BleepingComputer.com: Trojan DNSChanger [usually 82.225.110.12]

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Trojan DNSChanger [usually 82.225.110.12] keeps coming back; i can't access microsoft updates

#1 User is offline   darkheart 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 15-November 08

Posted 16 November 2008 - 02:23 AM

i'm running windows XP sp2, and my computer is the third in a series of computers connected to a D-Link DI-604 router.

sometime last week i stupidly, STUPIDLY ran a WMV file that asked for a codec to be installed, even more stupidly installed the codec, and here we are. since then i've been getting "popup.adv.net" popups from every site i go to, and my dns settings keep getting reset to 85.225.110.12 and i cannot download microsoft updates [can access all pages, but i get a "the page requested cannot be found" when i try and download]. i've since installed NoScript for Firefox 3.04 to keep the popup scripts from running.

i also found a hidden "resycled" folder and its accompanying autorun.inf in each of my partitions and my flash disk, deleted them all.

there was also a hidden "yahoo!" folder in my Documents and Settings Application Data folder before the Malwarebytes scan, but it's gone now.

i don't know about the second computer linked to the router, but the main one does not seem to have the popups [even without the NoScript]. however, it cannot download microsoft updates either. ran Malwarebytes on it and it also found the DNSChanger trojan.

i've run sdfix and smitfraudfix, both of which removed a DNSChanger trojan. Malwarebytes also removed it last night, and this morning, and this lunchtime, everytime i'd run it. but it keeps coming back.

the logs posted are for my computer.

=====================
MALWAREBYTES LOG AT TIME OF POSTING

Malwarebytes' Anti-Malware 1.30
Database version: 1400
Windows 5.1.2600 Service Pack 2

11/16/2008 3:06:44 PM
mbam-log-2008-11-16 (15-06-44).txt

Scan type: Quick Scan
Objects scanned: 52781
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4ff09d71-3f21-40c4-b1f4-5749d1c17e94}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4ff09d71-3f21-40c4-b1f4-5749d1c17e94}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4ff09d71-3f21-40c4-b1f4-5749d1c17e94}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=====================================

HIJACKTHIS LOG AT TIME OF POSTING

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:10, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 6861 bytes
================================

any assistance would be invaluable. thank you.

#2 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 17 November 2008 - 07:53 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.


First, disconnect your router and connect your computer directly to your modem.
Then run a quick scan with Malwarebytes and remove what it finds.
Please post that log here.


Reboot your computer.



Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #5 - Search and clean DNS Hijack by typing 5 and press "Enter"; a text file will appear.

It may bring up a message that ways "Your computer may be victim of a DNS Hijack: 85.255.x.x"
Do you want to set your network to dynamic - DHCP server?

Click on "Yes"

Reboot

Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.



Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 User is offline   darkheart 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 15-November 08

Posted 24 November 2008 - 08:44 AM

hey there,

i actually seem to have gotten rid of them already [had to run the programs and fiddle with the registry on the main pc to get the redirected DNS out] as well and haven't been bothered by the popup.adv.net popups since.

RSIT logs:

info.txt logfile of random's system information tool 1.04 2008-11-24 21:39:27

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
7-Zip 4.55 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
abrViewer.NET 1.0.1-->C:\Program Files\abrViewer.NET\uninst.exe
ACDSee 32-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Font Viewer 3.7-->"C:\Program Files\Advanced Font Viewer\unins000.exe"
Alien Skin Eye Candy 5 Impact-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG
Alien Skin Eye Candy 5 Textures-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\ALIENS~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Image Doctor 1.0-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\IMAGED~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\IMAGED~1\INSTALL.LOG
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AWC V3.0.7-->"C:\Program Files\AWC\unins000.exe"
Bulk Image Downloader v1.38.0.3-->"C:\Program Files\Bulk Image Downloader\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Collectify-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EBB5550-C5F5-11D4-A4E2-009027F9612D}\Setup.exe"
Combined Community Codec Pack 2007-02-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\DOCUME~1\Mike\LOCALS~1\Temp\PainterX.log
Corel Painter X-->MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link DFM-562IS HSFi PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_20D514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Easy CD-DA Extractor 9.1.1-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 9\irunin.xml"
Eye Candy 4000-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\EYECAN~1\INSTALL.LOG
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623-->"C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB940541)-->"C:\WINDOWS\$NtUninstallKB940541$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup\hpzscr01.exe" -datfile hposcr05.dat
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Internet Audio Mix 1.25-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acoustica\Uninst.isu"
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Karen's Directory Printer-->C:\Program Files\Karen's Power Tools\Directory Printer\uninst.exe
KeepV Flash Converter-->"C:\Program Files\KeepV Converter\unins000.exe"
LimeWire 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Student 2007 for Learning Essentials-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft Student with Encarta Premium 2007-->MsiExec.exe /I{07041881-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3 To Wave Converter-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acoustica\Mp3 To Wave Converter\Uninst.isu"
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PDF Image Extraction Wizard 1.0-->"C:\Program Files\PDF Image Extraction Wizard 1.0\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Print Artist 2003-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra\Print Artist 2003\HiUninst.isu" -c"C:\Program Files\Sierra\Print Artist 2003\Uninstpa.DLL"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Real Alternative 1.52-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Red Alert 2 DeeZire-->C:\Westwood\RA2\Uninstal.exe
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Serials 2000-->"C:\Program Files\Serials 2000\uninst-s2k.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SimCity 2000® Special Edition-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
Sonic Foundry MPEG 3 plugin-->C:\PROGRA~1\SONICF~1\UNWISE.EXE C:\PROGRA~1\SONICF~1\COMMP3.LOG
Sonic Foundry Noise Reduction DX v2.0-->C:\WINDOWS\UNWISE.EXE C:\audio\SONICF~1\NoiseDX\INSTALL.LOG
Sound Forge v4.5e final (329)-->C:\WINDOWS\UNWISE.EXE C:\audio\SOUNDF~1\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STHSDVD-->C:\STHVCD55\UNISTDVD.EXE
Teleport Pro-->"C:\Program Files\Teleport Pro\Remove.exe" /U:"C:\Program Files\Teleport Pro\Remove.log"
Total Recorder 6.0-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Total Video Converter 3.01-->"C:\Program Files\Total Video Converter\unins000.exe"
Tribal 1.6-->C:\Program Files\Tribal\uninst.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VistaMizer 2.2.1.0-->C:\WINDOWS\VistaMizer\Uninstall.exe
Visual Task Tips 2.3-->C:\Program Files\VisualTaskTips\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XCC Utilities 1.46-->"C:\Program Files\XCC\Utilities\Uninstall.exe"
xp-AntiSpy 3.96-8-->C:\Program Files\xp-AntiSpy\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG Anti-Virus Free (disabled)
AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip

-----------------EOF-----------------

=====================================================================

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mike at 2008-11-24 21:39:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (5%) free of 35 GB
Total RAM: 503 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:21, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF09D71-3F21-40C4-B1F4-5749D1C17E94}: NameServer = 58.69.254.133,58.69.254.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 6961 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\shutdown.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2007-04-15 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-22 266497]
"DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2007-07-04 45056]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-11-06 3810544]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2008-08-20 267056]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A6918r]
C:\WINDOWS\j6429422.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer]
C:\Program Files\DivX\Google\Firefox\ffinstaller.exe [2006-07-11 76186]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2343093]
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-05-12 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
C:\WINDOWS\system32\WService.EXE [2005-11-22 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y1464Mik]
C:\WINDOWS\system32\n4827\sv71927030r.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^a vista sidebar enterprise version Fade skin.lnk]
E:\Torrents\VISTAS~2\Setup\Setup.exe [2006-09-26 4848640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^AWC.lnk]
C:\PROGRA~1\AWC\AWC.exe [2007-11-01 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Sidebar.lnk]
C:\DOCUME~1\Mike\Desktop\LONGHO~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
C:\PROGRA~1\THOOSJ~1.3\THOOSJ~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-24 462848]

C:\Documents and Settings\Mike\Start Menu\Programs\Startup
Blaero Start Orb.lnk - C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Mike\Interest\Installers\utorrent_1.3.exe"="E:\Mike\Interest\Installers\utorrent_1.3.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\utorrent_1.3.exe"="E:\utorrent_1.3.exe:*:Enabled:µTorrent"
"F:\StubInstaller.exe"="F:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Westwood\RA2\GAME.EXE"="C:\Westwood\RA2\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\autorun.exe
shell\readit\command - notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
shell\Open\command - E:\resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9a96de-a778-11db-9910-00173195fbd4}]
shell\Auto\command - infrom.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fda6df-e265-11db-99a2-00173195fbd4}]
shell\Auto\command - infrom.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8de25949-9e30-11dc-9b83-00173195fbd4}]
shell\AutoRun\command - F:\jay.exe
shell\explore\command - F:\jay.exe
shell\open\command - F:\jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c36eec2-ba0c-11db-993b-00173195fbd4}]
shell\AutoRun\command - F:\
shell\explore\command - WScript.exe .\autorun.vbs
shell\open\command - WScript.exe .\autorun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4300d84-721f-11dc-9b21-00173195fbd4}]
shell\AutoRun\command - New Folder.exe


======List of files/folders created in the last 1 months======

2008-11-24 21:39:15 ----D---- C:\rsit
2008-11-24 21:38:30 ----A---- C:\RSIT.exe
2008-11-21 00:49:54 ----D---- C:\Program Files\Nokia
2008-11-21 00:03:22 ----D---- C:\Program Files\Common Files\Nokia
2008-11-19 00:50:07 ----A---- C:\WindowsMedia-KB911564-x86-ENU.exe
2008-11-19 00:50:01 ----A---- C:\WindowsMedia9-KB837272-ENU.exe
2008-11-19 00:44:44 ----A---- C:\WindowsMedia-Q828026-x86-ESN.exe
2008-11-18 19:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-16 20:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-16 13:51:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-16 13:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 02:13:06 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-11-16 02:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-16 02:12:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 01:53:40 ----D---- C:\Program Files\Trend Micro
2008-11-15 23:34:25 ----A---- C:\TEMSSetup-x32.exe
2008-11-15 00:30:16 ----A---- C:\Nokia_PC_Suite_rel_7_0_9_2_eng_us_web.exe
2008-11-15 00:14:56 ----A---- C:\WINDOWS\imsins.BAK
2008-11-15 00:14:47 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-11-15 00:14:38 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-11-13 03:36:25 ----A---- C:\transformers communique 7.txt
2008-11-13 03:31:34 ----A---- C:\transformers communique 6.txt
2008-11-13 03:21:39 ----A---- C:\transformers communique 5.txt
2008-11-13 03:14:40 ----A---- C:\transformers communique 4.txt
2008-11-13 03:11:06 ----A---- C:\transformers communique 3.txt
2008-11-13 03:10:42 ----A---- C:\transformers communique.txt
2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-13 01:12:21 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-13 01:12:20 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-13 00:20:45 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-12 23:13:46 ----D---- C:\Documents and Settings\Mike\Application Data\WinRAR
2008-11-12 22:58:26 ----D---- C:\WINDOWS\ERUNT
2008-11-12 22:54:30 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-12 22:43:54 ----D---- C:\Program Files\CCleaner
2008-11-06 06:12:04 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-11-05 23:09:57 ----D---- C:\Program Files\DIFX
2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2008-11-05 23:09:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-05 23:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2008-11-05 21:30:52 ----A---- C:\Nokia_PC_Suite_BETA_7_1_14_0_eng.exe
2008-10-28 18:18:26 ----A---- C:\Dave's Nattering - Grandparent Gifts.txt
2008-10-25 13:53:45 ----A---- C:\XCC_Utilities.exe

======List of files/folders modified in the last 1 months======

2008-11-24 21:39:07 ----D---- C:\Documents and Settings\Mike\Application Data\uTorrent
2008-11-24 21:36:45 ----D---- C:\WINDOWS\Temp
2008-11-24 21:14:46 ----D---- C:\WINDOWS\Prefetch
2008-11-24 19:17:46 ----D---- C:\Program Files\Mozilla Firefox
2008-11-24 07:00:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 10:51:08 ----D---- C:\WINDOWS
2008-11-23 00:27:33 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-22 22:22:26 ----D---- C:\Torrents
2008-11-22 15:06:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-21 06:07:23 ----HD---- C:\Config.Msi
2008-11-21 01:52:57 ----SHD---- C:\WINDOWS\Installer
2008-11-21 01:52:49 ----D---- C:\Program Files\Common Files
2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32\drivers
2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32
2008-11-21 01:27:04 ----HD---- C:\WINDOWS\inf
2008-11-21 00:49:54 ----RD---- C:\Program Files
2008-11-21 00:33:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-21 00:04:27 ----D---- C:\WINDOWS\WinSxS
2008-11-21 00:02:05 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-21 00:00:28 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-19 00:51:24 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-16 20:46:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-16 20:39:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 02:21:57 ----SHD---- C:\RECYCLER
2008-11-16 01:14:49 ----SHD---- C:\System Volume Information
2008-11-16 00:22:15 ----D---- C:\WINDOWS\Debug
2008-11-12 22:49:28 ----D---- C:\WINDOWS\Minidump
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-29 01:07:07 ----D---- C:\Program Files\ACDSee32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-28 1036928]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-28 219136]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-28 702592]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-15 21744]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-17 10368]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-12 15370]
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-04 11090]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-18 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

=========================================================================

current Malwarebytes log for this computer:

Malwarebytes' Anti-Malware 1.30
Database version: 1415
Windows 5.1.2600 Service Pack 2

11/24/2008 9:37:41 PM
mbam-log-2008-11-24 (21-37-41).txt

Scan type: Quick Scan
Objects scanned: 53505
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 24 November 2008 - 12:30 PM

I do see some additional issues in your log that need to be addressed.

First you have two antivirus programs installed. This can cause serious problems. Please uninstall either AVG or Avira so that you are only running one.



Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
F:\jay.exe
C:\WINDOWS\system32\infrom.exe
E:\resycled

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9a96de-a778-11db-9910-00173195fbd4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fda6df-e265-11db-99a2-00173195fbd4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8de25949-9e30-11dc-9b83-00173195fbd4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c36eec2-ba0c-11db-993b-00173195fbd4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4300d84-721f-11dc-9b21-00173195fbd4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y1464Mik]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A6918r]

:Commands
[EmptyTemp]
[Reboot]


  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



=================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also please post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 User is offline   darkheart 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 15-November 08

Posted 25 November 2008 - 09:48 AM

========== FILES ==========
File/Folder F:\jay.exe not found.
File/Folder C:\WINDOWS\system32\infrom.exe not found.
File/Folder E:\resycled not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9a96de-a778-11db-9910-00173195fbd4}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fda6df-e265-11db-99a2-00173195fbd4}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8de25949-9e30-11dc-9b83-00173195fbd4}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c36eec2-ba0c-11db-993b-00173195fbd4}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4300d84-721f-11dc-9b21-00173195fbd4}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y1464Mik\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A6918r\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\Acr2C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\etilqs_atzCIPQdN3RE13dVPNec scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\Perflib_Perfdata_830.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\V9M119R1981.pdf scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_222952

Files moved on Reboot...
File C:\DOCUME~1\Mike\LOCALS~1\Temp\Acr2C.tmp not found!
File C:\DOCUME~1\Mike\LOCALS~1\Temp\etilqs_atzCIPQdN3RE13dVPNec not found!
File C:\DOCUME~1\Mike\LOCALS~1\Temp\Perflib_Perfdata_830.dat not found!
C:\DOCUME~1\Mike\LOCALS~1\Temp\V9M119R1981.pdf moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\XUL.mfl moved successfully.


=================

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mike at 2008-11-25 22:46:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (3%) free of 35 GB
Total RAM: 503 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:52, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF09D71-3F21-40C4-B1F4-5749D1C17E94}: NameServer = 58.69.254.133,58.69.254.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 6969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\shutdown.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2007-04-15 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-22 266497]
"DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2007-07-04 45056]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-11-06 3810544]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2008-08-20 267056]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer]
C:\Program Files\DivX\Google\Firefox\ffinstaller.exe [2006-07-11 76186]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2343093]
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-05-12 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
C:\WINDOWS\system32\WService.EXE [2005-11-22 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^a vista sidebar enterprise version Fade skin.lnk]
E:\Torrents\VISTAS~2\Setup\Setup.exe [2006-09-26 4848640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^AWC.lnk]
C:\PROGRA~1\AWC\AWC.exe [2007-11-01 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Sidebar.lnk]
C:\DOCUME~1\Mike\Desktop\LONGHO~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
C:\PROGRA~1\THOOSJ~1.3\THOOSJ~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-24 462848]

C:\Documents and Settings\Mike\Start Menu\Programs\Startup
Blaero Start Orb.lnk - C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Mike\Interest\Installers\utorrent_1.3.exe"="E:\Mike\Interest\Installers\utorrent_1.3.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\utorrent_1.3.exe"="E:\utorrent_1.3.exe:*:Enabled:µTorrent"
"F:\StubInstaller.exe"="F:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Westwood\RA2\GAME.EXE"="C:\Westwood\RA2\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\autorun.exe
shell\readit\command - notepad readme.doc


======List of files/folders created in the last 1 months======

2008-11-25 22:29:52 ----D---- C:\_OTMoveIt
2008-11-25 22:27:52 ----A---- C:\OTMoveIt3.exe
2008-11-24 21:39:15 ----D---- C:\rsit
2008-11-24 21:38:30 ----A---- C:\RSIT.exe
2008-11-21 00:49:54 ----D---- C:\Program Files\Nokia
2008-11-21 00:03:22 ----D---- C:\Program Files\Common Files\Nokia
2008-11-19 00:50:07 ----A---- C:\WindowsMedia-KB911564-x86-ENU.exe
2008-11-19 00:50:01 ----A---- C:\WindowsMedia9-KB837272-ENU.exe
2008-11-19 00:44:44 ----A---- C:\WindowsMedia-Q828026-x86-ESN.exe
2008-11-18 19:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-16 20:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-16 13:51:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-16 13:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 02:13:06 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-11-16 02:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-16 02:12:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 01:53:40 ----D---- C:\Program Files\Trend Micro
2008-11-15 23:34:25 ----A---- C:\TEMSSetup-x32.exe
2008-11-15 00:30:16 ----A---- C:\Nokia_PC_Suite_rel_7_0_9_2_eng_us_web.exe
2008-11-15 00:14:56 ----A---- C:\WINDOWS\imsins.BAK
2008-11-15 00:14:47 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-11-15 00:14:38 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-11-13 03:36:25 ----A---- C:\transformers communique 7.txt
2008-11-13 03:31:34 ----A---- C:\transformers communique 6.txt
2008-11-13 03:21:39 ----A---- C:\transformers communique 5.txt
2008-11-13 03:14:40 ----A---- C:\transformers communique 4.txt
2008-11-13 03:11:06 ----A---- C:\transformers communique 3.txt
2008-11-13 03:10:42 ----A---- C:\transformers communique.txt
2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-13 01:12:21 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-13 01:12:20 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-13 00:20:45 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-12 23:13:46 ----D---- C:\Documents and Settings\Mike\Application Data\WinRAR
2008-11-12 22:58:26 ----D---- C:\WINDOWS\ERUNT
2008-11-12 22:54:30 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-12 22:43:54 ----D---- C:\Program Files\CCleaner
2008-11-06 06:12:04 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-11-05 23:09:57 ----D---- C:\Program Files\DIFX
2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2008-11-05 23:09:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-05 23:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2008-11-05 21:30:52 ----A---- C:\Nokia_PC_Suite_BETA_7_1_14_0_eng.exe
2008-10-28 18:18:26 ----A---- C:\Dave's Nattering - Grandparent Gifts.txt
2008-10-25 13:53:45 ----A---- C:\XCC_Utilities.exe

======List of files/folders modified in the last 1 months======

2008-11-25 22:46:51 ----D---- C:\Documents and Settings\Mike\Application Data\uTorrent
2008-11-25 22:36:45 ----D---- C:\Program Files\Mozilla Firefox
2008-11-25 22:35:51 ----D---- C:\WINDOWS\Temp
2008-11-25 22:32:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 20:56:24 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-25 01:24:12 ----A---- C:\WINDOWS\FORGE32.ini
2008-11-25 01:20:41 ----D---- C:\Program Files\Easy CD-DA Extractor 9
2008-11-24 23:22:42 ----D---- C:\WINDOWS\Prefetch
2008-11-24 22:00:15 ----D---- C:\Torrents
2008-11-23 10:51:08 ----D---- C:\WINDOWS
2008-11-23 00:27:33 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-21 06:07:23 ----HD---- C:\Config.Msi
2008-11-21 01:52:57 ----SHD---- C:\WINDOWS\Installer
2008-11-21 01:52:49 ----D---- C:\Program Files\Common Files
2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32\drivers
2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32
2008-11-21 01:27:04 ----HD---- C:\WINDOWS\inf
2008-11-21 00:49:54 ----RD---- C:\Program Files
2008-11-21 00:33:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-21 00:04:27 ----D---- C:\WINDOWS\WinSxS
2008-11-21 00:02:05 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-21 00:00:28 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-19 00:51:24 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-16 20:46:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-16 20:39:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 02:21:57 ----SHD---- C:\RECYCLER
2008-11-16 01:14:49 ----SHD---- C:\System Volume Information
2008-11-16 00:22:15 ----D---- C:\WINDOWS\Debug
2008-11-12 22:49:28 ----D---- C:\WINDOWS\Minidump
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-29 01:07:07 ----D---- C:\Program Files\ACDSee32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-28 1036928]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-28 219136]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-28 702592]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-15 21744]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-17 10368]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-12 15370]
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-04 11090]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-18 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

This post has been edited by darkheart: 25 November 2008 - 09:49 AM

#6 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 25 November 2008 - 01:52 PM

How about the Kaspersky scan? Have you had a chance to run it yet?

You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 User is offline   darkheart 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 15-November 08

Posted 03 December 2008 - 09:27 AM

hi there, sorry for the delay.

Java update installed.

Ran Kaspersky on "Critical Areas", no adverse results; will try again on "My Computer".

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 02, 2008 07:27:47
Records in database: 1431269
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Mike\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics
Files scanned 51996
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:42:08

No malware has been detected. The scan area is clean.
The selected area was scanned.

#8 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 03 December 2008 - 04:52 PM

Looks good. How is your computer behaving?

Please post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 User is offline   darkheart 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 15-November 08

Posted 08 December 2008 - 09:47 PM

so far so good... thanks for all the capable assistance!

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mike at 2008-12-09 10:43:35
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (3%) free of 35 GB
Total RAM: 503 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:54, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF09D71-3F21-40C4-B1F4-5749D1C17E94}: NameServer = 58.69.254.133,58.69.254.71
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 7865 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\shutdown.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2007-04-15 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-22 266497]
"DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2007-07-04 45056]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-03 110592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2008-08-20 267056]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer]
C:\Program Files\DivX\Google\Firefox\ffinstaller.exe [2006-07-11 76186]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2343093]
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-05-12 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
C:\WINDOWS\system32\WService.EXE [2005-11-22 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^a vista sidebar enterprise version Fade skin.lnk]
E:\Torrents\VISTAS~2\Setup\Setup.exe [2006-09-26 4848640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^AWC.lnk]
C:\PROGRA~1\AWC\AWC.exe [2007-11-01 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Sidebar.lnk]
C:\DOCUME~1\Mike\Desktop\LONGHO~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
C:\PROGRA~1\THOOSJ~1.3\THOOSJ~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-24 462848]

C:\Documents and Settings\Mike\Start Menu\Programs\Startup
Blaero Start Orb.lnk - C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Mike\Interest\Installers\utorrent_1.3.exe"="E:\Mike\Interest\Installers\utorrent_1.3.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\utorrent_1.3.exe"="E:\utorrent_1.3.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\autorun.exe
shell\readit\command - notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab37f6ac-abc0-11dd-bb7d-00173195fbd4}]
shell\AutoRun\command - D:\autorun.exe
shell\readit\command - notepad readme.doc


======List of files/folders created in the last 1 months======

2008-12-01 12:31:39 ----D---- C:\Program Files\Oxygen Software
2008-12-01 11:59:05 ----D---- C:\Program Files\PC Connectivity Solution
2008-12-01 02:47:11 ----D---- C:\Program Files\MOBILedit! Forensic
2008-12-01 02:13:45 ----A---- C:\MOBILedit!Forensic.exe
2008-11-28 23:37:25 ----D---- C:\Program Files\MOBILedit!
2008-11-28 22:17:24 ----A---- C:\MOBILedit!.exe
2008-11-28 17:38:37 ----A---- C:\en202-researchquestions.txt
2008-11-26 22:20:31 ----A---- C:\WINDOWS\BsMobileModel.ini
2008-11-26 22:16:30 ----D---- C:\WINDOWS\system32\ivtMobCache
2008-11-26 22:16:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-26 21:22:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-26 21:22:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-26 21:22:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-26 21:22:57 ----A---- C:\WINDOWS\system32\java.exe
2008-11-26 21:05:44 ----A---- C:\jre-6u10-windows-i586-p.exe
2008-11-26 20:46:27 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-11-26 20:43:59 ----D---- C:\Program Files\IVT Corporation
2008-11-26 07:03:32 ----D---- C:\WINNT
2008-11-25 23:45:16 ----D---- C:\Documents and Settings\Mike\Application Data\PC Suite
2008-11-25 23:45:05 ----D---- C:\Documents and Settings\Mike\Application Data\Nokia
2008-11-25 23:35:19 ----A---- C:\WINDOWS\NokiaContentCopier.INI
2008-11-25 23:16:19 ----A---- C:\WINDOWS\system32\irmon.dll
2008-11-25 23:16:18 ----A---- C:\WINDOWS\system32\wshirda.dll
2008-11-25 23:16:18 ----A---- C:\WINDOWS\system32\irftp.exe
2008-11-25 22:29:52 ----D---- C:\_OTMoveIt
2008-11-25 22:27:52 ----A---- C:\OTMoveIt3.exe
2008-11-24 21:39:15 ----D---- C:\rsit
2008-11-24 21:38:30 ----A---- C:\RSIT.exe
2008-11-21 00:49:54 ----D---- C:\Program Files\Nokia
2008-11-21 00:03:22 ----D---- C:\Program Files\Common Files\Nokia
2008-11-19 00:50:07 ----A---- C:\WindowsMedia-KB911564-x86-ENU.exe
2008-11-19 00:50:01 ----A---- C:\WindowsMedia9-KB837272-ENU.exe
2008-11-19 00:44:44 ----A---- C:\WindowsMedia-Q828026-x86-ESN.exe
2008-11-18 19:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-16 20:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-16 13:51:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-16 13:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 02:13:06 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-11-16 02:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-16 02:12:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 01:53:40 ----D---- C:\Program Files\Trend Micro
2008-11-15 23:34:25 ----A---- C:\TEMSSetup-x32.exe
2008-11-15 00:30:16 ----A---- C:\Nokia_PC_Suite_rel_7_0_9_2_eng_us_web.exe
2008-11-15 00:14:56 ----A---- C:\WINDOWS\imsins.BAK
2008-11-15 00:14:47 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-11-15 00:14:38 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-11-13 03:36:25 ----A---- C:\transformers communique 7.txt
2008-11-13 03:31:34 ----A---- C:\transformers communique 6.txt
2008-11-13 03:21:39 ----A---- C:\transformers communique 5.txt
2008-11-13 03:14:40 ----A---- C:\transformers communique 4.txt
2008-11-13 03:11:06 ----A---- C:\transformers communique 3.txt
2008-11-13 03:10:42 ----A---- C:\transformers communique.txt
2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-13 01:12:21 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-13 01:12:20 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-13 00:20:45 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-12 23:13:46 ----D---- C:\Documents and Settings\Mike\Application Data\WinRAR
2008-11-12 22:58:26 ----D---- C:\WINDOWS\ERUNT
2008-11-12 22:54:30 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-12 22:43:54 ----D---- C:\Program Files\CCleaner
2008-11-12 22:05:45 ----D---- C:\WINDOWS\ERDNT

======List of files/folders modified in the last 1 months======

2008-12-09 10:43:42 ----D---- C:\Documents and Settings\Mike\Application Data\uTorrent
2008-12-09 09:53:21 ----D---- C:\WINDOWS\Temp
2008-12-09 09:38:05 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 00:45:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 13:01:29 ----D---- C:\Torrents
2008-12-07 11:39:08 ----D---- C:\WINDOWS\Prefetch
2008-12-07 11:11:10 ----D---- C:\WINDOWS\system32\drivers
2008-12-07 00:04:34 ----D---- C:\WINDOWS
2008-12-06 22:44:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 21:10:53 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-04 17:56:59 ----D---- C:\WINDOWS\system32
2008-12-04 17:56:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-02 00:18:17 ----HD---- C:\Config.Msi
2008-12-01 13:02:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-01 13:01:05 ----SHD---- C:\WINDOWS\Installer
2008-12-01 13:00:48 ----RD---- C:\Program Files
2008-12-01 12:14:51 ----D---- C:\Program Files\Common Files
2008-12-01 12:14:49 ----HD---- C:\WINDOWS\inf
2008-12-01 12:14:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-01 12:01:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-01 11:57:11 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2008-12-01 00:06:00 ----D---- C:\WINDOWS\security
2008-11-29 06:33:02 ----D---- C:\WINDOWS\Minidump
2008-11-26 21:22:37 ----D---- C:\Program Files\Java
2008-11-25 01:24:12 ----A---- C:\WINDOWS\FORGE32.ini
2008-11-25 01:20:41 ----D---- C:\Program Files\Easy CD-DA Extractor 9
2008-11-21 00:04:27 ----D---- C:\WINDOWS\WinSxS
2008-11-21 00:02:05 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-21 00:00:28 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-19 00:51:24 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-16 20:39:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 02:21:57 ----SHD---- C:\RECYCLER
2008-11-16 01:14:49 ----SHD---- C:\System Volume Information
2008-11-16 00:22:15 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-28 1036928]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-28 219136]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-28 702592]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-03 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-15 21744]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-01-11 140080]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-17 10368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-12 15370]
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-04 11090]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-18 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

-----------------EOF-----------------

#10 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 09 December 2008 - 11:59 AM

Your log looks good to me! :)


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.




===================



It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt

      • Change the Download unsigned ActiveX controls to Disable

      • Change the Initialize and script ActiveX controls not marked as safe to Disable

      • Change the Installation of desktop items to Prompt

      • Change the Launching programs and files in an IFRAME to Prompt

      • Change the Navigate sub-frames across different domains to Prompt

      • When all these settings have been made, click on the OK button.

      • If it prompts you as to whether or not you want to save the settings, press the Yes button.

    • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources


  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls


  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware


  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 User is offline   darkheart 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 15-November 08

Posted 13 December 2008 - 06:19 AM

Many thanks, Buckeye Sam!

#12 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 13 December 2008 - 10:07 AM

I'm glad I could help you out! :thumbsup:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users