------- C:\WINDOWS\EHome 2008-09-04 21:56 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-09-04 21:55 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-31 01:59 . 2008-08-31 01:59 <DIR> d-------- C:\rsit 2008-08-31 01:37 . 2008-08-31 01:37 <DIR> d-------- C:\WINDOWS\ERUNT 2008-08-31 01:33 . 2008-08-31 01:51 <DIR> d-------- C:\SDFix 2008-08-30 21:33 . 2008-08-30 21:33 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\DoctorWeb 2008-08-29 13:30 . 2008-08-29 13:30 <DIR> d-------- C:\Documents and Settings\Cuong Nguyen\Application Data\EmailNotifier 2008-08-27 13:40 . 2008-08-27 13:40 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\EmailNotifier 2008-08-27 13:40 . 2008-08-27 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload 2008-08-27 13:34 . 2008-09-06 18:49 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-27 13:34 . 2008-08-30 10:49 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-27 13:34 . 2008-08-27 13:34 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-27 13:34 . 2008-08-27 13:34 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-25 21:29 . 2008-08-26 02:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-08-25 20:42 . 2008-08-25 20:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-25 20:42 . 2008-08-25 20:42 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Malwarebytes 2008-08-25 20:42 . 2008-08-25 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-25 20:42 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-25 20:42 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-24 16:09 . 2008-08-24 16:09 <DIR> d-------- C:\Documents and Settings\Cuong Nguyen\Application Data\Leadertech 2008-08-24 16:07 . 2008-07-26 11:25 627,864 --a------ C:\WINDOWS\system32\drivers\lvrs.sys 2008-08-24 16:07 . 2008-07-26 11:23 195,096 --a------ C:\WINDOWS\system32\lvci11801048.dll 2008-08-24 16:06 . 2008-08-24 16:06 <DIR> d-------- C:\Program Files\Logitech 2008-08-24 13:25 . 2008-09-04 22:51 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-24 13:18 . 2008-08-24 13:18 <DIR> d-------- C:\Program Files\AVG 2008-08-24 13:18 . 2008-08-27 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-08-21 22:52 . 2008-08-21 22:52 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-19 13:08 . 2008-08-19 13:08 <DIR> d-------- C:\Program Files\iPod 2008-08-18 12:04 . 2008-08-18 12:04 <DIR> d-------- C:\Program Files\VeohProxy 2008-08-14 15:00 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-14 15:00 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-07 15:40 . 2008-08-07 15:40 <DIR> d-------- C:\Program Files\Illustrate 2008-08-07 15:40 . 2008-08-07 15:40 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\AccurateRip 2008-08-07 15:40 . 2008-08-07 15:40 5,052,280 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2008-08-07 01:42 . 2008-08-07 01:44 38 --a------ C:\WINDOWS\avisplitter.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 00:06 --------- d-----w C:\Program Files\SpeedFan 2008-09-05 21:42 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\uTorrent 2008-09-05 13:41 --------- d-----w C:\Program Files\eMule 2008-08-27 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier 2008-08-26 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-26 01:32 --------- d-----w C:\Program Files\Sony 2008-08-26 00:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-24 20:09 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-08-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-08-24 17:06 --------- d-----w C:\Program Files\Java 2008-08-24 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-23 04:55 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\dvdcss 2008-08-19 22:28 --------- d-----w C:\Program Files\Apple Software Update 2008-08-19 17:08 --------- d-----w C:\Program Files\iTunes 2008-08-17 23:33 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Move Networks 2008-08-14 21:26 --------- d-----w C:\Program Files\Winamp 2008-08-10 10:31 --------- d-----w C:\Program Files\uTorrent 2008-08-07 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone 2008-08-06 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-06 03:45 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-08-05 04:38 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\DivX 2008-08-05 00:01 --------- d-----w C:\Program Files\DivX 2008-08-04 02:14 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-03 04:53 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Nokia 2008-08-02 02:11 131 ----a-w C:\Iotmrd.sys 2008-07-31 06:11 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\FFSJ 2008-07-31 06:07 794,906 ----a-w C:\WINDOWS\unins000.exe 2008-07-30 02:56 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-30 02:56 --------- d-----w C:\Program Files\Paltalk Messenger 2008-07-30 02:56 --------- d-----w C:\Program Files\MagicISO 2008-07-30 02:56 --------- d-----w C:\Program Files\Counter-Strike Source 2008-07-30 02:56 --------- d-----w C:\Program Files\AIM 2008-07-29 19:33 --------- d-----w C:\Program Files\NewsLeecher 2008-07-29 19:32 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\NewsLeecher 2008-07-29 03:27 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\ppStream 2008-07-27 02:06 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Atari 2008-07-26 15:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll 2008-07-26 15:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll 2008-07-26 15:26 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys 2008-07-26 15:23 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll 2008-07-26 15:22 2,570,520 ----a-w C:\WINDOWS\system32\drivers\LV302V32.SYS 2008-07-26 15:22 13,848 ----a-w C:\WINDOWS\system32\drivers\lv302af.sys 2008-07-26 14:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg 2008-07-26 12:25 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys 2008-07-26 11:44 85,302 ----a-w C:\WINDOWS\system32\drivers\LVFeL002.cfg 2008-07-26 11:44 69,592 ----a-w C:\WINDOWS\system32\drivers\LVFaL000.cfg 2008-07-26 11:44 227,172 ----a-w C:\WINDOWS\system32\drivers\LVFeL000.cfg 2008-07-26 11:44 146,680 ----a-w C:\WINDOWS\system32\drivers\LVFeL001.cfg 2008-07-26 03:32 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Leadertech 2008-07-24 01:32 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Paltalk 2008-07-20 20:42 --------- d-----w C:\Program Files\Google 2008-07-20 13:37 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Winamp 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 09:20 1,540,096 ----a-r C:\WINDOWS\system32\clubbox.exe 2008-07-15 21:16 --------- d-----w C:\Program Files\Audacity 2008-07-13 22:26 --------- d-----w C:\Program Files\Total Video Converter 2008-07-13 22:07 --------- d-----w C:\Program Files\Alcohol Soft 2008-07-13 22:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-07-13 22:02 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-07-13 21:48 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\DAEMON Tools Pro 2008-07-12 02:19 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\GetRightToGo 2008-07-09 13:39 --------- d-----w C:\Program Files\IObit 2008-07-09 06:09 --------- d-----w C:\Program Files\PCPitstop 2008-07-09 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grid 2008-07-08 07:05 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\InstallShield 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 01:31 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\vlc 2008-07-07 01:23 --------- d-----w C:\Program Files\VideoLAN 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 07:28 77,824 ----a-w C:\WINDOWS\system32\nod.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 126976] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736] "AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 C:\WINDOWS\AGRSMMSG.exe] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-11-02 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-11-29 C:\WINDOWS\ALCWZRD.EXE] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=C:\Documents and Settings\Quoc Nguyen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=C:\WINDOWS\pss\Logitech . Product Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Documents and Settings\Quoc Nguyen\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] --a------ 2007-10-04 18:38 307200 C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder] --a------ 2004-07-16 15:17 53248 C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2008-08-14 17:15 2407184 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] --a------ 2008-07-08 16:41 2828184 C:\Program Files\Registry Mechanic\RegMech.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery] --a------ 2003-04-20 01:08 28672 C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe"= "C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"= "C:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "C:\\Program Files\\Counter-Strike Source\\hl2.exe"= "C:\\WINDOWS\\system32\\fscagent.exe"= "C:\\WINDOWS\\system32\\clubbox.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 76040] R3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864] S3 krait03;Razer krait USB Filter Driver;C:\WINDOWS\system32\Drivers\krait.sys [2005-12-07 13324] Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 20:44:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-06 20:46:50 ComboFix-quarantined-files.txt 2008-09-07 00:46:42 Pre-Run: 22,145,372,160 bytes free Post-Run: 22,226,591,744 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 257 --- E O F --- 2008-09-07 00:03:27 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:48:37 PM, on 9/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- End of file - 7689 bytes

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 Pages

1 2 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 07:15 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides