Unable To Delete The Virus File

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Unable To Delete The Virus File

Options

darklorz View Member Profile	Sep 20 2008, 05:16 AM Post #1
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	hi all I encountered a problem. The virus scan detect the virus and move it to quaratine folder. But the problem is i was unable to delete the virus file.I getting very upset about it.Can everyone help me? sry for the poor english TT As i not very good with computer stuff...i try to give the infomation about it there are as follow: Message:VirusScan alert Pathname:C:\quarantine\dows[1].exe.Vir Detected as: New Malware.ey Detection type: trojan State:Moved (Clean failed because the file isn't cleanable) Application: explorer.exe I was recommend by one of the person who reply my thread form http://community.mcafee.com/ and asked to post the log here. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:54:56 PM, on 20/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sp.edu.sg/SPweb/appmanager/home/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sp.edu.sg/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: MapToPDrive.bat O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170669123703 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10676 bytes Thank you all in advance Sorry for editing on my own thread... i worried about stuff like if i get back to your reply late. 22 sep 2008 to 24 sep 2008... i will be in chalet TT 26 sep 2008 to 28 sep 2008...i will be in leadership camp So does it matter if i get back to you late ? will my thread be deleted ? i apologize for all this. This is the 1st time i encounter the virus TT Please help me ASAP TT This post has been edited by darklorz: Sep 20 2008, 06:56 AM

sundavis View Member Profile	Sep 20 2008, 08:46 AM Post #2
Forum Addict Group: HJT Team Posts: 1,524 Joined: 11-August 07 Member No.: 149,370	Hi, Welcome to BleepingComputer HijackThis Logs and Malware Removal, darklorz. My name is sundavis, I will be helping you to deal with your Malware problems today. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following. Step1 Make an Uninstall List 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button 5. Click on the Save list button 6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt. 7. Copy and paste the contents in your next reply and a fresh HJT log. Step2 Update Your Java Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version. Step3 Please do an online scan with Kaspersky Online Scanner. Please go to Kaspersky Online Scanner and perform an online antivirus scan. Click Accept button on the "Requirements and limitations". When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button. It will be Downloading and installing the program and Updating the database. When Updating the database have finished, click on Settings. Make sure all boxes are checked. then click on the Save button. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run. Once the scan is completed, Click on View Scan Report. You may see a list of infected items over there. Click on Save Report As. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button. Please post the contents in your next reply. Or you can refer to this thread for your reference. In your next reply, Please post back: 1.Uninstall List 2.KAS Scan report. 3.New HJT log.

darklorz View Member Profile	Sep 20 2008, 09:35 AM Post #3
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	hi ,my name is darklorz...thank for your help =) Step1 Make an Uninstall List 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button 5. Click on the Save list button 6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt. 7. Copy and paste the contents in your next reply and a fresh HJT log. In your next reply, Please post back: 1.Uninstall List 2.KAS Scan report. 3.New HJT log. i got question to ask...for the New HJT log...is it do it at step 1 or after all the 3 step ? i not very good in english.. sry This post has been edited by darklorz: Sep 20 2008, 09:54 AM

sundavis View Member Profile	Sep 20 2008, 10:10 AM Post #4
Forum Addict Group: HJT Team Posts: 1,524 Joined: 11-August 07 Member No.: 149,370	1.Uninstall List 2.KAS Scan report. 3.New HJT log. Follow this order. Thanks.

darklorz View Member Profile	Sep 20 2008, 12:59 PM Post #5
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	1.Uninstall List Acer Camera Driver Acer Empowering Technology Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer OrbiCam Ad-Aware SE Personal Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 8.1.2 Adobe Shockwave Player Agere Systems HDA Modem Counter-Strike 1.6 Dawn of War - Dark Crusade GG E-Sports Platform GUILTY GEAR XX #RELOAD Hamachi 1.0.2.5 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB928388) Hotfix for Windows XP (KB929120) Hotfix for Windows XP (KB935448) Hotfix for Windows XP (KB952287) Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software iTunes J2SE Runtime Environment 5.0 Update 10 Kaiba Corp Virtual Duel System 1.4 KCVDS BETA 1.15 A Launch Manager Little Fighter 2 1.9c Logitech Video Enumerator MathCAD McAfee VirusScan Enterprise mCore mDriver mDrWiFi Messenger Plus! Live mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Device Emulator version 1.0 - ENU Microsoft Document Explorer 2005 Microsoft Document Explorer 2005 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office FrontPage 2003 Microsoft Office Professional Edition 2003 Microsoft Office Project Professional 2003 Microsoft Office Visio Professional 2003 Microsoft SQL Server 2005 Mobile [ENU] Developer Tools Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2005 Professional Edition - ENU mIWA mLogView mMHouse Mozilla Firefox (3.0.1) mPfMgr mPfWiz mProSafe MSDN Library for Visual Studio 2005 MSDN Library for Visual Studio 2005 mSSO MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) mToolkit MVision mWlsSafe mWMI mXML mZConfig NTI CD & DVD-Maker NVIDIA Drivers PowerDVD QuickTime Realtek High Definition Audio Driver Respondus LockDown Browser Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Skype 3.0 Skype add-on for IE Skype Plugin Manager STATGRAPHICS Centurion XV.II SuyinNBCam Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Warcraft III 1.22 Patch WIDCOMM Bluetooth Software Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13) Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885453 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver 2.KAS Scan report. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, September 21, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, September 20, 2008 15:35:54 Records in database: 1246751 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ P:\ Scan statistics: Files scanned: 112429 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:31:29 No malware has been detected. The scan area is clean. The selected area was scanned. 3.New HJT log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:53:13 AM, on 21/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sp.edu.sg/SPweb/appmanager/home/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sp.edu.sg/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: MapToPDrive.bat O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170669123703 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10768 bytes Thank for your help. But the problem is i still unable to delete the virus file in my quarantine folder. Whenever i try to go to the quarantine folder to delete the file: dows[1].exe.Vir. i was unable to delete it and i recieved the virusalert by my McAfee VirusScan Enterprise 8.0.0. Getting the msg Message:VirusScan alert Pathname:C:\quarantine\dows[1].exe.Vir Detected as: New Malware.ey Detection type: trojan State:Moved (Clean failed because the file isn't cleanable) Application: explorer.exe what should i do?i getting damn worried about it. And also, 21 sep 2008 , i will be working and back at night time. In addition, i might be back either on 24sep or 25 sep to reply you. sorry for this and sorry for me being so nervous. This post has been edited by darklorz: Sep 20 2008, 01:07 PM

sundavis View Member Profile	Sep 30 2008, 05:23 AM Post #6
Forum Addict Group: HJT Team Posts: 1,524 Joined: 11-August 07 Member No.: 149,370	Hi, darklorz Please note that I am still training, this means that any reply I give to you has to be checked first by an expert. I apologize for any delay this might cause. Ok!! Let's move on. Step1 Please download OTMoveIt2 by OldTimer to your desktop. Double-click OTMoveIt2.exe to run it. Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE [kill explorer] C:\quarantine\dows[1].exe.Vir C:\WINDOWS\ALCXMNTR.EXE C:\Documents and Settings\p0716499\Local Settings\Temporary Internet Files\Content.IE5\7NASSHXU EmptyTemp purity [start explorer] Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt2 If you still can't delete the file in McAfee Quarantine directory, then please disable the On-Access Scanner, and delete the file manually(dows[1].exe.Vir). or go to Here for your reference. Step2* Please download F-Secure Blacklight and save it to C drive. Click on Start > Run and copy and paste in the following: CODE C:\fsbl.exe /expert. Click OK. You will be shown a license agreement. Read through it and select I accept the agreement. Click Next. Click on Scan. Once the scan is done, close F-Secure Blacklight. Don't rename anything found! A log will be produced on your C drive. It's named fsbl-XXXXXXXXXXXXXX.log, where the XXXXXXXXXXXXXX are numbers. Please post this log in your next reply along with a new HijackThis log. Step3 Download to the desktop: Dr.Web CureIt Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, Click Options > Change settings Choose the "Scan"-tab, remove the mark at "Heuristic analysis". Back at the main window, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log. In your next reply, Please post back: 1.OTmoveit log 2.DrWeb.csv 3.Blacklight log 4.New HJT log How is your pc running now? This post has been edited by sundavis: Sep 30 2008, 05:57 AM

darklorz View Member Profile	Oct 3 2008, 11:54 AM Post #7
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	oh..is ok...thank for you help again =) Step 1 OTmoveit log: Explorer killed successfully < C:\quarantine\dows[1].exe.Vir > File move failed. C:\quarantine\dows[1].exe.Vir scheduled to be moved on reboot. File/Folder C:\WINDOWS\ALCXMNTR.EXE not found. File/Folder C:\Documents and Settings\p0716499\Local Settings\Temporary Internet Files\Content.IE5\7NASSHXU not found. < EmptyTemp > File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF3AC2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF3B92.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF532E.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF854A.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF85B5.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFFEB0.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFFEBD.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFV8.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. < purity > Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10042008_004437 Files moved on Reboot... File move failed. C:\quarantine\dows[1].exe.Vir scheduled to be moved on reboot. C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe moved successfully. File C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF3AC2.tmp not found! File C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF3B92.tmp not found! C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF532E.tmp moved successfully. File C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF854A.tmp not found! File C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF85B5.tmp not found! File C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFFEB0.tmp not found! File C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFFEBD.tmp not found! C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat moved successfully. File C:\WINDOWS\temp\WFV8.tmp not found! ok i managed to manual delete the virus file. Step 2 DrWeb.csv: 10/04/08 01:04:16 [Info]: BlackLight Engine 2.2.1092 initialized 10/04/08 01:04:16 [Info]: OS: 5.1 build 2600 (Service Pack 3) 10/04/08 01:04:16 [Note]: 7019 4 10/04/08 01:04:16 [Note]: 7005 0 10/04/08 01:04:25 [Note]: 7006 0 10/04/08 01:04:25 [Note]: 7011 1236 10/04/08 01:04:25 [Note]: 7035 0 10/04/08 01:04:25 [Note]: 7026 0 10/04/08 01:04:25 [Note]: 7026 0 10/04/08 01:04:29 [Note]: FSRAW library version 1.7.1024 10/04/08 01:16:06 [Note]: 2000 1012 10/04/08 01:16:06 [Note]: 2000 1012 10/04/08 01:16:06 [Note]: 2000 1012 10/04/08 01:21:34 [Note]: 7007 0 step 3 Blacklight log: i having a problem here... because my laptop is buy from school..the school require me to configure to SD domain. when i go safe mode...i was able to ctrl alt del..but when come to log in...i was unable to login with my account because i was unable to log in to my SD domain. so got any way to help me without going to safe mode? This post has been edited by darklorz: Oct 3 2008, 12:55 PM

sundavis View Member Profile	Oct 3 2008, 11:36 PM Post #8
Forum Addict Group: HJT Team Posts: 1,524 Joined: 11-August 07 Member No.: 149,370	Hi, darklorz Welcome back. It's ok to run Dr.Web CureIt in normal mode. Please run it and post the DrWeb.log in your next reply. Tell me how things are going now.

darklorz View Member Profile	Oct 4 2008, 03:35 PM Post #9
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	hi, sundavis Step 3 DrWeb.csv i follow the instruction and complete the scan. nothing was found after 3hr 13min scan =). But i was unable to save the report list because i cannot click on the save report list, not sure why. Step 4 HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:35:58 AM, on 05/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\p0716499\Desktop\drweb-cureit.exe C:\DOCUME~1\p0716499\LOCALS~1\Temp\RarSFX0\_start.exe C:\DOCUME~1\p0716499\LOCALS~1\Temp\RarSFX0\setup.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sp.edu.sg/SPweb/appmanager/home/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sp.edu.sg/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: MapToPDrive.bat O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170669123703 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11260 bytes So far everything seem ok. but just now my virus scan detected a virus and deleted it OnAccessScanLog.Tx: 05/10/2008 3:15:31 AM Deleted SD\p0716499 setup.exe C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP172\A0124629.exe Generic.dx (Trojan) This post has been edited by darklorz: Oct 4 2008, 03:47 PM

sundavis View Member Profile	Oct 5 2008, 08:43 AM Post #10
Forum Addict Group: HJT Team Posts: 1,524 Joined: 11-August 07 Member No.: 149,370	Hi, darklorz Glad to hear things getting better. We are almost there, but not yet. Please be patient and follow all instructions below. Step1 1.Please run HijackThis! and click "Do a system scan only." Place checks next to the following entry,(if present): O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Close all browsers and other windows except for HijackThis!, and click "Fix Checked". Step2 Run OTMoveIt2 from your desktop Double-click OTMoveIt2.exe to run it. Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE [kill explorer] C:\WINDOWS\ALCXMNTR.EXE C:\Documents and Settings\p0716499\Local Settings\Temp\RarSFX0 EmptyTemp [start explorer] Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Step3* Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) In you next reply, Please post the logs in the following 1.OTmoveit log 2.RSIT log.txt and info.txt Tell me how things are going now.

darklorz View Member Profile	Oct 5 2008, 10:23 AM Post #11
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	Step2: Explorer killed successfully File/Folder C:\WINDOWS\ALCXMNTR.EXE not found. File/Folder C:\Documents and Settings\p0716499\Local Settings\Temp\RarSFX0 not found. < EmptyTemp > File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF6DCF.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF6DE7.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF6EA5.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF6F9C.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF979B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF9888.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFB11F.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_86c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10052008_231230 Step 3: RSIT log.txt : Logfile of random's system information tool 1.04 (written by random/random) Run by p0716499 at 2008-10-05 23:24:46 Microsoft Windows XP Professional Service Pack 3 System drive C: has 48 GB (66%) free of 72 GB Total RAM: 1022 MB (26% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:24:53 PM, on 05/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\p0716499\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\p0716499.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sp.edu.sg/SPweb/appmanager/home/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sp.edu.sg/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: MapToPDrive.bat O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170669123703 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10904 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-29 747048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-29 766041] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-06 155648] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-11-08 802816] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-11-08 696320] "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208] "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320] "Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168] "Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-06-07 208896] "ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-11-27 458752] "Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-12 7577600] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-12 86016] "ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2006-05-15 45056] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696] "LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe MapToPDrive.bat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe::Enabled:CyberLink PowerCinema Resident Program" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe::Enabled:Hamachi Client" "C:\Documents and Settings\p0716499\Desktop\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\p0716499\Desktop\Warcraft III\Warcraft III.exe::Enabled:Warcraft III" "C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe"="C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe::Enabled:GGclient" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "D:\Program Files\LOTR\game.dat"="D:\Program Files\LOTR\game.dat::Enabled:The Battle for Middle-earth™ II" "C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe"="C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe::Enabled:Garena" "D:\Program Files\KCVDS\KCVDS.exe"="D:\Program Files\KCVDS\KCVDS.exe::Enabled:KCVDS" "C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe::Disabled:Half-Life Launcher" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe::Enabled:Hamachi Client" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\p0716499\Desktop\Warcraft III\Frozen Throne.exe"="C:\Documents and Settings\p0716499\Desktop\Warcraft III\Frozen Throne.exe::Enabled:Frozen Throne" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b65f6c0-c58d-11dc-9f2f-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29af305a-8533-11dd-a138-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63773316-9707-11dc-9e82-0019d22cce5d}] shell\Auto\command - Recycler.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycler.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c12c3a0-ba8c-11dc-9f0b-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c12c3a1-ba8c-11dc-9f0b-0019d22cce5d}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3fca27e-a89b-11dc-9ec9-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3fca27f-a89b-11dc-9ec9-0019d22cce5d}] shell\AutoRun\command - G:\l1.cmd shell\explore\command - G:\l1.cmd shell\open\command - G:\l1.cmd ======List of files/folders created in the last 1 months====== 2008-10-05 23:24:46 ----D---- C:\rsit 2008-10-04 01:42:04 ----A---- C:\WINDOWS\ntbtlog.txt 2008-10-04 01:02:45 ----A---- C:\fsbl.exe 2008-10-04 00:44:37 ----D---- C:\_OTMoveIt 2008-09-25 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-09-24 18:48:45 ----SHD---- C:\Config.Msi 2008-09-24 15:47:57 ----D---- C:\WINDOWS\Prefetch 2008-09-24 15:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-09-24 15:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-09-24 15:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-09-24 15:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-09-24 15:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-09-24 15:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-09-24 15:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-09-24 15:10:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-09-24 15:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-09-24 15:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-09-24 15:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-24 15:04:28 ----D---- C:\WINDOWS\system32\scripting 2008-09-24 15:04:25 ----D---- C:\WINDOWS\l2schemas 2008-09-24 15:04:24 ----D---- C:\WINDOWS\system32\en 2008-09-24 15:04:23 ----D---- C:\WINDOWS\system32\bits 2008-09-24 14:59:30 ----D---- C:\WINDOWS\ServicePackFiles 2008-09-24 14:45:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-09-24 14:31:46 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-09-24 14:31:43 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-09-24 14:31:39 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-24 14:31:38 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-09-24 14:31:25 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-09-24 14:31:25 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-09-24 14:31:10 ----N---- C:\WINDOWS\system32\spupdwxp.exe 2008-09-24 14:31:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-09-24 14:31:03 ----N---- C:\WINDOWS\system32\slserv.exe 2008-09-24 14:31:03 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-09-24 14:31:03 ----N---- C:\WINDOWS\slrundll.exe 2008-09-24 14:31:02 ----N---- C:\WINDOWS\system32\slgen.dll 2008-09-24 14:31:02 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-09-24 14:31:02 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-09-24 14:30:52 ----N---- C:\WINDOWS\system32\setupn.exe 2008-09-24 14:30:49 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-09-24 14:30:43 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-09-24 14:30:40 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-09-24 14:30:38 ----N---- C:\WINDOWS\system32\qutil.dll 2008-09-24 14:30:35 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-09-24 14:30:35 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-09-24 14:30:35 ----N---- C:\WINDOWS\system32\qagent.dll 2008-09-24 14:30:33 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-09-24 14:30:24 ----N---- C:\WINDOWS\system32\onex.dll 2008-09-24 14:30:05 ----N---- C:\WINDOWS\system32\napstat.exe 2008-09-24 14:30:05 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-09-24 14:30:05 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-09-24 14:30:02 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-09-24 14:30:00 ----A---- C:\WINDOWS\system32\msxml6r.dll 2008-09-24 14:29:57 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-09-24 14:29:57 ----N---- C:\WINDOWS\system32\mssha.dll 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-09-24 14:29:22 ----N---- C:\WINDOWS\system32\mdmxsdk.dll 2008-09-24 14:28:59 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-09-24 14:28:58 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-09-24 14:28:57 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-09-24 14:28:57 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-09-24 14:28:57 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-09-24 14:28:56 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-09-24 14:28:39 ----N---- C:\WINDOWS\system32\smtpapi.dll 2008-09-24 14:28:39 ----N---- C:\WINDOWS\system32\rwnh.dll 2008-09-24 14:28:33 ----N---- C:\WINDOWS\system32\comsdupd.exe 2008-09-24 14:28:25 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-09-24 14:28:13 ----N---- C:\WINDOWS\system32\faxpatch.exe 2008-09-24 14:28:13 ----A---- C:\WINDOWS\003118_.tmp 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-09-24 14:28:05 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-09-24 14:28:05 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-09-24 14:28:05 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-09-24 14:28:03 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-09-24 14:28:02 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-09-24 14:28:02 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-09-24 14:27:57 ----N---- C:\WINDOWS\system32\credssp.dll 2008-09-24 14:27:49 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-09-24 14:27:48 ----N---- C:\WINDOWS\system32\azroles.dll 2008-09-24 14:27:47 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-09-24 14:27:47 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-09-24 14:27:46 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-09-24 14:27:46 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-09-24 14:27:45 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-09-24 14:27:45 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-09-24 14:27:45 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-09-24 14:27:34 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-09-20 22:48:11 ----A---- C:\WINDOWS\system32\javaws.exe 2008-09-20 22:48:11 ----A---- C:\WINDOWS\system32\javaw.exe 2008-09-20 22:48:11 ----A---- C:\WINDOWS\system32\java.exe 2008-09-20 22:46:40 ----D---- C:\Program Files\Java 2008-09-20 22:46:30 ----D---- C:\Program Files\Common Files\Java 2008-09-20 17:51:49 ----D---- C:\Program Files\Trend Micro 2008-09-20 00:01:52 ----D---- C:\Documents and Settings\p0716499\Application Data\Malwarebytes 2008-09-20 00:01:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-19 17:48:09 ----D---- C:\quarantine 2008-09-11 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$ 2008-09-11 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ ======List of files/folders modified in the last 1 months====== 2008-10-05 23:15:27 ----A---- C:\WINDOWS\smscfg.ini 2008-10-05 23:15:20 ----D---- C:\WINDOWS\Temp 2008-10-05 23:14:28 ----D---- C:\WINDOWS 2008-10-05 23:13:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-05 06:20:48 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-03 19:44:33 ----SHD---- C:\WINDOWS\CSC 2008-09-25 03:04:50 ----D---- C:\WINDOWS\system32 2008-09-25 03:02:02 ----HD---- C:\WINDOWS\inf 2008-09-25 03:01:51 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-09-24 18:48:55 ----SHD---- C:\WINDOWS\Installer 2008-09-24 18:48:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-09-24 18:46:31 ----A---- C:\WINDOWS\OEWABLog.txt 2008-09-24 16:59:30 ----HD---- C:\WINDOWS\$hf_mig$ 2008-09-24 15:49:26 ----A---- C:\WINDOWS\setuplog.txt 2008-09-24 15:47:10 ----D---- C:\WINDOWS\system32\Setup 2008-09-24 15:47:10 ----D---- C:\WINDOWS\AppPatch 2008-09-24 15:47:08 ----D---- C:\WINDOWS\system32\wbem 2008-09-24 15:47:06 ----RSD---- C:\WINDOWS\Fonts 2008-09-24 15:46:56 ----D---- C:\WINDOWS\system32\drivers 2008-09-24 15:11:59 ----A---- C:\WINDOWS\imsins.BAK 2008-09-24 15:11:54 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-24 15:10:32 ----D---- C:\Program Files\Messenger 2008-09-24 15:09:55 ----D---- C:\WINDOWS\security 2008-09-24 15:05:32 ----D---- C:\WINDOWS\WinSxS 2008-09-24 15:04:56 ----D---- C:\WINDOWS\system32\inetsrv 2008-09-24 15:04:56 ----D---- C:\WINDOWS\network diagnostic 2008-09-24 15:04:55 ----D---- C:\WINDOWS\ime 2008-09-24 15:04:55 ----D---- C:\WINDOWS\Help 2008-09-24 15:04:30 ----D---- C:\WINDOWS\system32\usmt 2008-09-24 15:04:30 ----D---- C:\WINDOWS\system32\en-US 2008-09-24 15:04:23 ----D---- C:\WINDOWS\PeerNet 2008-09-24 15:04:23 ----D---- C:\Program Files\Movie Maker 2008-09-24 14:59:08 ----D---- C:\WINDOWS\system32\Restore 2008-09-24 14:59:08 ----D---- C:\WINDOWS\system32\npp 2008-09-24 14:59:07 ----D---- C:\WINDOWS\mui 2008-09-24 14:59:05 ----D---- C:\WINDOWS\msagent 2008-09-24 14:59:03 ----D---- C:\WINDOWS\srchasst 2008-09-24 14:58:56 ----D---- C:\Program Files\NetMeeting 2008-09-24 14:58:54 ----D---- C:\WINDOWS\system32\Com 2008-09-24 14:58:49 ----D---- C:\Program Files\Windows NT 2008-09-24 14:58:49 ----D---- C:\Program Files\Windows Media Player 2008-09-24 14:58:48 ----D---- C:\Program Files\Outlook Express 2008-09-24 14:58:44 ----D---- C:\Program Files\Common Files\System 2008-09-24 14:58:05 ----D---- C:\WINDOWS\system32\oobe 2008-09-24 14:58:02 ----D---- C:\WINDOWS\system 2008-09-24 14:51:10 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-09-24 14:45:01 ----D---- C:\WINDOWS\ehome 2008-09-24 13:57:52 ----D---- C:\WINDOWS\Debug 2008-09-20 22:46:40 ----RD---- C:\Program Files 2008-09-20 22:46:30 ----D---- C:\Program Files\Common Files 2008-09-20 22:40:04 ----D---- C:\WINDOWS\system32\appmgmt 2008-09-18 11:39:12 ----D---- C:\Documents and Settings\p0716499\Application Data\U3 2008-09-16 00:17:43 ----D---- C:\Documents and Settings\p0716499\Application Data\Hamachi 2008-09-10 16:33:25 ----D---- C:\Program Files\Messenger Plus! Live ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-02-06 21425] R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys [] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-11-08 12544] R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys [] R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061] R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-01-11 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480] R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-11-15 1711488] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-02-07 6144] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-12 3675776] R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys [] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-01-12 1728896] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-29 193056] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459] S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-17 65688] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032] S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-03-28 36736] S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [] S3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-28 847392] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-11-28 1962784] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-03 1429632] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-02 250496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295] R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-11-08 434176] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463] R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191] R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-12 143426] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-11-08 327680] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-11-08 950272] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-11-08 294912] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-11-28 101152] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] -----------------EOF----------------- RSIT info.txt : info.txt logfile of random's system information tool 1.04 2008-10-05 23:24:57 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acer Camera Driver-->"C:\Program Files\Common Files\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly Acer OrbiCam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Agere Systems HDA Modem-->agrsmdel Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19 Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly GG E-Sports Platform-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly GUILTY GEAR XX #RELOAD-->MsiExec.exe /I{C6866249-495A-4ED7-AD69-99336B5E86E4} Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033 Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaiba Corp Virtual Duel System 1.4-->"D:\Program Files\Kaiba Corp VDS\unins000.exe" KCVDS BETA 1.15 A-->D:\Program Files\KCVDS\Uninstall.exe Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI Little Fighter 2 1.9c-->D:\Program Files\LF2_v1.9c\uninst.exe Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} MathCAD-->MsiExec.exe /I{1EFC69F8-35A1-46E4-A745-BC1BD2D66219} McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43} mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650} Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682} Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (3.0.1)-->D:\My Documents\software\Mozilla Firefox\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSDN Library for Visual Studio 2005-->msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE} MSDN Library for Visual Studio 2005-->MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE} mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC} MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7 NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Respondus LockDown Browser-->C:\Program Files\InstallShield Installation Information\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}\setup.exe -runfromtemp -l0x0009 -removeonly Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} /package {437AB8E0-FB69-4222-B280-A64F3DE22591} Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {78DD9A0A-4AE1-46D0-B9A6-578EFCA47A3C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591} Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe" Skype add-on for IE-->rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0 Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} STATGRAPHICS Centurion XV.II-->MsiExec.exe /I{50685B84-F13B-475E-9BF9-FC0CA9A333A2} SuyinNBCam-->C:\Program Files\InstallShield Installation Information\{1D1032D6-2E54-4CA7-ABE5-76DC5D0A3D76}\setup.exe -runfromtemp -l0x0009 -removeonly Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Warcraft III 1.22 Patch-->C:\Program Files\InstallShield Installation Information\{983CE4AE-052A-4AD6-92ED-177DFC85DAE5}\setup.exe -runfromtemp -l0x0009 -removeonly WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)-->C:\PROGRA~1\DIFX\DPINST.EXE /u C:\WINDOWS\system32\DRVSTORE\w29n51_3B55B5EFFB5702040D2F0D2347942E9092A6F2C7\w29n51.inf Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)-->C:\PROGRA~1\DIFX\DPINST.EXE /u C:\WINDOWS\system32\DRVSTORE\w39n51_A034BB1A002D677EA8C4C877C9E7DF5306F63D8E\w39n51.inf Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe =====HijackThis Backups===== O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Windows Resource Kits\Tools;C:\WINDOWS\system32\;C:\WINDOWS\system32\Wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Macrovision\AdminStudio\8.0\Common;C:\Program Files\Statgraphics\STATGRAPHICS Centurion XV.II "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\ "CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Thank you for help once again =). So far , i don't sense and observe anything abnormal but i not really sure if everything is really running all right. After you help me with my laptop, i mean after the whole process, can 1 delete all the software i download which u ask me to download? As i not very sure in computer thingy , but i interested and curious in it , can u briefly explain why you ask me download these software and why do this and that ? This post has been edited by darklorz*: Oct 5 2008, 10:31 AM

sundavis View Member Profile	Oct 6 2008, 05:36 AM Post #12
Forum Addict Group: HJT Team Posts: 1,524 Joined: 11-August 07 Member No.: 149,370	Hi, darklorz The tools we have used will be deleted when i give you all clean speech. As to the program or software we have run in our clean process, all serve their purpose. Running different programs to check your system just want to ensure your computer is free of virus and no more baddies. Until then, you are good to go. I'm delighted to answer your question if you don't know or need to clarify. Ok!! Let's proceed our clean job. Step1 Please download Flash_Disinfector and save it to your desktop. Double click to run it. You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well. Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime. When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager. Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear. Step2 Download OTMoveIt3.exe by OldTimer and save it to your desktop. Double click on OTMoveIt3.exe to run it Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved Note: Do not type it out to minimize the risk of typo error CODE :Processes explorer.exe :Files C:\Windows\system32\Recycler.exe C:\Windows\AdobeR.exe C:\WINDOWS\003118_.tmp G:\l1.cmd :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63773316-9707-11dc-9e82-0019d22cce5d}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c12c3a1-ba8c-11dc-9f0b-0019d22cce5d}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3fca27f-a89b-11dc-9ec9-0019d22cce5d}] :Commands [EmptyTemp] [start explorer] [Reboot] Click on MoveIt! When done, click on Exit Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes. A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply. You can refer to this thread for your reference. Step3 Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page. You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available. Click on Accept to accept the License Agreement. Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option. Under Other Scan Options, select these options: Scan all files Scan whole system for rootkits Scan whole system for spyware Scan inside archives Use advanced heuristics Click Start. It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient. Click on I want decide item by item. Under Actions, select None for all infections found. Click Next. Click on Show Report. Please copy and paste this report in your next reply. Click Finish. Note: You also can find F-Secure report from C:\Documents and Settings\<user name>\Application Data\Local\Temp\OnlineScanner\ols_report.html In you next reply, Please post the logs in the following 1.OTmoveit log 2.RSIT log.txt and info.txt 3.F-Secure report How is your pc running now?

darklorz View Member Profile	Oct 6 2008, 11:22 AM Post #13
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	hi sundavis , Step 1: completed Step 2: hmm...i was unable to download OTMoveIt3.exe...HTTP 404 Not Found =(

sundavis View Member Profile	Oct 6 2008, 12:00 PM Post #14
Forum Addict Group: HJT Team Posts: 1,524 Joined: 11-August 07 Member No.: 149,370	Try this: http://oldtimer.geekstogo.com/OTMoveIt3.exe

darklorz View Member Profile	Oct 6 2008, 12:22 PM Post #15
New Member Group: Members Posts: 12 Joined: 20-September 08 Member No.: 240,084	1.OTmoveit log: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File/Folder C:\Windows\system32\Recycler.exe not found. File/Folder C:\Windows\AdobeR.exe not found. C:\WINDOWS\003118_.tmp moved successfully. File/Folder G:\l1.cmd not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63773316-9707-11dc-9e82-0019d22cce5d}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c12c3a1-ba8c-11dc-9f0b-0019d22cce5d}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3fca27f-a89b-11dc-9ec9-0019d22cce5d}\\ deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\fla27.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF298D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF29D7.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF63ED.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DF63FA.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFBC73.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFE487.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\p0716499\LOCALS~1\Temp\~DFE497.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_844.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.4.1 log created on 10072008_011052 2.RSIT log.txt: Logfile of random's system information tool 1.04 (written by random/random) Run by p0716499 at 2008-10-07 01:21:35 Microsoft Windows XP Professional Service Pack 3 System drive C: has 48 GB (67%) free of 72 GB Total RAM: 1022 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:21:36 AM, on 07/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\p0716499\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\p0716499\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\p0716499.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sp.edu.sg/SPweb/appmanager/home/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sp.edu.sg/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: MapToPDrive.bat O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170669123703 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10936 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-29 747048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-29 766041] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-06 155648] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-11-08 802816] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-11-08 696320] "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208] "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320] "Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168] "Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-06-07 208896] "ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-11-27 458752] "Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-12 7577600] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-12 86016] "ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2006-05-15 45056] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696] "LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe MapToPDrive.bat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=FFFFFFFF [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe::Enabled:CyberLink PowerCinema Resident Program" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe::Enabled:Hamachi Client" "C:\Documents and Settings\p0716499\Desktop\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\p0716499\Desktop\Warcraft III\Warcraft III.exe::Enabled:Warcraft III" "C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe"="C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe::Enabled:GGclient" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "D:\Program Files\LOTR\game.dat"="D:\Program Files\LOTR\game.dat::Enabled:The Battle for Middle-earth™ II" "C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe"="C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe::Enabled:Garena" "D:\Program Files\KCVDS\KCVDS.exe"="D:\Program Files\KCVDS\KCVDS.exe::Enabled:KCVDS" "C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe::Disabled:Half-Life Launcher" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe::Enabled:Hamachi Client" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\p0716499\Desktop\Warcraft III\Frozen Throne.exe"="C:\Documents and Settings\p0716499\Desktop\Warcraft III\Frozen Throne.exe::Enabled:Frozen Throne" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b65f6c0-c58d-11dc-9f2f-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29af305a-8533-11dd-a138-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c12c3a0-ba8c-11dc-9f0b-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3fca27e-a89b-11dc-9ec9-0019d22cce5d}] shell\AutoRun\command - F:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2008-10-07 00:16:26 ----RASHD---- C:\autorun.inf 2008-10-05 23:24:46 ----D---- C:\rsit 2008-10-04 01:42:04 ----A---- C:\WINDOWS\ntbtlog.txt 2008-10-04 01:02:45 ----A---- C:\fsbl.exe 2008-10-04 00:44:37 ----D---- C:\_OTMoveIt 2008-09-25 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-09-24 18:48:45 ----SHD---- C:\Config.Msi 2008-09-24 15:47:57 ----D---- C:\WINDOWS\Prefetch 2008-09-24 15:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-09-24 15:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-09-24 15:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-09-24 15:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-09-24 15:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-09-24 15:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-09-24 15:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-09-24 15:10:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-09-24 15:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-09-24 15:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-09-24 15:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-24 15:04:28 ----D---- C:\WINDOWS\system32\scripting 2008-09-24 15:04:25 ----D---- C:\WINDOWS\l2schemas 2008-09-24 15:04:24 ----D---- C:\WINDOWS\system32\en 2008-09-24 15:04:23 ----D---- C:\WINDOWS\system32\bits 2008-09-24 14:59:30 ----D---- C:\WINDOWS\ServicePackFiles 2008-09-24 14:45:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-09-24 14:31:46 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-09-24 14:31:43 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-09-24 14:31:39 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-24 14:31:38 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-09-24 14:31:25 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-09-24 14:31:25 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-09-24 14:31:10 ----N---- C:\WINDOWS\system32\spupdwxp.exe 2008-09-24 14:31:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-09-24 14:31:03 ----N---- C:\WINDOWS\system32\slserv.exe 2008-09-24 14:31:03 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-09-24 14:31:03 ----N---- C:\WINDOWS\slrundll.exe 2008-09-24 14:31:02 ----N---- C:\WINDOWS\system32\slgen.dll 2008-09-24 14:31:02 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-09-24 14:31:02 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-09-24 14:30:52 ----N---- C:\WINDOWS\system32\setupn.exe 2008-09-24 14:30:49 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-09-24 14:30:43 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-09-24 14:30:40 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-09-24 14:30:38 ----N---- C:\WINDOWS\system32\qutil.dll 2008-09-24 14:30:35 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-09-24 14:30:35 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-09-24 14:30:35 ----N---- C:\WINDOWS\system32\qagent.dll 2008-09-24 14:30:33 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-09-24 14:30:24 ----N---- C:\WINDOWS\system32\onex.dll 2008-09-24 14:30:05 ----N---- C:\WINDOWS\system32\napstat.exe 2008-09-24 14:30:05 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-09-24 14:30:05 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-09-24 14:30:02 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-09-24 14:30:00 ----A---- C:\WINDOWS\system32\msxml6r.dll 2008-09-24 14:29:57 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-09-24 14:29:57 ----N---- C:\WINDOWS\system32\mssha.dll 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-09-24 14:29:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-09-24 14:29:22 ----N---- C:\WINDOWS\system32\mdmxsdk.dll 2008-09-24 14:28:59 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-09-24 14:28:58 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-09-24 14:28:57 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-09-24 14:28:57 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-09-24 14:28:57 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-09-24 14:28:56 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-09-24 14:28:39 ----N---- C:\WINDOWS\system32\smtpapi.dll 2008-09-24 14:28:39 ----N---- C:\WINDOWS\system32\rwnh.dll 2008-09-24 14:28:33 ----N---- C:\WINDOWS\system32\comsdupd.exe 2008-09-24 14:28:25 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-09-24 14:28:13 ----N---- C:\WINDOWS\system32\faxpatch.exe 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-09-24 14:28:10 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-09-24 14:28:05 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-09-24 14:28:05 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-09-24 14:28:05 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-09-24 14:28:04 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-09-24 14:28:03 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-09-24 14:28:02 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-09-24 14:28:02 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-09-24 14:27:57 ----N---- C:\WINDOWS\system32\credssp.dll 2008-09-24 14:27:49 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-09-24 14:27:48 ----N---- C:\WINDOWS\system32\azroles.dll 2008-09-24 14:27:47 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-09-24 14:27:47 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-09-24 14:27:46 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-09-24 14:27:46 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-09-24 14:27:45 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-09-24 14:27:45 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-09-24 14:27:45 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-09-24 14:27:34 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-09-20 22:48:11 ----A---- C:\WINDOWS\system32\javaws.exe 2008-09-20 22:48:11 ----A---- C:\WINDOWS\system32\javaw.exe 2008-09-20 22:48:11 ----A---- C:\WINDOWS\system32\java.exe 2008-09-20 22:46:40 ----D---- C:\Program Files\Java 2008-09-20 22:46:30 ----D---- C:\Program Files\Common Files\Java 2008-09-20 17:51:49 ----D---- C:\Program Files\Trend Micro 2008-09-20 00:01:52 ----D---- C:\Documents and Settings\p0716499\Application Data\Malwarebytes 2008-09-20 00:01:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-19 17:48:09 ----D---- C:\quarantine 2008-09-11 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$ 2008-09-11 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ ======List of files/folders modified in the last 1 months====== 2008-10-07 01:15:39 ----A---- C:\WINDOWS\smscfg.ini 2008-10-07 01:15:35 ----D---- C:\WINDOWS\Temp 2008-10-07 01:14:55 ----D---- C:\WINDOWS 2008-10-07 01:13:37 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-07 00:16:25 ----D---- C:\WINDOWS\system32 2008-10-06 17:45:51 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-03 19:44:33 ----SHD---- C:\WINDOWS\CSC 2008-09-25 03:02:02 ----HD---- C:\WINDOWS\inf 2008-09-25 03:01:51 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-09-24 18:48:55 ----SHD---- C:\WINDOWS\Installer 2008-09-24 18:48:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-09-24 18:46:31 ----A---- C:\WINDOWS\OEWABLog.txt 2008-09-24 16:59:30 ----HD---- C:\WINDOWS\$hf_mig$ 2008-09-24 15:49:26 ----A---- C:\WINDOWS\setuplog.txt 2008-09-24 15:47:10 ----D---- C:\WINDOWS\system32\Setup 2008-09-24 15:47:10 ----D---- C:\WINDOWS\AppPatch 2008-09-24 15:47:08 ----D---- C:\WINDOWS\system32\wbem 2008-09-24 15:47:06 ----RSD---- C:\WINDOWS\Fonts 2008-09-24 15:46:56 ----D---- C:\WINDOWS\system32\drivers 2008-09-24 15:11:59 ----A---- C:\WINDOWS\imsins.BAK 2008-09-24 15:11:54 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-24 15:10:32 ----D---- C:\Program Files\Messenger 2008-09-24 15:09:55 ----D---- C:\WINDOWS\security 2008-09-24 15:05:32 ----D---- C:\WINDOWS\WinSxS 2008-09-24 15:04:56 ----D---- C:\WINDOWS\system32\inetsrv 2008-09-24 15:04:56 ----D---- C:\WINDOWS\network diagnostic 2008-09-24 15:04:55 ----D---- C:\WINDOWS\ime 2008-09-24 15:04:55 ----D---- C:\WINDOWS\Help 2008-09-24 15:04:30 ----D---- C:\WINDOWS\system32\usmt 2008-09-24 15:04:30 ----D---- C:\WINDOWS\system32\en-US 2008-09-24 15:04:23 ----D---- C:\WINDOWS\PeerNet 2008-09-24 15:04:23 ----D---- C:\Program Files\Movie Maker 2008-09-24 14:59:08 ----D---- C:\WINDOWS\system32\Restore 2008-09-24 14:59:08 ----D---- C:\WINDOWS\system32\npp 2008-09-24 14:59:07 ----D---- C:\WINDOWS\mui 2008-09-24 14:59:05 ----D---- C:\WINDOWS\msagent 2008-09-24 14:59:03 ----D---- C:\WINDOWS\srchasst 2008-09-24 14:58:56 ----D---- C:\Program Files\NetMeeting 2008-09-24 14:58:54 ----D---- C:\WINDOWS\system32\Com 2008-09-24 14:58:49 ----D---- C:\Program Files\Windows NT 2008-09-24 14:58:49 ----D---- C:\Program Files\Windows Media Player 2008-09-24 14:58:48 ----D---- C:\Program Files\Outlook Express 2008-09-24 14:58:44 ----D---- C:\Program Files\Common Files\System 2008-09-24 14:58:05 ----D---- C:\WINDOWS\system32\oobe 2008-09-24 14:58:02 ----D---- C:\WINDOWS\system 2008-09-24 14:51:10 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-09-24 14:45:01 ----D---- C:\WINDOWS\ehome 2008-09-24 13:57:52 ----D---- C:\WINDOWS\Debug 2008-09-20 22:46:40 ----RD---- C:\Program Files 2008-09-20 22:46:30 ----D---- C:\Program Files\Common Files 2008-09-20 22:40:04 ----D---- C:\WINDOWS\system32\appmgmt 2008-09-18 11:39:12 ----D---- C:\Documents and Settings\p0716499\Application Data\U3 2008-09-16 00:17:43 ----D---- C:\Documents and Settings\p0716499\Application Data\Hamachi 2008-09-10 16:33:25 ----D---- C:\Program Files\Messenger Plus! Live ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-02-06 21425] R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys [] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-11-08 12544] R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys [] R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061] R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-01-11 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480] R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-11-15 1711488] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-02-07 6144] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-12 3675776] R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys [] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-01-12 1728896] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-29 193056] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459] S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-17 65688] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032] S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-03-28 36736] S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [] S3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-28 847392] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-11-28 1962784] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-03 1429632] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-02 250496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295] R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-11-08 434176] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463] R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191] R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-12 143426] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-11-08 327680] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-11-08 950272] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-11-08 294912] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-11-28 101152] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] -----------------EOF----------------- 2.RSIT info.txt I run RSIT.exe which i downloaded previously and Once it has finished, i only recieved 1 RSIT log.txt. But nvr recieved RSIT info.txt . So it is all right ? This post has been edited by darklorz*: Oct 6 2008, 12:27 PM

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 01:48 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides