Trojan DNSChanger [usually 82.225.110.12]

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Trojan DNSChanger [usually 82.225.110.12], keeps coming back; i can't access microsoft updates

Options

darkheart View Member Profile	Nov 16 2008, 02:23 AM Post #1
New Member Group: Members Posts: 6 Joined: 15-November 08 Member No.: 256,879	i'm running windows XP sp2, and my computer is the third in a series of computers connected to a D-Link DI-604 router. sometime last week i stupidly, STUPIDLY ran a WMV file that asked for a codec to be installed, even more stupidly installed the codec, and here we are. since then i've been getting "popup.adv.net" popups from every site i go to, and my dns settings keep getting reset to 85.225.110.12 and i cannot download microsoft updates [can access all pages, but i get a "the page requested cannot be found" when i try and download]. i've since installed NoScript for Firefox 3.04 to keep the popup scripts from running. i also found a hidden "resycled" folder and its accompanying autorun.inf in each of my partitions and my flash disk, deleted them all. there was also a hidden "yahoo!" folder in my Documents and Settings Application Data folder before the Malwarebytes scan, but it's gone now. i don't know about the second computer linked to the router, but the main one does not seem to have the popups [even without the NoScript]. however, it cannot download microsoft updates either. ran Malwarebytes on it and it also found the DNSChanger trojan. i've run sdfix and smitfraudfix, both of which removed a DNSChanger trojan. Malwarebytes also removed it last night, and this morning, and this lunchtime, everytime i'd run it. but it keeps coming back. the logs posted are for my computer. ===================== MALWAREBYTES LOG AT TIME OF POSTING Malwarebytes' Anti-Malware 1.30 Database version: 1400 Windows 5.1.2600 Service Pack 2 11/16/2008 3:06:44 PM mbam-log-2008-11-16 (15-06-44).txt Scan type: Quick Scan Objects scanned: 52781 Time elapsed: 5 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4ff09d71-3f21-40c4-b1f4-5749d1c17e94}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4ff09d71-3f21-40c4-b1f4-5749d1c17e94}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4ff09d71-3f21-40c4-b1f4-5749d1c17e94}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ===================================== HIJACKTHIS LOG AT TIME OF POSTING Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:18:10, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\VistaDriveIcon\DrvIcon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 6861 bytes ================================ any assistance would be invaluable. thank you.

Buckeye_Sam View Member Profile	Nov 17 2008, 07:53 PM Post #2
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process. First, disconnect your router and connect your computer directly to your modem. Then run a quick scan with Malwarebytes and remove what it finds. Please post that log here. Reboot your computer. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #5 - Search and clean DNS Hijack by typing 5 and press "Enter"; a text file will appear. It may bring up a message that ways "Your computer may be victim of a DNS Hijack: 85.255.x.x" Do you want to set your network to dynamic - DHCP server? Click on "Yes" Reboot Please copy/paste the content of that report into your next reply. If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Please download random's system information tool (RSIT) and save it to your desktop. Double click on RSIT.exe to run it. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.** Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

darkheart View Member Profile	Nov 24 2008, 08:44 AM Post #3
New Member Group: Members Posts: 6 Joined: 15-November 08 Member No.: 256,879	hey there, i actually seem to have gotten rid of them already [had to run the programs and fiddle with the registry on the main pc to get the redirected DNS out] as well and haven't been bothered by the popup.adv.net popups since. RSIT logs: info.txt logfile of random's system information tool 1.04 2008-11-24 21:39:27 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent-->"C:\Program Files\uTorrent\uninstall.exe" 7-Zip 4.55 beta-->"C:\Program Files\7-Zip\Uninstall.exe" abrViewer.NET 1.0.1-->C:\Program Files\abrViewer.NET\uninst.exe ACDSee 32-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} Adobe InDesign CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe" Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Advanced Font Viewer 3.7-->"C:\Program Files\Advanced Font Viewer\unins000.exe" Alien Skin Eye Candy 5 Impact-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG Alien Skin Eye Candy 5 Textures-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\ALIENS~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\ALIENS~1\EYECAN~1\INSTALL.LOG Alien Skin Image Doctor 1.0-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\IMAGED~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\IMAGED~1\INSTALL.LOG AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AWC V3.0.7-->"C:\Program Files\AWC\unins000.exe" Bulk Image Downloader v1.38.0.3-->"C:\Program Files\Bulk Image Downloader\unins000.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Collectify-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EBB5550-C5F5-11D4-A4E2-009027F9612D}\Setup.exe" Combined Community Codec Pack 2007-02-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\DOCUME~1\Mike\LOCALS~1\Temp\PainterX.log Corel Painter X-->MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN D-Link DFM-562IS HSFi PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_20D514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" Easy CD-DA Extractor 9.1.1-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 9\irunin.xml" Eye Candy 4000-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\EYECAN~1\INSTALL.LOG FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623-->"C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows XP (KB940541)-->"C:\WINDOWS\$NtUninstallKB940541$\spuninst\spuninst.exe" HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup\hpzscr01.exe" -datfile hposcr05.dat Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Internet Audio Mix 1.25-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acoustica\Uninst.isu" J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} Karen's Directory Printer-->C:\Program Files\Karen's Power Tools\Directory Printer\uninst.exe KeepV Flash Converter-->"C:\Program Files\KeepV Converter\unins000.exe" LimeWire 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe" Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Student 2007 for Learning Essentials-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N Microsoft Student with Encarta Premium 2007-->MsiExec.exe /I{07041881-E9B4-4DF6-A845-CAAFD093E477} Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mp3 To Wave Converter-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acoustica\Mp3 To Wave Converter\Uninst.isu" MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Nokia Connectivity Cable Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5} PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9 PDF Image Extraction Wizard 1.0-->"C:\Program Files\PDF Image Extraction Wizard 1.0\unins000.exe" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Print Artist 2003-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra\Print Artist 2003\HiUninst.isu" -c"C:\Program Files\Sierra\Print Artist 2003\Uninstpa.DLL" Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} Real Alternative 1.52-->"C:\Program Files\Real Alternative\unins000.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Red Alert 2 DeeZire-->C:\Westwood\RA2\Uninstal.exe Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Serials 2000-->"C:\Program Files\Serials 2000\uninst-s2k.exe" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log SimCity 2000® Special Edition-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu" Sonic Foundry MPEG 3 plugin-->C:\PROGRA~1\SONICF~1\UNWISE.EXE C:\PROGRA~1\SONICF~1\COMMP3.LOG Sonic Foundry Noise Reduction DX v2.0-->C:\WINDOWS\UNWISE.EXE C:\audio\SONICF~1\NoiseDX\INSTALL.LOG Sound Forge v4.5e final (329)-->C:\WINDOWS\UNWISE.EXE C:\audio\SOUNDF~1\INSTALL.LOG Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" STHSDVD-->C:\STHVCD55\UNISTDVD.EXE Teleport Pro-->"C:\Program Files\Teleport Pro\Remove.exe" /U:"C:\Program Files\Teleport Pro\Remove.log" Total Recorder 6.0-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U Total Video Converter 3.01-->"C:\Program Files\Total Video Converter\unins000.exe" Tribal 1.6-->C:\Program Files\Tribal\uninst.exe Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" VistaMizer 2.2.1.0-->C:\WINDOWS\VistaMizer\Uninstall.exe Visual Task Tips 2.3-->C:\Program Files\VisualTaskTips\uninst.exe Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe XCC Utilities 1.46-->"C:\Program Files\XCC\Utilities\Uninstall.exe" xp-AntiSpy 3.96-8-->C:\Program Files\xp-AntiSpy\Uninstall.exe Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe ======Security center information====== AV: AVG Anti-Virus Free (disabled) AV: Avira AntiVir PersonalEdition ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0409 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip -----------------EOF----------------- ===================================================================== Logfile of random's system information tool 1.04 (written by random/random) Run by Mike at 2008-11-24 21:39:15 Microsoft Windows XP Professional Service Pack 2 System drive C: has 2 GB (5%) free of 35 GB Total RAM: 503 MB (21% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39:21, on 11/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\VistaDriveIcon\DrvIcon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Mike.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF09D71-3F21-40C4-B1F4-5749D1C17E94}: NameServer = 58.69.254.133,58.69.254.71 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 6961 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\shutdown.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2007-04-15 102400] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-22 266497] "DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2007-07-04 45056] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-11-06 3810544] "VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352] "uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2008-08-20 267056] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A6918r] C:\WINDOWS\j6429422.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer] C:\Program Files\DivX\Google\Firefox\ffinstaller.exe [2006-07-11 76186] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2343093] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-05-12 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService] C:\WINDOWS\system32\WService.EXE [2005-11-22 40960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y1464Mik] C:\WINDOWS\system32\n4827\sv71927030r.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^a vista sidebar enterprise version Fade skin.lnk] E:\Torrents\VISTAS~2\Setup\Setup.exe [2006-09-26 4848640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Adobe Gamma.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^AWC.lnk] C:\PROGRA~1\AWC\AWC.exe [2007-11-01 1261568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Sidebar.lnk] C:\DOCUME~1\Mike\Desktop\LONGHO~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk] C:\PROGRA~1\THOOSJ~1.3\THOOSJ~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WinFlip.lnk] C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-24 462848] C:\Documents and Settings\Mike\Start Menu\Programs\Startup Blaero Start Orb.lnk - C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "E:\Mike\Interest\Installers\utorrent_1.3.exe"="E:\Mike\Interest\Installers\utorrent_1.3.exe::Enabled:µTorrent" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server" "E:\utorrent_1.3.exe"="E:\utorrent_1.3.exe::Enabled:µTorrent" "F:\StubInstaller.exe"="F:\StubInstaller.exe::Disabled:LimeWire swarmed installer" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Mozilla Firefox" "C:\Westwood\RA2\GAME.EXE"="C:\Westwood\RA2\GAME.EXE::Enabled:Main executable for Red Alert 2" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe::Enabled:avginet.exe" "C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe::Enabled:avgcc.exe" "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe::Enabled:avgamsvr.exe" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe::Enabled:avgemc.exe" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\autorun.exe shell\readit\command - notepad readme.doc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e: shell\Open\command - E:\resycled\boot.com e: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9a96de-a778-11db-9910-00173195fbd4}] shell\Auto\command - infrom.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fda6df-e265-11db-99a2-00173195fbd4}] shell\Auto\command - infrom.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8de25949-9e30-11dc-9b83-00173195fbd4}] shell\AutoRun\command - F:\jay.exe shell\explore\command - F:\jay.exe shell\open\command - F:\jay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c36eec2-ba0c-11db-993b-00173195fbd4}] shell\AutoRun\command - F:\ shell\explore\command - WScript.exe .\autorun.vbs shell\open\command - WScript.exe .\autorun.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4300d84-721f-11dc-9b21-00173195fbd4}] shell\AutoRun\command - New Folder.exe ======List of files/folders created in the last 1 months====== 2008-11-24 21:39:15 ----D---- C:\rsit 2008-11-24 21:38:30 ----A---- C:\RSIT.exe 2008-11-21 00:49:54 ----D---- C:\Program Files\Nokia 2008-11-21 00:03:22 ----D---- C:\Program Files\Common Files\Nokia 2008-11-19 00:50:07 ----A---- C:\WindowsMedia-KB911564-x86-ENU.exe 2008-11-19 00:50:01 ----A---- C:\WindowsMedia9-KB837272-ENU.exe 2008-11-19 00:44:44 ----A---- C:\WindowsMedia-Q828026-x86-ESN.exe 2008-11-18 19:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-11-16 20:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-16 13:51:12 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-16 13:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-16 02:13:06 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes 2008-11-16 02:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-16 02:12:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-16 01:53:40 ----D---- C:\Program Files\Trend Micro 2008-11-15 23:34:25 ----A---- C:\TEMSSetup-x32.exe 2008-11-15 00:30:16 ----A---- C:\Nokia_PC_Suite_rel_7_0_9_2_eng_us_web.exe 2008-11-15 00:14:56 ----A---- C:\WINDOWS\imsins.BAK 2008-11-15 00:14:47 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll 2008-11-15 00:14:38 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$ 2008-11-13 03:36:25 ----A---- C:\transformers communique 7.txt 2008-11-13 03:31:34 ----A---- C:\transformers communique 6.txt 2008-11-13 03:21:39 ----A---- C:\transformers communique 5.txt 2008-11-13 03:14:40 ----A---- C:\transformers communique 4.txt 2008-11-13 03:11:06 ----A---- C:\transformers communique 3.txt 2008-11-13 03:10:42 ----A---- C:\transformers communique.txt 2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\o4Patch.exe 2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\IEDFix.C.exe 2008-11-13 01:12:21 ----A---- C:\WINDOWS\system32\SrchSTS.exe 2008-11-13 01:12:20 ----A---- C:\WINDOWS\system32\Process.exe 2008-11-13 00:20:45 ----A---- C:\WINDOWS\system32\tmp.txt 2008-11-12 23:13:46 ----D---- C:\Documents and Settings\Mike\Application Data\WinRAR 2008-11-12 22:58:26 ----D---- C:\WINDOWS\ERUNT 2008-11-12 22:54:30 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-12 22:43:54 ----D---- C:\Program Files\CCleaner 2008-11-06 06:12:04 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-11-05 23:09:57 ----D---- C:\Program Files\DIFX 2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll 2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll 2008-11-05 23:09:22 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-11-05 23:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2008-11-05 21:30:52 ----A---- C:\Nokia_PC_Suite_BETA_7_1_14_0_eng.exe 2008-10-28 18:18:26 ----A---- C:\Dave's Nattering - Grandparent Gifts.txt 2008-10-25 13:53:45 ----A---- C:\XCC_Utilities.exe ======List of files/folders modified in the last 1 months====== 2008-11-24 21:39:07 ----D---- C:\Documents and Settings\Mike\Application Data\uTorrent 2008-11-24 21:36:45 ----D---- C:\WINDOWS\Temp 2008-11-24 21:14:46 ----D---- C:\WINDOWS\Prefetch 2008-11-24 19:17:46 ----D---- C:\Program Files\Mozilla Firefox 2008-11-24 07:00:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-23 10:51:08 ----D---- C:\WINDOWS 2008-11-23 00:27:33 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-22 22:22:26 ----D---- C:\Torrents 2008-11-22 15:06:35 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-21 06:07:23 ----HD---- C:\Config.Msi 2008-11-21 01:52:57 ----SHD---- C:\WINDOWS\Installer 2008-11-21 01:52:49 ----D---- C:\Program Files\Common Files 2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32\drivers 2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32 2008-11-21 01:27:04 ----HD---- C:\WINDOWS\inf 2008-11-21 00:49:54 ----RD---- C:\Program Files 2008-11-21 00:33:20 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-21 00:04:27 ----D---- C:\WINDOWS\WinSxS 2008-11-21 00:02:05 ----D---- C:\WINDOWS\Downloaded Installations 2008-11-21 00:00:28 ----D---- C:\Program Files\Common Files\InstallShield 2008-11-19 00:51:24 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-16 20:46:36 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-16 20:39:20 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-16 02:21:57 ----SHD---- C:\RECYCLER 2008-11-16 01:14:49 ----SHD---- C:\System Volume Information 2008-11-16 00:22:15 ----D---- C:\WINDOWS\Debug 2008-11-12 22:49:28 ----D---- C:\WINDOWS\Minidump 2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-29 01:07:07 ----D---- C:\Program Files\ACDSee32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-28 1036928] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-28 219136] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-28 702592] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-15 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-15 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-15 21744] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [] S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-17 10368] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-12 15370] S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202] S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-04 11090] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-18 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- ========================================================================= current Malwarebytes log for this computer: Malwarebytes' Anti-Malware 1.30 Database version: 1415 Windows 5.1.2600 Service Pack 2 11/24/2008 9:37:41 PM mbam-log-2008-11-24 (21-37-41).txt Scan type: Quick Scan Objects scanned: 53505 Time elapsed: 9 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Buckeye_Sam View Member Profile	Nov 24 2008, 12:30 PM Post #4
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	I do see some additional issues in your log that need to be addressed. First you have two antivirus programs installed. This can cause serious problems. Please uninstall either AVG or Avira so that you are only running one. Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please click OTMoveIt3 and then click >> run. Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :files F:\jay.exe C:\WINDOWS\system32\infrom.exe E:\resycled :reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9a96de-a778-11db-9910-00173195fbd4}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fda6df-e265-11db-99a2-00173195fbd4}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8de25949-9e30-11dc-9b83-00173195fbd4}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c36eec2-ba0c-11db-993b-00173195fbd4}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4300d84-721f-11dc-9b21-00173195fbd4}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y1464Mik] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A6918r] :Commands [EmptyTemp] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. ================= Please do an online scan with Kaspersky WebScanner. Please visit the Kaspersky Online Scanner website. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. Also please post a new log from RSIT. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

darkheart View Member Profile	Nov 25 2008, 09:48 AM Post #5
New Member Group: Members Posts: 6 Joined: 15-November 08 Member No.: 256,879	========== FILES ========== File/Folder F:\jay.exe not found. File/Folder C:\WINDOWS\system32\infrom.exe not found. File/Folder E:\resycled not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9a96de-a778-11db-9910-00173195fbd4}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fda6df-e265-11db-99a2-00173195fbd4}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8de25949-9e30-11dc-9b83-00173195fbd4}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c36eec2-ba0c-11db-993b-00173195fbd4}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4300d84-721f-11dc-9b21-00173195fbd4}\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y1464Mik\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A6918r\\ deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\Acr2C.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\etilqs_atzCIPQdN3RE13dVPNec scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\Perflib_Perfdata_830.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\V9M119R1981.pdf scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_222952 Files moved on Reboot... File C:\DOCUME~1\Mike\LOCALS~1\Temp\Acr2C.tmp not found! File C:\DOCUME~1\Mike\LOCALS~1\Temp\etilqs_atzCIPQdN3RE13dVPNec not found! File C:\DOCUME~1\Mike\LOCALS~1\Temp\Perflib_Perfdata_830.dat not found! C:\DOCUME~1\Mike\LOCALS~1\Temp\V9M119R1981.pdf moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9r3clkk.default\XUL.mfl moved successfully. ================= Logfile of random's system information tool 1.04 (written by random/random) Run by Mike at 2008-11-25 22:46:51 Microsoft Windows XP Professional Service Pack 2 System drive C: has 1 GB (3%) free of 35 GB Total RAM: 503 MB (15% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:46:52, on 11/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\VistaDriveIcon\DrvIcon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Mike.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF09D71-3F21-40C4-B1F4-5749D1C17E94}: NameServer = 58.69.254.133,58.69.254.71 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 6969 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\shutdown.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2007-04-15 102400] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-22 266497] "DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2007-07-04 45056] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-11-06 3810544] "VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352] "uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2008-08-20 267056] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer] C:\Program Files\DivX\Google\Firefox\ffinstaller.exe [2006-07-11 76186] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2343093] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-05-12 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService] C:\WINDOWS\system32\WService.EXE [2005-11-22 40960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^a vista sidebar enterprise version Fade skin.lnk] E:\Torrents\VISTAS~2\Setup\Setup.exe [2006-09-26 4848640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Adobe Gamma.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^AWC.lnk] C:\PROGRA~1\AWC\AWC.exe [2007-11-01 1261568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Sidebar.lnk] C:\DOCUME~1\Mike\Desktop\LONGHO~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk] C:\PROGRA~1\THOOSJ~1.3\THOOSJ~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WinFlip.lnk] C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-24 462848] C:\Documents and Settings\Mike\Start Menu\Programs\Startup Blaero Start Orb.lnk - C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "E:\Mike\Interest\Installers\utorrent_1.3.exe"="E:\Mike\Interest\Installers\utorrent_1.3.exe::Enabled:µTorrent" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server" "E:\utorrent_1.3.exe"="E:\utorrent_1.3.exe::Enabled:µTorrent" "F:\StubInstaller.exe"="F:\StubInstaller.exe::Disabled:LimeWire swarmed installer" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Mozilla Firefox" "C:\Westwood\RA2\GAME.EXE"="C:\Westwood\RA2\GAME.EXE::Enabled:Main executable for Red Alert 2" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe::Enabled:avginet.exe" "C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe::Enabled:avgcc.exe" "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe::Enabled:avgamsvr.exe" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe::Enabled:avgemc.exe" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\autorun.exe shell\readit\command - notepad readme.doc ======List of files/folders created in the last 1 months====== 2008-11-25 22:29:52 ----D---- C:\_OTMoveIt 2008-11-25 22:27:52 ----A---- C:\OTMoveIt3.exe 2008-11-24 21:39:15 ----D---- C:\rsit 2008-11-24 21:38:30 ----A---- C:\RSIT.exe 2008-11-21 00:49:54 ----D---- C:\Program Files\Nokia 2008-11-21 00:03:22 ----D---- C:\Program Files\Common Files\Nokia 2008-11-19 00:50:07 ----A---- C:\WindowsMedia-KB911564-x86-ENU.exe 2008-11-19 00:50:01 ----A---- C:\WindowsMedia9-KB837272-ENU.exe 2008-11-19 00:44:44 ----A---- C:\WindowsMedia-Q828026-x86-ESN.exe 2008-11-18 19:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-11-16 20:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-16 13:51:12 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-16 13:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-16 02:13:06 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes 2008-11-16 02:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-16 02:12:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-16 01:53:40 ----D---- C:\Program Files\Trend Micro 2008-11-15 23:34:25 ----A---- C:\TEMSSetup-x32.exe 2008-11-15 00:30:16 ----A---- C:\Nokia_PC_Suite_rel_7_0_9_2_eng_us_web.exe 2008-11-15 00:14:56 ----A---- C:\WINDOWS\imsins.BAK 2008-11-15 00:14:47 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll 2008-11-15 00:14:38 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$ 2008-11-13 03:36:25 ----A---- C:\transformers communique 7.txt 2008-11-13 03:31:34 ----A---- C:\transformers communique 6.txt 2008-11-13 03:21:39 ----A---- C:\transformers communique 5.txt 2008-11-13 03:14:40 ----A---- C:\transformers communique 4.txt 2008-11-13 03:11:06 ----A---- C:\transformers communique 3.txt 2008-11-13 03:10:42 ----A---- C:\transformers communique.txt 2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\o4Patch.exe 2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\IEDFix.C.exe 2008-11-13 01:12:21 ----A---- C:\WINDOWS\system32\SrchSTS.exe 2008-11-13 01:12:20 ----A---- C:\WINDOWS\system32\Process.exe 2008-11-13 00:20:45 ----A---- C:\WINDOWS\system32\tmp.txt 2008-11-12 23:13:46 ----D---- C:\Documents and Settings\Mike\Application Data\WinRAR 2008-11-12 22:58:26 ----D---- C:\WINDOWS\ERUNT 2008-11-12 22:54:30 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-12 22:43:54 ----D---- C:\Program Files\CCleaner 2008-11-06 06:12:04 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-11-05 23:09:57 ----D---- C:\Program Files\DIFX 2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll 2008-11-05 23:09:23 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll 2008-11-05 23:09:22 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-11-05 23:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2008-11-05 21:30:52 ----A---- C:\Nokia_PC_Suite_BETA_7_1_14_0_eng.exe 2008-10-28 18:18:26 ----A---- C:\Dave's Nattering - Grandparent Gifts.txt 2008-10-25 13:53:45 ----A---- C:\XCC_Utilities.exe ======List of files/folders modified in the last 1 months====== 2008-11-25 22:46:51 ----D---- C:\Documents and Settings\Mike\Application Data\uTorrent 2008-11-25 22:36:45 ----D---- C:\Program Files\Mozilla Firefox 2008-11-25 22:35:51 ----D---- C:\WINDOWS\Temp 2008-11-25 22:32:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-25 20:56:24 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-25 01:24:12 ----A---- C:\WINDOWS\FORGE32.ini 2008-11-25 01:20:41 ----D---- C:\Program Files\Easy CD-DA Extractor 9 2008-11-24 23:22:42 ----D---- C:\WINDOWS\Prefetch 2008-11-24 22:00:15 ----D---- C:\Torrents 2008-11-23 10:51:08 ----D---- C:\WINDOWS 2008-11-23 00:27:33 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-21 06:07:23 ----HD---- C:\Config.Msi 2008-11-21 01:52:57 ----SHD---- C:\WINDOWS\Installer 2008-11-21 01:52:49 ----D---- C:\Program Files\Common Files 2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32\drivers 2008-11-21 01:44:57 ----D---- C:\WINDOWS\system32 2008-11-21 01:27:04 ----HD---- C:\WINDOWS\inf 2008-11-21 00:49:54 ----RD---- C:\Program Files 2008-11-21 00:33:20 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-21 00:04:27 ----D---- C:\WINDOWS\WinSxS 2008-11-21 00:02:05 ----D---- C:\WINDOWS\Downloaded Installations 2008-11-21 00:00:28 ----D---- C:\Program Files\Common Files\InstallShield 2008-11-19 00:51:24 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-16 20:46:36 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-16 20:39:20 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-16 02:21:57 ----SHD---- C:\RECYCLER 2008-11-16 01:14:49 ----SHD---- C:\System Volume Information 2008-11-16 00:22:15 ----D---- C:\WINDOWS\Debug 2008-11-12 22:49:28 ----D---- C:\WINDOWS\Minidump 2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-29 01:07:07 ----D---- C:\Program Files\ACDSee32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-28 1036928] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-28 219136] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-28 702592] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-15 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-15 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-15 21744] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [] S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-17 10368] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-12 15370] S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202] S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-04 11090] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-18 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- This post has been edited by darkheart: Nov 25 2008, 09:49 AM

Buckeye_Sam View Member Profile	Nov 25 2008, 01:52 PM Post #6
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	How about the Kaspersky scan? Have you had a chance to run it yet? You are running an older version of Java. This can be a security risk so let's get you the latest version. Upgrading Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 10. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10". Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

darkheart View Member Profile	Dec 3 2008, 09:27 AM Post #7
New Member Group: Members Posts: 6 Joined: 15-November 08 Member No.: 256,879	hi there, sorry for the delay. Java update installed. Ran Kaspersky on "Critical Areas", no adverse results; will try again on "My Computer". KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, December 2, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, December 02, 2008 07:27:47 Records in database: 1431269 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area Critical Areas C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\Mike\Start Menu\Programs\Startup C:\Program Files C:\WINDOWS Scan statistics Files scanned 51996 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 01:42:08 No malware has been detected. The scan area is clean. The selected area was scanned.

Buckeye_Sam View Member Profile	Dec 3 2008, 04:52 PM Post #8
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Looks good. How is your computer behaving? Please post a new log from RSIT. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

darkheart View Member Profile	Dec 8 2008, 09:47 PM Post #9
New Member Group: Members Posts: 6 Joined: 15-November 08 Member No.: 256,879	so far so good... thanks for all the capable assistance! Logfile of random's system information tool 1.04 (written by random/random) Run by Mike at 2008-12-09 10:43:35 Microsoft Windows XP Professional Service Pack 2 System drive C: has 1 GB (3%) free of 35 GB Total RAM: 503 MB (14% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:54, on 12/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\VistaDriveIcon\DrvIcon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Mike.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF09D71-3F21-40C4-B1F4-5749D1C17E94}: NameServer = 58.69.254.133,58.69.254.71 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 7865 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\shutdown.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2007-04-15 102400] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-22 266497] "DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2007-07-04 45056] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] "BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-03 110592] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544] "VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352] "uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2008-08-20 267056] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer] C:\Program Files\DivX\Google\Firefox\ffinstaller.exe [2006-07-11 76186] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2343093] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE [2006-06-10 351000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-05-12 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService] C:\WINDOWS\system32\WService.EXE [2005-11-22 40960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-11-06 3810544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^a vista sidebar enterprise version Fade skin.lnk] E:\Torrents\VISTAS~2\Setup\Setup.exe [2006-09-26 4848640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Adobe Gamma.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^AWC.lnk] C:\PROGRA~1\AWC\AWC.exe [2007-11-01 1261568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Sidebar.lnk] C:\DOCUME~1\Mike\Desktop\LONGHO~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk] C:\PROGRA~1\THOOSJ~1.3\THOOSJ~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WinFlip.lnk] C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-24 462848] C:\Documents and Settings\Mike\Start Menu\Programs\Startup Blaero Start Orb.lnk - C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "E:\Mike\Interest\Installers\utorrent_1.3.exe"="E:\Mike\Interest\Installers\utorrent_1.3.exe::Enabled:µTorrent" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server" "E:\utorrent_1.3.exe"="E:\utorrent_1.3.exe::Enabled:µTorrent" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Mozilla Firefox" "C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe::Enabled:avginet.exe" "C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe::Enabled:avgcc.exe" "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe::Enabled:avgamsvr.exe" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe::Enabled:avgemc.exe" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe::Disabled:Java™ Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\autorun.exe shell\readit\command - notepad readme.doc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab37f6ac-abc0-11dd-bb7d-00173195fbd4}] shell\AutoRun\command - D:\autorun.exe shell\readit\command - notepad readme.doc ======List of files/folders created in the last 1 months====== 2008-12-01 12:31:39 ----D---- C:\Program Files\Oxygen Software 2008-12-01 11:59:05 ----D---- C:\Program Files\PC Connectivity Solution 2008-12-01 02:47:11 ----D---- C:\Program Files\MOBILedit! Forensic 2008-12-01 02:13:45 ----A---- C:\MOBILedit!Forensic.exe 2008-11-28 23:37:25 ----D---- C:\Program Files\MOBILedit! 2008-11-28 22:17:24 ----A---- C:\MOBILedit!.exe 2008-11-28 17:38:37 ----A---- C:\en202-researchquestions.txt 2008-11-26 22:20:31 ----A---- C:\WINDOWS\BsMobileModel.ini 2008-11-26 22:16:30 ----D---- C:\WINDOWS\system32\ivtMobCache 2008-11-26 22:16:10 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-11-26 21:22:58 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-26 21:22:57 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-26 21:22:57 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-26 21:22:57 ----A---- C:\WINDOWS\system32\java.exe 2008-11-26 21:05:44 ----A---- C:\jre-6u10-windows-i586-p.exe 2008-11-26 20:46:27 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-11-26 20:43:59 ----D---- C:\Program Files\IVT Corporation 2008-11-26 07:03:32 ----D---- C:\WINNT 2008-11-25 23:45:16 ----D---- C:\Documents and Settings\Mike\Application Data\PC Suite 2008-11-25 23:45:05 ----D---- C:\Documents and Settings\Mike\Application Data\Nokia 2008-11-25 23:35:19 ----A---- C:\WINDOWS\NokiaContentCopier.INI 2008-11-25 23:16:19 ----A---- C:\WINDOWS\system32\irmon.dll 2008-11-25 23:16:18 ----A---- C:\WINDOWS\system32\wshirda.dll 2008-11-25 23:16:18 ----A---- C:\WINDOWS\system32\irftp.exe 2008-11-25 22:29:52 ----D---- C:\_OTMoveIt 2008-11-25 22:27:52 ----A---- C:\OTMoveIt3.exe 2008-11-24 21:39:15 ----D---- C:\rsit 2008-11-24 21:38:30 ----A---- C:\RSIT.exe 2008-11-21 00:49:54 ----D---- C:\Program Files\Nokia 2008-11-21 00:03:22 ----D---- C:\Program Files\Common Files\Nokia 2008-11-19 00:50:07 ----A---- C:\WindowsMedia-KB911564-x86-ENU.exe 2008-11-19 00:50:01 ----A---- C:\WindowsMedia9-KB837272-ENU.exe 2008-11-19 00:44:44 ----A---- C:\WindowsMedia-Q828026-x86-ESN.exe 2008-11-18 19:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-11-16 20:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-16 13:51:12 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-16 13:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-16 02:13:06 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes 2008-11-16 02:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-16 02:12:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-16 01:53:40 ----D---- C:\Program Files\Trend Micro 2008-11-15 23:34:25 ----A---- C:\TEMSSetup-x32.exe 2008-11-15 00:30:16 ----A---- C:\Nokia_PC_Suite_rel_7_0_9_2_eng_us_web.exe 2008-11-15 00:14:56 ----A---- C:\WINDOWS\imsins.BAK 2008-11-15 00:14:47 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll 2008-11-15 00:14:38 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$ 2008-11-13 03:36:25 ----A---- C:\transformers communique 7.txt 2008-11-13 03:31:34 ----A---- C:\transformers communique 6.txt 2008-11-13 03:21:39 ----A---- C:\transformers communique 5.txt 2008-11-13 03:14:40 ----A---- C:\transformers communique 4.txt 2008-11-13 03:11:06 ----A---- C:\transformers communique 3.txt 2008-11-13 03:10:42 ----A---- C:\transformers communique.txt 2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\o4Patch.exe 2008-11-13 01:12:22 ----A---- C:\WINDOWS\system32\IEDFix.C.exe 2008-11-13 01:12:21 ----A---- C:\WINDOWS\system32\SrchSTS.exe 2008-11-13 01:12:20 ----A---- C:\WINDOWS\system32\Process.exe 2008-11-13 00:20:45 ----A---- C:\WINDOWS\system32\tmp.txt 2008-11-12 23:13:46 ----D---- C:\Documents and Settings\Mike\Application Data\WinRAR 2008-11-12 22:58:26 ----D---- C:\WINDOWS\ERUNT 2008-11-12 22:54:30 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-12 22:43:54 ----D---- C:\Program Files\CCleaner 2008-11-12 22:05:45 ----D---- C:\WINDOWS\ERDNT ======List of files/folders modified in the last 1 months====== 2008-12-09 10:43:42 ----D---- C:\Documents and Settings\Mike\Application Data\uTorrent 2008-12-09 09:53:21 ----D---- C:\WINDOWS\Temp 2008-12-09 09:38:05 ----D---- C:\Program Files\Mozilla Firefox 2008-12-09 00:45:28 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-07 13:01:29 ----D---- C:\Torrents 2008-12-07 11:39:08 ----D---- C:\WINDOWS\Prefetch 2008-12-07 11:11:10 ----D---- C:\WINDOWS\system32\drivers 2008-12-07 00:04:34 ----D---- C:\WINDOWS 2008-12-06 22:44:35 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-04 21:10:53 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-04 17:56:59 ----D---- C:\WINDOWS\system32 2008-12-04 17:56:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-02 00:18:17 ----HD---- C:\Config.Msi 2008-12-01 13:02:24 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-01 13:01:05 ----SHD---- C:\WINDOWS\Installer 2008-12-01 13:00:48 ----RD---- C:\Program Files 2008-12-01 12:14:51 ----D---- C:\Program Files\Common Files 2008-12-01 12:14:49 ----HD---- C:\WINDOWS\inf 2008-12-01 12:14:28 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-12-01 12:01:25 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-01 11:57:11 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2008-12-01 00:06:00 ----D---- C:\WINDOWS\security 2008-11-29 06:33:02 ----D---- C:\WINDOWS\Minidump 2008-11-26 21:22:37 ----D---- C:\Program Files\Java 2008-11-25 01:24:12 ----A---- C:\WINDOWS\FORGE32.ini 2008-11-25 01:20:41 ----D---- C:\Program Files\Easy CD-DA Extractor 9 2008-11-21 00:04:27 ----D---- C:\WINDOWS\WinSxS 2008-11-21 00:02:05 ----D---- C:\WINDOWS\Downloaded Installations 2008-11-21 00:00:28 ----D---- C:\Program Files\Common Files\InstallShield 2008-11-19 00:51:24 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-16 20:39:20 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-16 02:21:57 ----SHD---- C:\RECYCLER 2008-11-16 01:14:49 ----SHD---- C:\System Volume Information 2008-11-16 00:22:15 ----D---- C:\WINDOWS\Debug ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-28 1036928] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-28 219136] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-28 702592] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [] S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024] S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016] S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-03 274304] S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-15 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-15 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-15 21744] S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-01-11 140080] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-17 10368] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-12 15370] S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202] S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-04 11090] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-18 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] -----------------EOF-----------------

Buckeye_Sam View Member Profile	Dec 9 2008, 11:59 AM Post #10
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Your log looks good to me! Run an online scan at Secunia Online Software Inspector Click on the red button at the bottom of the screen that says Start Scanner. Follow the prompts to install the scanning software. Do not check the box for Enable thorough system inspection Click the Start button. The program will scan your system and identify insecure versions of software and missing security updates. Using the links provided in the scan, download and install any current and secure versions that are needed. =================== It's time to clean up. Make sure you have an Internet Connection. Double-click OTMoveIt3.exe to run it. Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so. Click Yes to begin the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. ================ Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned. You can find instructions on how to enable and reenable system restore here: Windows XP System Restore Guide Renable system restore with instructions from tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

darkheart View Member Profile	Dec 13 2008, 06:19 AM Post #11
New Member Group: Members Posts: 6 Joined: 15-November 08 Member No.: 256,879	Many thanks, Buckeye Sam!

Buckeye_Sam View Member Profile	Dec 13 2008, 10:07 AM Post #12
Malware Expert Group: HJT Team Posts: 13,563 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	I'm glad I could help you out! Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 07:28 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive