Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm Win32 Netbooster/ Worm.win32.netbooster


  • This topic is locked This topic is locked
16 replies to this topic

#1 orlymopy

orlymopy

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 14 September 2008 - 01:47 AM

i have tried like everything i can find on it. i can not get rid of worm win32 netbooster. i have tried manually removing and like 5 diff software. i get the pop up everything. i have gotten rid of the back ground though.
here is the ones i have tried.
http://answers.yahoo.com/question/index?qi...25024805AAHSixB
http://www.xp-vista.com/spyware-removal/wo...ions-netbooster
http://forums.cnet.com/5208-6132_102-0.htm...ssageID=2751614
i think there is one more but i cant remember.
my play menu and doc and settings are missing run all that on the start menu. also i can not see my drives. if i run safemode it is all normal only in the admin account. my account is the same as it is not in safe mode. my last chance is spyware doctor tonight other wise i dont know what to do.

my hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27: VIRUS ALERT!, on 9/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Documents and Settings\Boyz\Application Data\Adobe\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {14ff683a-65f5-11b8-d084-45148652006c} - {c6002568-4154-480d-8b11-5f56a386ff41} - C:\WINDOWS\system32\znslmu.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [2e7afc00] rundll32.exe "C:\WINDOWS\system32\xvbpowro.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\Boyz\Application Data\Adobe\Manager.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll spqqac.dll znslmu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: mgxfebsq - {D408468B-5BBB-469E-B88F-0327B132EAC2} - C:\WINDOWS\mgxfebsq.dll (file missing)
O21 - SSODL: dtseqrxk - {1F0E6F79-ECA3-41E5-9B33-B6B81384CFE7} - C:\WINDOWS\dtseqrxk.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10069 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 14 September 2008 - 01:43 PM

Hello. I'm Extremeboy and I will be helping you with your log.

I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, to track your topic. The topics you are tracking can be found here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.

i have tried like everything i can find on it. i can not get rid of worm win32 netbooster. i have tried manually removing and like 5 diff software. i get the pop up everything. i have gotten rid of the back ground though.
here is the ones i have tried.
http://answers.yahoo.com/question/index?qi...25024805AAHSixB
http://www.xp-vista.com/spyware-removal/wo...ions-netbooster
http://forums.cnet.com/5208-6132_102-0.htm...ssageID=2751614


Please do Not follow other instructions that was given to another user especially those involving tools as it can seriously damage your computer.


Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 orlymopy

orlymopy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 14 September 2008 - 06:12 PM

ok thanks for your help like i said i would be running a scan as a last ditch effort. i ran spyware doctor and i had i quarantine and all that and all seems to be normal my new hijackthis below. it all seems back to normal but if you see anything ells let me know. in the mean time i will not change anything except i have to do some school on word docs. thanks for your time and help. :thumbsup: also FYI i am a fairly advanced comp user i have done some programing and stuff so not much is to complicated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:40 PM, on 9/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\Boyz\Application Data\Adobe\Manager.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll spqqac.dll znslmu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: mgxfebsq - {D408468B-5BBB-469E-B88F-0327B132EAC2} - C:\WINDOWS\mgxfebsq.dll (file missing)
O21 - SSODL: dtseqrxk - {1F0E6F79-ECA3-41E5-9B33-B6B81384CFE7} - C:\WINDOWS\dtseqrxk.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 9581 bytes

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 16 September 2008 - 06:54 AM

Hi orlymopy and welcome to BleepingComputer :thumbsup:

Registry Cleaner Warning
The following is referring to Uniblue RegistryBooster 2009

Please be aware that Bleeping Computer staff do not recommend the usage of registry cleaners/tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System. This could include making your computer inoperatable.
  • These programs generally only delete "orphaned" or "dead" entries. This merely removes entries that point to files that no longer exist on your computer. Registry entries do not take up a significant amount of hardrive space. The program itself (and its own registry entries) likely occupy relatively more space.
  • The amount of improvement in performance you gain is minimal.
This is done, assuming that the major audience here at this board may be inexperienced users and thus a suggested safeguard from our side.
If you feel that your have sufficient knowledge to use such tools safely, then you are welcome to keep them.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Please follow the instructions for running Combofix from here
  • Please read the guide carefully and follow every instructions percisly and remeber to install the Recovery Console first.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It
    is a simple procedure that will only take a few moments of your time.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Close any open windows, including this one.
  • Drag the setup package onto ComboFix.exe and drop it.


    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click Yes to run the full ComboFix scan.

    Posted Image
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both
    log.txt (<<will be maximized)
    info.txt (<<will be minimized)
For your next reply please provide the following:
  • Combofix log
  • Fresh RSIT log <-Run this after everything else, so at the end.
Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 orlymopy

orlymopy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 20 September 2008 - 08:55 PM

Sorry have bean really busy. but here they are thanks for your help.

Logfile of random's system information tool 1.02 (written by random/random)
Run by Boyz at 2008-09-20 19:45:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (19%) free of 68 GB
Total RAM: 502 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:01 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Boyz\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Boyz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll spqqac.dll znslmu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 6979 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-28 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2004-06-24 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
C:\Program Files\NetDrive\netdrive.exe [2003-04-14 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2001-10-05 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
C:\PROGRA~1\Vongo\Tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll spqqac.dll znslmu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-09-13 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Boyz\Desktop\Skype.exe"="C:\Documents and Settings\Boyz\Desktop\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sierra\EE-AOC.exe"="C:\Program Files\Sierra\EE-AOC.exe:*:Enabled:EE-AOC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-20 19:45:24 ----D---- C:\rsit
2008-09-20 19:21:38 ----D---- C:\WINDOWS\temp
2008-09-20 19:21:26 ----A---- C:\ComboFix.txt
2008-09-19 12:00:52 ----A---- C:\Boot.bak
2008-09-19 12:00:40 ----D---- C:\cmdcons
2008-09-19 11:59:58 ----D---- C:\WINDOWS\erdnt
2008-09-19 11:59:40 ----D---- C:\QooBox
2008-09-19 11:59:39 ----A---- C:\WINDOWS\zip.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\VFind.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\SWSC.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\swreg.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\sed.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\grep.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\fdsv.exe
2008-09-19 11:59:38 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-19 11:59:34 ----D---- C:\ComboFix
2008-09-17 23:31:48 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-16 20:05:20 ----D---- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-09-16 19:45:17 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-16 19:43:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-14 00:21:28 ----D---- C:\Program Files\Trend Micro
2008-09-13 22:53:49 ----D---- C:\Program Files\Enigma Software Group
2008-09-13 22:52:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 22:52:21 ----D---- C:\Documents and Settings\Boyz\Application Data\PC Tools
2008-09-13 21:23:56 ----D---- C:\Program Files\RogueRemover FREE
2008-09-13 15:41:31 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-13 13:18:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-13 13:18:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-13 13:18:22 ----D---- C:\Documents and Settings\Boyz\Application Data\SUPERAntiSpyware.com
2008-09-13 09:25:46 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-13 09:06:38 ----A---- C:\WINDOWS\system32\spqqac.dll
2008-09-13 08:54:18 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-13 08:54:03 ----A---- C:\rapport.txt
2008-09-13 08:45:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-13 01:57:24 ----A---- C:\WINDOWS\system32\2559387e-.txt
2008-09-13 01:34:52 ----ASH---- C:\WINDOWS\system32\JkStDfhk.ini2
2008-09-13 00:51:14 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-13 00:51:00 ----D---- C:\Program Files\MSBuild
2008-09-13 00:50:46 ----D---- C:\Program Files\Reference Assemblies
2008-09-13 00:49:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-09-13 00:49:25 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-13 00:49:24 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-09-13 00:49:20 ----D---- C:\9ef05326cb020d6ab56f9d66b5bc78
2008-09-13 00:47:49 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-12 22:18:56 ----D---- C:\Documents and Settings\Boyz\Application Data\Uniblue
2008-09-12 22:18:16 ----D---- C:\Program Files\Uniblue
2008-09-12 20:56:37 ----D---- C:\Program Files\Nero
2008-09-12 16:13:58 ----A---- C:\WINDOWS\Irremote.ini
2008-09-11 18:57:11 ----D---- C:\WINDOWS\Ubisoft
2008-09-11 17:09:38 ----D---- C:\Documents and Settings\Boyz\Application Data\Nero
2008-09-11 17:05:17 ----D---- C:\Program Files\7-Zip
2008-09-11 17:04:13 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-09-11 17:00:22 ----D---- C:\Program Files\Common Files\Nero
2008-09-11 17:00:22 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 15:54:41 ----D---- C:\Documents and Settings\Boyz\Application Data\DivX
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-09-10 15:52:47 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-09-10 15:31:53 ----D---- C:\WINDOWS\system32\quicktime
2008-09-09 17:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 17:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 15:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 19:06:23 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-04 19:06:20 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-04 19:06:00 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-04 18:07:56 ----D---- C:\Program Files\Microsoft Games
2008-09-04 17:54:05 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-04 17:54:01 ----D---- C:\WINDOWS\Prefetch
2008-09-04 17:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-04 17:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-04 17:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-04 17:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-04 16:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-04 16:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-04 16:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-04 16:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-04 16:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-04 16:47:40 ----A---- C:\WINDOWS\setuplog.txt
2008-09-04 16:41:27 ----D---- C:\WINDOWS\system32\scripting
2008-09-04 16:41:23 ----D---- C:\WINDOWS\l2schemas
2008-09-04 16:41:19 ----D---- C:\WINDOWS\system32\en
2008-09-04 16:41:17 ----D---- C:\WINDOWS\system32\bits
2008-09-04 16:30:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-04 16:25:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-04 16:17:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-04 16:17:39 ----D---- C:\WINDOWS\EHome
2008-09-04 09:05:13 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-04 09:05:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-04 09:04:45 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-04 09:04:43 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\slrundll.exe
2008-09-04 09:04:38 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-04 09:04:34 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-04 09:04:30 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-04 09:04:28 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-04 09:04:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-04 09:04:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-04 09:04:18 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-04 09:04:11 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-04 09:04:02 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-04 09:03:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-04 09:03:16 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-04 09:03:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-04 09:02:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-04 09:02:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-04 09:02:37 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-04 09:02:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-04 09:01:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-04 09:01:51 ----A---- C:\WINDOWS\002817_.tmp
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-04 09:01:37 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-04 09:01:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-04 09:01:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-04 09:01:28 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-04 09:01:17 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-04 09:01:16 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-04 09:01:12 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-04 09:00:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 22:42:08 ----RHD---- C:\AHCache
2008-09-03 22:40:34 ----D---- C:\d9de28300db6f094a8dc
2008-09-03 21:44:46 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 21:42:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 17:05:00 ----D---- C:\Program Files\uTorrent
2008-09-03 17:04:53 ----D---- C:\Documents and Settings\Boyz\Application Data\uTorrent
2008-08-25 20:24:48 ----D---- C:\Documents and Settings\Boyz\Application Data\GarageGames
2008-08-24 18:21:50 ----D---- C:\Program Files\Common Files\EasyInfo

======List of files/folders modified in the last 1 months======

2008-09-20 19:42:02 ----D---- C:\Program Files\Mozilla Firefox
2008-09-20 19:21:40 ----D---- C:\WINDOWS\system32
2008-09-20 19:21:39 ----D---- C:\WINDOWS\system32\drivers
2008-09-20 19:21:38 ----D---- C:\WINDOWS
2008-09-20 19:20:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-20 19:14:09 ----D---- C:\WINDOWS\system32\ias
2008-09-20 19:13:56 ----A---- C:\WINDOWS\system.ini
2008-09-20 19:13:52 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-09-19 23:13:04 ----D---- C:\Program Files\Common Files
2008-09-19 23:08:12 ----D---- C:\WINDOWS\AppPatch
2008-09-19 17:35:57 ----D---- C:\Documents and Settings\Boyz\Application Data\Adobe
2008-09-19 12:00:53 ----RASH---- C:\boot.ini
2008-09-19 11:27:14 ----D---- C:\WINDOWS\Minidump
2008-09-19 10:44:05 ----HD---- C:\$AVG8.VAULT$
2008-09-18 00:18:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-18 00:10:08 ----HD---- C:\Config.Msi
2008-09-17 23:27:04 ----SHD---- C:\WINDOWS\Installer
2008-09-17 16:00:33 ----D---- C:\WINDOWS\WinSxS
2008-09-17 16:00:22 ----D---- C:\Program Files\Messenger
2008-09-17 15:50:37 ----SD---- C:\WINDOWS\Tasks
2008-09-16 19:42:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 16:30:34 ----A---- C:\hpqp.ini
2008-09-16 16:30:25 ----A---- C:\XP_TV.ini
2008-09-15 23:48:05 ----D---- C:\Program Files
2008-09-15 23:46:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-15 23:46:15 ----A---- C:\WINDOWS\win.ini
2008-09-14 17:56:21 ----HD---- C:\WINDOWS\inf
2008-09-14 17:53:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-13 23:28:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-13 23:16:20 ----D---- C:\Program Files\Spyware Doctor
2008-09-13 18:59:50 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-13 18:59:40 ----RSD---- C:\WINDOWS\assembly
2008-09-13 09:09:32 ----D---- C:\Documents and Settings
2008-09-13 09:03:35 ----D---- C:\WINDOWS\system32\config
2008-09-13 09:03:14 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 09:03:14 ----D---- C:\WINDOWS\Registration
2008-09-13 00:51:41 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-13 00:50:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-13 00:50:54 ----RSD---- C:\WINDOWS\Fonts
2008-09-13 00:41:55 ----D---- C:\Program Files\Internet Explorer
2008-09-12 15:04:07 ----D---- C:\Program Files\EA Games
2008-09-11 17:00:13 ----D---- C:\WINDOWS\Cursors
2008-09-11 16:53:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 15:53:19 ----D---- C:\Program Files\DivX
2008-09-10 15:08:40 ----D---- C:\Program Files\Microsoft Location Finder
2008-09-09 17:26:38 ----A---- C:\WINDOWS\imsins.BAK
2008-09-08 17:52:56 ----D---- C:\Program Files\QuickVerse 2007
2008-09-08 17:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\openlp.org
2008-09-08 17:45:29 ----D---- C:\Program Files\Mozilla Thunderbird
2008-09-08 17:44:49 ----D---- C:\Program Files\EV Nova
2008-09-06 10:18:43 ----D---- C:\WINDOWS\Internet Logs
2008-09-05 15:02:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 19:21:16 ----SD---- C:\Documents and Settings\Boyz\Application Data\Microsoft
2008-09-04 19:07:36 ----D---- C:\WINDOWS\RegisteredPackages
2008-09-04 18:32:52 ----D---- C:\WINDOWS\system32\DirectX
2008-09-04 17:58:30 ----D---- C:\WINDOWS\Debug
2008-09-04 17:52:21 ----D---- C:\WINDOWS\system32\Setup
2008-09-04 17:01:56 ----D---- C:\WINDOWS\security
2008-09-04 16:42:28 ----D---- C:\WINDOWS\ime
2008-09-04 16:42:26 ----D---- C:\WINDOWS\Help
2008-09-04 16:41:33 ----D---- C:\WINDOWS\system32\usmt
2008-09-04 16:41:17 ----D---- C:\WINDOWS\PeerNet
2008-09-04 16:41:16 ----D---- C:\Program Files\Movie Maker
2008-09-04 16:30:32 ----D---- C:\WINDOWS\system32\Restore
2008-09-04 16:30:31 ----D---- C:\WINDOWS\system32\npp
2008-09-04 16:30:27 ----D---- C:\WINDOWS\msagent
2008-09-04 16:30:24 ----D---- C:\WINDOWS\srchasst
2008-09-04 16:30:16 ----D---- C:\Program Files\NetMeeting
2008-09-04 16:30:12 ----D---- C:\WINDOWS\system32\Com
2008-09-04 16:30:08 ----D---- C:\Program Files\Windows Media Player
2008-09-04 16:30:07 ----D---- C:\Program Files\Windows NT
2008-09-04 16:30:06 ----D---- C:\Program Files\Outlook Express
2008-09-04 16:30:01 ----D---- C:\Program Files\Common Files\System
2008-09-04 16:29:13 ----D---- C:\WINDOWS\system32\oobe
2008-09-04 16:29:05 ----D---- C:\WINDOWS\system
2008-09-04 16:23:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-03 21:47:15 ----D---- C:\Program Files\Lavasoft
2008-09-03 21:47:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-03 19:15:14 ----D---- C:\Documents and Settings\Boyz\Application Data\Skype
2008-09-03 19:14:27 ----D---- C:\Documents and Settings\Boyz\Application Data\skypePM
2008-08-29 15:09:04 ----D---- C:\Documents and Settings\Boyz\Application Data\Mozilla
2008-08-26 14:28:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-11 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-11 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-21 718464]
S3 akmqqzlu;akmqqzlu; C:\WINDOWS\system32\drivers\akmqqzlu.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000; C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys [2004-01-05 1080832]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-09-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-09-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-09-28 21744]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 Ser2pl;ATEN USB to Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-03 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe []
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-25 1077640]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

























info.txt logfile of random's system information tool 1.02 2008-09-20 19:47:06

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BELKIN F5U109 V1.25-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16115E10-502B-4EA0-BD39-4DA329AD89E2}\Setup.exe" -l0x9
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Canon MF5550/MF5530 Printers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D843CE5D-E4DD-433B-96DA-8D138CEEB585}\setup.exe" -l0x9
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Civilization III: Conquests-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F31BC49F-AB7B-4A53-A399-EB7331B585BC}\setup.exe" -l0x9
Civilization III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -ICPL30A5a.INF
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Empire Earth - The Art of Conquest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x9
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hoyle Board Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9
HP DVD Play 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0037-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{552E6DA4-A0F9-41AC-8473-E825D60674EA}\setup.exe" -l0x9 -removeonly
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Location Finder-->MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MicroStation PowerDraft (V 08.05.02.35) - 1-->"C:\Program Files\InstallShield Installation Information\GUID.exe" -uninstall -guid"{372AA845-86DF-4051-9F5D-E385B73414A3}_0"
Monopoly-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetDrive-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NppdCoreFormsDll-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Bentley\Workspace\Projects\Nppd\Dll\ST6UNST.LOG"
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OverDrive Media Console-->MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
PCLinq2 High-Speed USB Bridge Cable-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95381165-5D16-4CD4-9162-57799A3F3AB5}\Setup.exe" -l0x9
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SQLite ODBC Driver (remove only)-->C:\Program Files\SQLite ODBC Driver\Uninstall.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Messenger 5.1-->MsiExec.exe /I{D1E44702-21F5-4918-B8A3-6D126D5BD33C}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
Wisdom-soft AutoScreenRecorder 2.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
Wisdom-soft ScreenHunter 5.0 Free-->C:\PROGRA~1\WISDOM~2\UNWISE.EXE C:\PROGRA~1\WISDOM~2\INSTALL.LOG
YPOPs! 0.9.5.1-->"C:\Program Files\YPOPs\unins000.exe"
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PCTYPE"=PRESARIO
"PLATFORM"=MCD

-----------------EOF-----------------

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 20 September 2008 - 09:00 PM

Hi.

No need to be sorry.

Where is the Combofix log??
Can you provide the combofix log for me as well.

Edit: The combofix log is located in C:\ComboFix.txt

Thanks :thumbsup:

With Regards,
Extremeboy

Edited by extremeboy, 20 September 2008 - 09:01 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 orlymopy

orlymopy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 21 September 2008 - 12:54 PM

oh sorry i thought i got it in there guess not thanks. it took like 24 hours to run that scan though. i wish i knew what all that stuff meant maybe that is my next step in comp stuff
also the porn stuff is not mine and i am the only one who uses this computer now. that is one of the adds that keep poping up so i really want to get rid of that one. as you can guess my GF would be so pissed if that poped up well she was using my comp.


ComboFix 08-09-19.02 - Boyz 2008-09-19 12:00:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.205 [GMT -6:00]
Running from: C:\Documents and Settings\Boyz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Boyz\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Boyz\Application Data\Adobe\crc.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\evlw.exe
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\JkStDfhk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orwopbvx.ini
D:\Autorun.inf

----- BITS: Possible infected sites -----

http://lovelypornovideo.net
http://pornotube30.net
http://91.203.93.21
.
((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-17 23:31 . 2008-02-28 14:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-17 23:31 . 2008-02-28 14:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-09-16 20:05 . 2008-09-17 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-09-16 19:45 . 2008-09-16 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-16 19:43 . 2008-09-16 19:45 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-15 16:53 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-15 16:53 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-15 16:53 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-15 16:53 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-15 16:53 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-15 16:53 . 2008-09-12 12:53 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-15 16:53 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-15 16:53 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-15 16:53 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-15 16:53 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-14 00:21 . 2008-09-14 00:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-13 22:53 . 2008-09-13 22:53 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-09-13 22:52 . 2008-09-13 22:52 <DIR> d-------- C:\Documents and Settings\Boyz\Application Data\PC Tools
2008-09-13 22:52 . 2008-09-19 11:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 21:23 . 2008-09-13 21:25 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-09-13 16:20 . 2008-09-13 16:20 <DIR> d-------- C:\Documents and Settings\Administrator.MIKESCOMPAQ.000\Application Data\SUPERAntiSpyware.com
2008-09-13 15:41 . 2008-09-16 19:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-13 13:18 . 2008-09-13 22:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-13 13:18 . 2008-09-13 13:18 <DIR> d-------- C:\Documents and Settings\Boyz\Application Data\SUPERAntiSpyware.com
2008-09-13 13:18 . 2008-09-13 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-13 09:45 . 2008-09-13 09:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-13 09:38 . 2008-09-13 09:38 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-09-13 09:38 . 2008-09-13 09:38 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-09-13 09:25 . 2008-09-13 21:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-13 09:16 . 2008-09-15 16:54 3,106 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-13 09:09 . 2006-08-19 04:08 <DIR> d-------- C:\Documents and Settings\Administrator.MIKESCOMPAQ.000\Application Data\Intuit
2008-09-13 09:09 . 2008-09-13 09:09 <DIR> d-------- C:\Documents and Settings\Administrator.MIKESCOMPAQ.000
2008-09-13 09:06 . 2008-09-13 09:06 136,832 --a------ C:\WINDOWS\system32\spqqac.dll
2008-09-13 08:50 . 2006-08-19 04:08 <DIR> d-------- C:\Documents and Settings\Administrator.MIKESCOMPAQ\Application Data\Intuit
2008-09-13 08:50 . 2008-09-13 09:02 <DIR> d---s---- C:\Documents and Settings\Administrator.MIKESCOMPAQ
2008-09-13 01:34 . 2008-09-13 17:39 799,877 --ahs---- C:\WINDOWS\system32\JkStDfhk.ini2
2008-09-13 00:51 . 2008-09-13 00:51 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-13 00:51 . 2008-09-13 00:51 <DIR> d-------- C:\Program Files\MSBuild
2008-09-13 00:50 . 2008-09-13 00:50 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-13 00:49 . 2008-09-13 00:50 <DIR> d-------- C:\9ef05326cb020d6ab56f9d66b5bc78
2008-09-13 00:49 . 2008-07-06 06:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-13 00:49 . 2008-07-06 06:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-13 00:49 . 2008-07-06 04:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-13 00:49 . 2008-07-06 06:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-13 00:49 . 2008-07-06 06:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-13 00:49 . 2008-07-06 06:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-13 00:49 . 2008-07-06 06:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-13 00:47 . 2008-09-13 06:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-12 22:18 . 2008-09-17 15:57 <DIR> d-------- C:\Program Files\Uniblue
2008-09-12 22:18 . 2008-09-17 15:56 <DIR> d-------- C:\Documents and Settings\Boyz\Application Data\Uniblue
2008-09-12 20:56 . 2008-09-12 20:56 <DIR> d-------- C:\Program Files\Nero
2008-09-12 16:13 . 2008-09-12 16:13 0 --a------ C:\WINDOWS\Irremote.ini
2008-09-11 18:57 . 2008-09-11 18:57 <DIR> d-------- C:\WINDOWS\Ubisoft
2008-09-11 17:09 . 2008-09-11 17:09 <DIR> d-------- C:\Documents and Settings\Boyz\Application Data\Nero
2008-09-11 17:05 . 2008-09-11 17:07 <DIR> d-------- C:\Program Files\7-Zip
2008-09-11 17:00 . 2008-09-17 23:38 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-11 17:00 . 2008-09-17 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 15:54 . 2008-09-10 15:54 <DIR> d-------- C:\Documents and Settings\Boyz\Application Data\DivX
2008-09-10 15:52 . 2008-08-05 16:02 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-09-10 15:52 . 2008-08-05 16:02 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-10 15:52 . 2008-08-05 16:02 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-10 15:31 . 2008-09-10 15:56 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-09-04 19:06 . 2008-09-04 19:06 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-04 18:07 . 2008-09-04 18:07 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-04 16:41 . 2008-09-04 16:41 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-04 16:41 . 2008-09-04 16:41 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-04 16:41 . 2008-09-04 16:41 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-04 16:41 . 2008-09-04 16:41 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-04 16:30 . 2008-09-04 16:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-04 16:17 . 2008-09-04 16:17 <DIR> d-------- C:\WINDOWS\EHome
2008-09-04 09:04 . 2008-04-13 18:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-04 09:03 . 2008-04-13 18:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-04 09:02 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-04 09:01 . 2008-04-13 18:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-04 09:00 . 2008-04-13 18:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-04 09:00 . 2008-04-13 18:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-09-04 09:00 . 2008-04-13 18:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-09-04 09:00 . 2008-04-13 18:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-09-04 09:00 . 2008-04-13 18:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-09-04 09:00 . 2008-04-13 18:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-09-04 09:00 . 2008-04-13 18:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-09-04 09:00 . 2008-04-13 18:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-09-03 22:42 . 2008-09-03 22:42 <DIR> dr-h----- C:\AHCache
2008-09-03 22:40 . 2008-09-03 22:46 <DIR> d-------- C:\d9de28300db6f094a8dc
2008-09-03 21:44 . 2008-09-03 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 21:42 . 2008-09-13 13:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 17:05 . 2008-09-03 17:05 <DIR> d-------- C:\Program Files\uTorrent
2008-09-03 17:04 . 2008-09-19 10:52 <DIR> d-------- C:\Documents and Settings\Boyz\Application Data\uTorrent
2008-09-02 15:23 . 2008-09-02 18:34 285 --a------ C:\WINDOWS\EReg072.dat
2008-08-25 20:24 . 2008-08-25 20:24 <DIR> d-------- C:\Documents and Settings\Boyz\Application Data\GarageGames
2008-08-24 18:21 . 2008-08-24 18:21 <DIR> d-------- C:\Program Files\Common Files\EasyInfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 05:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 05:16 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-12 21:04 --------- d-----w C:\Program Files\EA Games
2008-09-10 21:53 --------- d-----w C:\Program Files\DivX
2008-09-10 21:08 --------- d-----w C:\Program Files\Microsoft Location Finder
2008-09-08 23:52 --------- d-----w C:\Program Files\QuickVerse 2007
2008-09-08 23:45 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-08 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\openlp.org
2008-09-08 23:44 --------- d-----w C:\Program Files\EV Nova
2008-09-04 03:47 --------- d-----w C:\Program Files\Lavasoft
2008-09-04 01:15 --------- d-----w C:\Documents and Settings\Boyz\Application Data\Skype
2008-09-04 01:14 --------- d-----w C:\Documents and Settings\Boyz\Application Data\skypePM
2008-08-28 21:37 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-25 17:36 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-25 17:36 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-25 17:36 40,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-18 23:41 --------- d-----w C:\Program Files\Disney
2008-08-17 02:00 --------- d-----w C:\Program Files\Java
2008-08-13 23:36 24 ----a-w C:\Documents and Settings\Boyz\jagex_runescape_preferences.dat
2008-08-05 22:02 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-21 14:46 --------- d-----w C:\Documents and Settings\Daniel\Application Data\AVGTOOLBAR
2008-07-06 05:04 389 ----a-w C:\UnInstall.dat
2008-02-04 23:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-01-04 20:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-05-23 02:14 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 02:17 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2008-01-18 01:24 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-28 1235736]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-13 22:30 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll spqqac.dll znslmu.dll

[HKLM\~\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\admin\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 10:35 49152 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2004-06-24 02:22 729088 C:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-16 22:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-02 16:21 135168 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 22:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-06-16 23:22 794713 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
--a------ 2003-04-14 14:11 294912 C:\Program Files\NetDrive\NetDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2001-10-05 18:34 24576 C:\Program Files\Microsoft Works\wkfud.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Boyz\\Desktop\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sierra\\EE-AOC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-28 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-11 76040]
R2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys [2002-11-27 67032]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys [2004-01-05 1080832]
S3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-09-17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
SSODL-mgxfebsq-{D408468B-5BBB-469E-B88F-0327B132EAC2} - (no file)
SSODL-dtseqrxk-{1F0E6F79-ECA3-41E5-9B33-B6B81384CFE7} - (no file)
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\Program Files\Norton Internet Security\cfgwiz.exe
MSConfigStartUp-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
MSConfigStartUp-SDTray - C:\Program Files\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-SSC_UserPrompt - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Boyz\Application Data\Mozilla\Firefox\Profiles\1183aqgh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sc.jeffco.k12.co.us/education/school/school.php?sectionid=290
FF -: plugin - C:\Documents and Settings\Boyz\Application Data\Mozilla\Firefox\Profiles\1183aqgh.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF -: plugin - C:\Documents and Settings\Boyz\Application Data\Mozilla\Firefox\Profiles\1183aqgh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 19:14:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????d??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-20 19:21:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 01:21:20

Pre-Run: 12,900,212,736 bytes free
Post-Run: 13,167,345,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

297 --- E O F --- 2008-09-09 23:34:23

Edited by orlymopy, 21 September 2008 - 12:58 PM.


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 22 September 2008 - 02:50 PM

Hi.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)


    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.

  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\spqqac.dll
    C:\WINDOWS\system32\JkStDfhk.ini2
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="avgrsstx.dll"
    
    DirLook::
    C:\d9de28300db6f094a8dc
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Note:Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Post back with the following:
-Combofix log
-Fresh RSIT log
<-Run this at the end.

Are there still any more promblems after the run of combofix?
Any more of those popups?

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 orlymopy

orlymopy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 24 September 2008 - 04:23 PM

the combo fix is takeing to long. i will start it at like 6 oclock at night then i will check it at 10 and it will be on process 10. in the morning it will still be there when i go to school at 7 and then still the same when i norm get home at 3. i stopped it today. i have to do homework on it. the thing says it should only take like 10 min though. the hijack thing was not there like you said it might be. what you want me to do?

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 24 September 2008 - 05:25 PM

In this case I want you to post me back with a fresh RSIT log.

I want to see if anything has changed so far.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 orlymopy

orlymopy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 24 September 2008 - 08:05 PM

here thanks

Logfile of random's system information tool 1.02 (written by random/random)
Run by Boyz at 2008-09-24 18:24:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (13%) free of 68 GB
Total RAM: 502 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25, on 2008-09-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Boyz\Desktop\virus stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Boyz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 7065 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-28 1235736]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2004-06-24 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
C:\Program Files\NetDrive\netdrive.exe [2003-04-14 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2001-10-05 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
C:\PROGRA~1\Vongo\Tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-09-13 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Boyz\Desktop\Skype.exe"="C:\Documents and Settings\Boyz\Desktop\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sierra\EE-AOC.exe"="C:\Program Files\Sierra\EE-AOC.exe:*:Enabled:EE-AOC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-23 21:45:18 ----D---- C:\ComboFix
2008-09-23 21:45:08 ----A---- C:\WINDOWS\system32\CF8609.exe
2008-09-23 17:34:41 ----A---- C:\WINDOWS\system32\CF25077.exe
2008-09-21 11:44:31 ----A---- C:\rollback.ini
2008-09-20 21:19:33 ----D---- C:\Documents and Settings\Boyz\Application Data\MailFrontier
2008-09-20 20:57:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-20 20:57:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-20 20:56:52 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-09-20 20:25:41 ----A---- C:\WINDOWS\zllsputility.exe
2008-09-20 20:24:18 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-20 20:24:16 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-09-20 20:23:58 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-09-20 20:23:53 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-09-20 20:23:51 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-20 20:23:51 ----D---- C:\Program Files\Zone Labs
2008-09-20 20:23:50 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-09-20 20:23:50 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-09-20 19:45:24 ----D---- C:\rsit
2008-09-20 19:21:38 ----D---- C:\WINDOWS\temp
2008-09-19 12:00:52 ----A---- C:\Boot.bak
2008-09-19 12:00:40 ----D---- C:\cmdcons
2008-09-19 11:59:58 ----D---- C:\WINDOWS\erdnt
2008-09-19 11:59:40 ----D---- C:\QooBox
2008-09-19 11:59:39 ----A---- C:\WINDOWS\zip.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\VFind.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\SWSC.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\swreg.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\sed.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\grep.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\fdsv.exe
2008-09-19 11:59:38 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-17 23:31:48 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-16 20:05:20 ----D---- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-09-16 19:45:17 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-16 19:43:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-14 00:21:28 ----D---- C:\Program Files\Trend Micro
2008-09-13 22:53:49 ----D---- C:\Program Files\Enigma Software Group
2008-09-13 22:52:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 22:52:21 ----D---- C:\Documents and Settings\Boyz\Application Data\PC Tools
2008-09-13 21:23:56 ----D---- C:\Program Files\RogueRemover FREE
2008-09-13 15:41:31 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-13 13:18:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-13 13:18:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-13 13:18:22 ----D---- C:\Documents and Settings\Boyz\Application Data\SUPERAntiSpyware.com
2008-09-13 09:25:46 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-13 09:06:38 ----A---- C:\WINDOWS\system32\spqqac.dll
2008-09-13 08:54:18 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-13 08:54:03 ----A---- C:\rapport.txt
2008-09-13 08:45:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-13 01:57:24 ----A---- C:\WINDOWS\system32\2559387e-.txt
2008-09-13 01:34:52 ----ASH---- C:\WINDOWS\system32\JkStDfhk.ini2
2008-09-13 00:51:14 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-13 00:51:00 ----D---- C:\Program Files\MSBuild
2008-09-13 00:50:46 ----D---- C:\Program Files\Reference Assemblies
2008-09-13 00:49:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-09-13 00:49:25 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-13 00:49:24 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-09-13 00:49:20 ----D---- C:\9ef05326cb020d6ab56f9d66b5bc78
2008-09-13 00:47:49 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-12 22:18:56 ----D---- C:\Documents and Settings\Boyz\Application Data\Uniblue
2008-09-12 22:18:16 ----D---- C:\Program Files\Uniblue
2008-09-12 20:56:37 ----D---- C:\Program Files\Nero
2008-09-12 16:13:58 ----A---- C:\WINDOWS\Irremote.ini
2008-09-11 18:57:11 ----D---- C:\WINDOWS\Ubisoft
2008-09-11 17:09:38 ----D---- C:\Documents and Settings\Boyz\Application Data\Nero
2008-09-11 17:05:17 ----D---- C:\Program Files\7-Zip
2008-09-11 17:04:13 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-09-11 17:00:22 ----D---- C:\Program Files\Common Files\Nero
2008-09-11 17:00:22 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 15:54:41 ----D---- C:\Documents and Settings\Boyz\Application Data\DivX
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-09-10 15:52:47 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-09-10 15:31:53 ----D---- C:\WINDOWS\system32\quicktime
2008-09-09 17:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 17:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 15:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 19:06:23 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-04 19:06:20 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-04 19:06:00 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-04 18:07:56 ----D---- C:\Program Files\Microsoft Games
2008-09-04 17:54:05 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-04 17:54:01 ----D---- C:\WINDOWS\Prefetch
2008-09-04 17:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-04 17:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-04 17:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-04 17:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-04 16:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-04 16:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-04 16:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-04 16:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-04 16:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-04 16:47:40 ----A---- C:\WINDOWS\setuplog.txt
2008-09-04 16:41:27 ----D---- C:\WINDOWS\system32\scripting
2008-09-04 16:41:23 ----D---- C:\WINDOWS\l2schemas
2008-09-04 16:41:19 ----D---- C:\WINDOWS\system32\en
2008-09-04 16:41:17 ----D---- C:\WINDOWS\system32\bits
2008-09-04 16:30:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-04 16:25:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-04 16:17:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-04 16:17:39 ----D---- C:\WINDOWS\EHome
2008-09-04 09:05:13 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-04 09:05:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-04 09:04:45 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-04 09:04:43 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\slrundll.exe
2008-09-04 09:04:38 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-04 09:04:34 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-04 09:04:30 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-04 09:04:28 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-04 09:04:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-04 09:04:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-04 09:04:18 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-04 09:04:11 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-04 09:04:02 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-04 09:03:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-04 09:03:16 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-04 09:03:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-04 09:02:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-04 09:02:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-04 09:02:37 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-04 09:02:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-04 09:01:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-04 09:01:51 ----A---- C:\WINDOWS\002817_.tmp
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-04 09:01:37 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-04 09:01:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-04 09:01:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-04 09:01:28 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-04 09:01:17 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-04 09:01:16 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-04 09:01:12 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-04 09:00:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 22:42:08 ----RHD---- C:\AHCache
2008-09-03 22:40:34 ----D---- C:\d9de28300db6f094a8dc
2008-09-03 21:44:46 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 21:42:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 17:05:00 ----D---- C:\Program Files\uTorrent
2008-09-03 17:04:53 ----D---- C:\Documents and Settings\Boyz\Application Data\uTorrent
2008-08-25 20:24:48 ----D---- C:\Documents and Settings\Boyz\Application Data\GarageGames

======List of files/folders modified in the last 1 months======

2008-09-24 18:10:16 ----D---- C:\Program Files\Mozilla Firefox
2008-09-24 18:03:44 ----D---- C:\WINDOWS\Internet Logs
2008-09-24 18:02:30 ----D---- C:\WINDOWS\system32\ias
2008-09-24 18:01:57 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-09-24 15:27:13 ----HD---- C:\$AVG8.VAULT$
2008-09-23 21:47:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-23 21:46:41 ----D---- C:\WINDOWS\system32
2008-09-23 21:45:03 ----D---- C:\WINDOWS\system32\drivers
2008-09-23 00:17:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-21 11:33:36 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-20 20:58:44 ----D---- C:\WINDOWS
2008-09-20 20:55:52 ----SHD---- C:\WINDOWS\Installer
2008-09-20 20:55:52 ----HD---- C:\Config.Msi
2008-09-20 20:25:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 20:23:51 ----D---- C:\Program Files
2008-09-20 19:13:56 ----A---- C:\WINDOWS\system.ini
2008-09-19 23:13:04 ----D---- C:\Program Files\Common Files
2008-09-19 23:08:12 ----D---- C:\WINDOWS\AppPatch
2008-09-19 17:35:57 ----D---- C:\Documents and Settings\Boyz\Application Data\Adobe
2008-09-19 12:00:53 ----RASH---- C:\boot.ini
2008-09-19 11:27:14 ----D---- C:\WINDOWS\Minidump
2008-09-17 16:00:33 ----D---- C:\WINDOWS\WinSxS
2008-09-17 16:00:22 ----D---- C:\Program Files\Messenger
2008-09-17 15:50:37 ----SD---- C:\WINDOWS\Tasks
2008-09-16 19:42:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 16:30:34 ----A---- C:\hpqp.ini
2008-09-16 16:30:25 ----A---- C:\XP_TV.ini
2008-09-15 23:46:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-15 23:46:15 ----A---- C:\WINDOWS\win.ini
2008-09-14 17:56:21 ----HD---- C:\WINDOWS\inf
2008-09-14 17:53:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-13 23:28:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-13 23:16:20 ----D---- C:\Program Files\Spyware Doctor
2008-09-13 18:59:50 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-13 18:59:40 ----RSD---- C:\WINDOWS\assembly
2008-09-13 09:09:32 ----D---- C:\Documents and Settings
2008-09-13 09:03:35 ----D---- C:\WINDOWS\system32\config
2008-09-13 09:03:14 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 09:03:14 ----D---- C:\WINDOWS\Registration
2008-09-13 00:50:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-13 00:50:54 ----RSD---- C:\WINDOWS\Fonts
2008-09-13 00:41:55 ----D---- C:\Program Files\Internet Explorer
2008-09-12 15:04:07 ----D---- C:\Program Files\EA Games
2008-09-11 17:00:13 ----D---- C:\WINDOWS\Cursors
2008-09-11 16:53:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 15:53:19 ----D---- C:\Program Files\DivX
2008-09-10 15:08:40 ----D---- C:\Program Files\Microsoft Location Finder
2008-09-09 17:26:38 ----A---- C:\WINDOWS\imsins.BAK
2008-09-08 17:52:56 ----D---- C:\Program Files\QuickVerse 2007
2008-09-08 17:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\openlp.org
2008-09-08 17:45:29 ----D---- C:\Program Files\Mozilla Thunderbird
2008-09-08 17:44:49 ----D---- C:\Program Files\EV Nova
2008-09-05 15:02:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 19:21:16 ----SD---- C:\Documents and Settings\Boyz\Application Data\Microsoft
2008-09-04 19:07:36 ----D---- C:\WINDOWS\RegisteredPackages
2008-09-04 18:32:52 ----D---- C:\WINDOWS\system32\DirectX
2008-09-04 17:58:30 ----D---- C:\WINDOWS\Debug
2008-09-04 17:52:21 ----D---- C:\WINDOWS\system32\Setup
2008-09-04 17:01:56 ----D---- C:\WINDOWS\security
2008-09-04 16:42:28 ----D---- C:\WINDOWS\ime
2008-09-04 16:42:26 ----D---- C:\WINDOWS\Help
2008-09-04 16:41:33 ----D---- C:\WINDOWS\system32\usmt
2008-09-04 16:41:17 ----D---- C:\WINDOWS\PeerNet
2008-09-04 16:41:16 ----D---- C:\Program Files\Movie Maker
2008-09-04 16:30:32 ----D---- C:\WINDOWS\system32\Restore
2008-09-04 16:30:31 ----D---- C:\WINDOWS\system32\npp
2008-09-04 16:30:27 ----D---- C:\WINDOWS\msagent
2008-09-04 16:30:24 ----D---- C:\WINDOWS\srchasst
2008-09-04 16:30:16 ----D---- C:\Program Files\NetMeeting
2008-09-04 16:30:12 ----D---- C:\WINDOWS\system32\Com
2008-09-04 16:30:08 ----D---- C:\Program Files\Windows Media Player
2008-09-04 16:30:07 ----D---- C:\Program Files\Windows NT
2008-09-04 16:30:06 ----D---- C:\Program Files\Outlook Express
2008-09-04 16:30:01 ----D---- C:\Program Files\Common Files\System
2008-09-04 16:29:13 ----D---- C:\WINDOWS\system32\oobe
2008-09-04 16:29:05 ----D---- C:\WINDOWS\system
2008-09-04 16:23:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-03 21:47:15 ----D---- C:\Program Files\Lavasoft
2008-09-03 21:47:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-03 19:15:14 ----D---- C:\Documents and Settings\Boyz\Application Data\Skype
2008-09-03 19:14:27 ----D---- C:\Documents and Settings\Boyz\Application Data\skypePM
2008-08-29 15:09:04 ----D---- C:\Documents and Settings\Boyz\Application Data\Mozilla
2008-08-26 14:28:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-11 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-06-03 147984]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-11 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-21 718464]
S3 aevflyld;aevflyld; C:\WINDOWS\system32\drivers\aevflyld.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000; C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys [2004-01-05 1080832]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-09-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-09-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-09-28 21744]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 Ser2pl;ATEN USB to Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-03 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe []
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-25 1077640]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 26 September 2008 - 07:52 AM

Hi again.

Your log is alot better than before :thumbsup:

We will not use combofix then due to the promblem you had. We will remove those files manually.

Create and Run batch script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".


    @ECHO OFF
    attrib -s -r -h "\WINDOWS\system32\JkStDfhk.ini2"
    del /q "\WINDOWS\system32\JkStDfhk.ini2"
    if exist "\WINDOWS\system32\JkStDfhk.ini2". (
    echo "C:\WINDOWS\system32\JkStDfhk.ini2 - Failed" > C:\confirmed.txt.
    ) ELSE (
    echo "C:\WINDOWS\system32\JkStDfhk.ini2 - Success" > C:\confirmed.txt.
    )

    attrib -s -r -h "\WINDOWS\system32\spqqac.dll"
    del /q "\WINDOWS\system32\spqqac.dll"
    if exist "\WINDOWS\system32\spqqac.dll". (
    echo "C:\WINDOWS\system32\spqqac.dll - Failed " >> C:\confirmed.txt.
    ) ELSE (
    echo "C:\WINDOWS\system32\spqqac.dll - Success" >> C:\confirmed.txt.
    )

    Notepad C:\confirmed.txt
    del C:\confirmed.txt
    exit

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input remove.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on remove.bat a black DOS window will flash and then notepad will open. Please copy the contents from Notepad in your next post.

You can delete that file after use. :)

Do you know what this folder is: C:\d9de28300db6f094a8dc??

Edit: Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.


For your next reply please post back with the following:
  • Notepad Contents
  • Do you know what this folder is: C:\d9de28300db6f094a8dc??
  • Kaspersky online scan log
  • Fresh RSIT log <- Run this at the very end.
Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 orlymopy

orlymopy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 27 September 2008 - 12:33 AM

"C:\WINDOWS\system32\JkStDfhk.ini2 - Success"
"C:\WINDOWS\system32\spqqac.dll - Success"

no i dont know what it is. it says arrowhead though as the company.
i will give it to you but idk a good way to give you the whole folder. so if you want them let me know.

the Kaspersky

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, September 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 26, 2008 22:02:08
Records in database: 1264151
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 94138
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 02:35:09

File name Threat name Threats count
C:\Documents and Settings\Administrator.MIKESCOMPAQ.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\n9lo8mwk.default\Cache\63329BDCd01 Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Boyz\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-443d6c5f Infected: Exploit.Java.Gimsh.a 1
C:\QooBox\Quarantine\C\WINDOWS\evlw.exe.vir Infected: Trojan.Win32.Vapsup.lsl 1
The selected area was scanned.



and the rsit log

Logfile of random's system information tool 1.02 (written by random/random)
Run by Boyz at 2008-09-26 23:26:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (13%) free of 68 GB
Total RAM: 502 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27, on 2008-09-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Boyz\Desktop\virus stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Boyz.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 7191 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-28 1235736]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2004-06-24 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
C:\Program Files\NetDrive\netdrive.exe [2003-04-14 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2001-10-05 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
C:\PROGRA~1\Vongo\Tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-09-13 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Boyz\Desktop\Skype.exe"="C:\Documents and Settings\Boyz\Desktop\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sierra\EE-AOC.exe"="C:\Program Files\Sierra\EE-AOC.exe:*:Enabled:EE-AOC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-26 16:49:47 ----A---- C:\confirmed.txt
2008-09-23 21:45:18 ----D---- C:\ComboFix
2008-09-23 21:45:08 ----A---- C:\WINDOWS\system32\CF8609.exe
2008-09-23 17:34:41 ----A---- C:\WINDOWS\system32\CF25077.exe
2008-09-21 11:44:31 ----A---- C:\rollback.ini
2008-09-20 21:19:33 ----D---- C:\Documents and Settings\Boyz\Application Data\MailFrontier
2008-09-20 20:57:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-20 20:57:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-20 20:56:52 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-09-20 20:25:41 ----A---- C:\WINDOWS\zllsputility.exe
2008-09-20 20:24:18 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-20 20:24:16 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-09-20 20:23:58 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-09-20 20:23:53 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-09-20 20:23:51 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-20 20:23:51 ----D---- C:\Program Files\Zone Labs
2008-09-20 20:23:50 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-09-20 20:23:50 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-09-20 19:45:24 ----D---- C:\rsit
2008-09-20 19:21:38 ----D---- C:\WINDOWS\temp
2008-09-19 12:00:52 ----A---- C:\Boot.bak
2008-09-19 12:00:40 ----D---- C:\cmdcons
2008-09-19 11:59:58 ----D---- C:\WINDOWS\erdnt
2008-09-19 11:59:40 ----D---- C:\QooBox
2008-09-19 11:59:39 ----A---- C:\WINDOWS\zip.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\VFind.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\SWSC.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\swreg.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\sed.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\grep.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\fdsv.exe
2008-09-19 11:59:38 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-17 23:31:48 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-16 20:05:20 ----D---- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-09-16 19:45:17 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-16 19:43:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-14 00:21:28 ----D---- C:\Program Files\Trend Micro
2008-09-13 22:53:49 ----D---- C:\Program Files\Enigma Software Group
2008-09-13 22:52:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 22:52:21 ----D---- C:\Documents and Settings\Boyz\Application Data\PC Tools
2008-09-13 21:23:56 ----D---- C:\Program Files\RogueRemover FREE
2008-09-13 15:41:31 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-13 13:18:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-13 13:18:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-13 13:18:22 ----D---- C:\Documents and Settings\Boyz\Application Data\SUPERAntiSpyware.com
2008-09-13 09:25:46 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-13 08:54:18 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-13 08:54:03 ----A---- C:\rapport.txt
2008-09-13 08:45:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-13 01:57:24 ----A---- C:\WINDOWS\system32\2559387e-.txt
2008-09-13 00:51:14 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-13 00:51:00 ----D---- C:\Program Files\MSBuild
2008-09-13 00:50:46 ----D---- C:\Program Files\Reference Assemblies
2008-09-13 00:49:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-09-13 00:49:25 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-13 00:49:24 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-09-13 00:49:20 ----D---- C:\9ef05326cb020d6ab56f9d66b5bc78
2008-09-13 00:47:49 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-12 22:18:56 ----D---- C:\Documents and Settings\Boyz\Application Data\Uniblue
2008-09-12 22:18:16 ----D---- C:\Program Files\Uniblue
2008-09-12 20:56:37 ----D---- C:\Program Files\Nero
2008-09-12 16:13:58 ----A---- C:\WINDOWS\Irremote.ini
2008-09-11 18:57:11 ----D---- C:\WINDOWS\Ubisoft
2008-09-11 17:09:38 ----D---- C:\Documents and Settings\Boyz\Application Data\Nero
2008-09-11 17:05:17 ----D---- C:\Program Files\7-Zip
2008-09-11 17:04:13 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-09-11 17:00:22 ----D---- C:\Program Files\Common Files\Nero
2008-09-11 17:00:22 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 15:54:41 ----D---- C:\Documents and Settings\Boyz\Application Data\DivX
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-09-10 15:52:47 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-09-10 15:31:53 ----D---- C:\WINDOWS\system32\quicktime
2008-09-09 17:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 17:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 15:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 19:06:23 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-04 19:06:20 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-04 19:06:00 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-04 18:07:56 ----D---- C:\Program Files\Microsoft Games
2008-09-04 17:54:05 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-04 17:54:01 ----D---- C:\WINDOWS\Prefetch
2008-09-04 17:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-04 17:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-04 17:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-04 17:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-04 16:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-04 16:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-04 16:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-04 16:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-04 16:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-04 16:47:40 ----A---- C:\WINDOWS\setuplog.txt
2008-09-04 16:41:27 ----D---- C:\WINDOWS\system32\scripting
2008-09-04 16:41:23 ----D---- C:\WINDOWS\l2schemas
2008-09-04 16:41:19 ----D---- C:\WINDOWS\system32\en
2008-09-04 16:41:17 ----D---- C:\WINDOWS\system32\bits
2008-09-04 16:30:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-04 16:25:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-04 16:17:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-04 16:17:39 ----D---- C:\WINDOWS\EHome
2008-09-04 09:05:13 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-04 09:05:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-04 09:04:45 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-04 09:04:43 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\slrundll.exe
2008-09-04 09:04:38 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-04 09:04:34 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-04 09:04:30 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-04 09:04:30 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-09-04 09:04:28 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-04 09:04:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-04 09:04:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-04 09:04:18 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-04 09:04:11 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-04 09:04:02 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-04 09:03:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-04 09:03:16 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-04 09:03:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-04 09:02:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-04 09:02:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-04 09:02:37 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-04 09:02:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-04 09:01:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-04 09:01:51 ----A---- C:\WINDOWS\002817_.tmp
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-04 09:01:37 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-04 09:01:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-04 09:01:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-04 09:01:28 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-04 09:01:17 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-04 09:01:16 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-04 09:01:12 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-04 09:00:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 22:42:08 ----RHD---- C:\AHCache
2008-09-03 22:40:34 ----D---- C:\d9de28300db6f094a8dc
2008-09-03 21:44:46 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 21:42:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 17:05:00 ----D---- C:\Program Files\uTorrent
2008-09-03 17:04:53 ----D---- C:\Documents and Settings\Boyz\Application Data\uTorrent

======List of files/folders modified in the last 1 months======

2008-09-26 17:17:44 ----D---- C:\WINDOWS\Internet Logs
2008-09-26 17:02:27 ----D---- C:\Program Files\Mozilla Firefox
2008-09-26 16:49:47 ----D---- C:\WINDOWS\system32
2008-09-26 15:06:33 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-26 15:04:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 14:58:49 ----D---- C:\WINDOWS\system32\ias
2008-09-26 14:58:01 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-09-24 19:05:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-24 15:27:13 ----HD---- C:\$AVG8.VAULT$
2008-09-23 21:45:03 ----D---- C:\WINDOWS\system32\drivers
2008-09-21 11:33:36 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-20 20:58:44 ----D---- C:\WINDOWS
2008-09-20 20:55:52 ----SHD---- C:\WINDOWS\Installer
2008-09-20 20:55:52 ----HD---- C:\Config.Msi
2008-09-20 20:25:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 20:23:51 ----D---- C:\Program Files
2008-09-20 19:13:56 ----A---- C:\WINDOWS\system.ini
2008-09-19 23:13:04 ----D---- C:\Program Files\Common Files
2008-09-19 23:08:12 ----D---- C:\WINDOWS\AppPatch
2008-09-19 17:35:57 ----D---- C:\Documents and Settings\Boyz\Application Data\Adobe
2008-09-19 12:00:53 ----RASH---- C:\boot.ini
2008-09-19 11:27:14 ----D---- C:\WINDOWS\Minidump
2008-09-17 16:00:33 ----D---- C:\WINDOWS\WinSxS
2008-09-17 16:00:22 ----D---- C:\Program Files\Messenger
2008-09-17 15:50:37 ----SD---- C:\WINDOWS\Tasks
2008-09-16 19:42:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 16:30:34 ----A---- C:\hpqp.ini
2008-09-16 16:30:25 ----A---- C:\XP_TV.ini
2008-09-15 23:46:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-15 23:46:15 ----A---- C:\WINDOWS\win.ini
2008-09-14 17:56:21 ----HD---- C:\WINDOWS\inf
2008-09-13 23:28:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-13 23:16:20 ----D---- C:\Program Files\Spyware Doctor
2008-09-13 18:59:50 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-13 18:59:40 ----RSD---- C:\WINDOWS\assembly
2008-09-13 09:09:32 ----D---- C:\Documents and Settings
2008-09-13 09:03:35 ----D---- C:\WINDOWS\system32\config
2008-09-13 09:03:14 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 09:03:14 ----D---- C:\WINDOWS\Registration
2008-09-13 00:50:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-13 00:50:54 ----RSD---- C:\WINDOWS\Fonts
2008-09-13 00:41:55 ----D---- C:\Program Files\Internet Explorer
2008-09-12 15:04:07 ----D---- C:\Program Files\EA Games
2008-09-11 17:00:13 ----D---- C:\WINDOWS\Cursors
2008-09-11 16:53:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 15:53:19 ----D---- C:\Program Files\DivX
2008-09-10 15:08:40 ----D---- C:\Program Files\Microsoft Location Finder
2008-09-09 17:26:38 ----A---- C:\WINDOWS\imsins.BAK
2008-09-08 17:52:56 ----D---- C:\Program Files\QuickVerse 2007
2008-09-08 17:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\openlp.org
2008-09-08 17:45:29 ----D---- C:\Program Files\Mozilla Thunderbird
2008-09-08 17:44:49 ----D---- C:\Program Files\EV Nova
2008-09-05 15:02:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 19:21:16 ----SD---- C:\Documents and Settings\Boyz\Application Data\Microsoft
2008-09-04 19:07:36 ----D---- C:\WINDOWS\RegisteredPackages
2008-09-04 18:32:52 ----D---- C:\WINDOWS\system32\DirectX
2008-09-04 17:58:30 ----D---- C:\WINDOWS\Debug
2008-09-04 17:52:21 ----D---- C:\WINDOWS\system32\Setup
2008-09-04 17:01:56 ----D---- C:\WINDOWS\security
2008-09-04 16:42:28 ----D---- C:\WINDOWS\ime
2008-09-04 16:42:26 ----D---- C:\WINDOWS\Help
2008-09-04 16:41:33 ----D---- C:\WINDOWS\system32\usmt
2008-09-04 16:41:17 ----D---- C:\WINDOWS\PeerNet
2008-09-04 16:41:16 ----D---- C:\Program Files\Movie Maker
2008-09-04 16:30:32 ----D---- C:\WINDOWS\system32\Restore
2008-09-04 16:30:31 ----D---- C:\WINDOWS\system32\npp
2008-09-04 16:30:27 ----D---- C:\WINDOWS\msagent
2008-09-04 16:30:24 ----D---- C:\WINDOWS\srchasst
2008-09-04 16:30:16 ----D---- C:\Program Files\NetMeeting
2008-09-04 16:30:12 ----D---- C:\WINDOWS\system32\Com
2008-09-04 16:30:08 ----D---- C:\Program Files\Windows Media Player
2008-09-04 16:30:07 ----D---- C:\Program Files\Windows NT
2008-09-04 16:30:06 ----D---- C:\Program Files\Outlook Express
2008-09-04 16:30:01 ----D---- C:\Program Files\Common Files\System
2008-09-04 16:29:13 ----D---- C:\WINDOWS\system32\oobe
2008-09-04 16:29:05 ----D---- C:\WINDOWS\system
2008-09-04 16:23:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-03 21:47:15 ----D---- C:\Program Files\Lavasoft
2008-09-03 21:47:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-03 19:15:14 ----D---- C:\Documents and Settings\Boyz\Application Data\Skype
2008-09-03 19:14:27 ----D---- C:\Documents and Settings\Boyz\Application Data\skypePM
2008-08-29 15:09:04 ----D---- C:\Documents and Settings\Boyz\Application Data\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-11 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-06-03 147984]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-11 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-21 718464]
S3 aqhuyypj;aqhuyypj; C:\WINDOWS\system32\drivers\aqhuyypj.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000; C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys [2004-01-05 1080832]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-09-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-09-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-09-28 21744]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 Ser2pl;ATEN USB to Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-03 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe []
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-25 1077640]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 27 September 2008 - 08:05 AM

Hi again.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.

Kaspersky found an infected folder.

Please Navigate to the folder C:\Documents and Settings\Boyz\Application Data\Sun\Java\Deployment
In the Deployment folder look for a folder called cache<- Delete this ENTIRE FOLDER

Any Problems left???
Please tell me so if there are any.

Please post back with one last RSIT log.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 orlymopy

orlymopy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 27 September 2008 - 10:54 AM

i dont think there is anything left thanks i will let you know. here is the rist

did you find out what that one folder is.

Logfile of random's system information tool 1.02 (written by random/random)
Run by Boyz at 2008-09-27 09:51:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (13%) free of 68 GB
Total RAM: 502 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52, on 2008-09-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Boyz\Desktop\virus stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Boyz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--
End of file - 6883 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-11 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-28 1235736]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2004-06-24 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
C:\Program Files\NetDrive\netdrive.exe [2003-04-14 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2001-10-05 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
C:\PROGRA~1\Vongo\Tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-09-13 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Boyz\Desktop\Skype.exe"="C:\Documents and Settings\Boyz\Desktop\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sierra\EE-AOC.exe"="C:\Program Files\Sierra\EE-AOC.exe:*:Enabled:EE-AOC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-26 16:49:47 ----A---- C:\confirmed.txt
2008-09-23 21:45:18 ----D---- C:\ComboFix
2008-09-23 21:45:08 ----A---- C:\WINDOWS\system32\CF8609.exe
2008-09-23 17:34:41 ----A---- C:\WINDOWS\system32\CF25077.exe
2008-09-21 11:44:31 ----A---- C:\rollback.ini
2008-09-20 21:19:33 ----D---- C:\Documents and Settings\Boyz\Application Data\MailFrontier
2008-09-20 20:57:04 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-20 20:57:04 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-20 20:56:52 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-09-20 20:25:41 ----A---- C:\WINDOWS\zllsputility.exe
2008-09-20 20:24:18 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-20 20:24:16 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-09-20 20:23:58 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-09-20 20:23:53 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-09-20 20:23:51 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-20 20:23:51 ----D---- C:\Program Files\Zone Labs
2008-09-20 20:23:50 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-09-20 20:23:50 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-09-20 20:22:57 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-09-20 19:45:24 ----D---- C:\rsit
2008-09-20 19:21:38 ----D---- C:\WINDOWS\temp
2008-09-19 12:00:52 ----A---- C:\Boot.bak
2008-09-19 12:00:40 ----D---- C:\cmdcons
2008-09-19 11:59:58 ----D---- C:\WINDOWS\erdnt
2008-09-19 11:59:40 ----D---- C:\QooBox
2008-09-19 11:59:39 ----A---- C:\WINDOWS\zip.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\VFind.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\SWSC.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\swreg.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\sed.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\grep.exe
2008-09-19 11:59:39 ----A---- C:\WINDOWS\fdsv.exe
2008-09-19 11:59:38 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-17 23:31:48 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-16 20:05:20 ----D---- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-09-16 19:45:17 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-16 19:43:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-15 16:53:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-14 00:21:28 ----D---- C:\Program Files\Trend Micro
2008-09-13 22:53:49 ----D---- C:\Program Files\Enigma Software Group
2008-09-13 22:52:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 22:52:21 ----D---- C:\Documents and Settings\Boyz\Application Data\PC Tools
2008-09-13 21:23:56 ----D---- C:\Program Files\RogueRemover FREE
2008-09-13 15:41:31 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-13 13:18:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-13 13:18:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-13 13:18:22 ----D---- C:\Documents and Settings\Boyz\Application Data\SUPERAntiSpyware.com
2008-09-13 09:25:46 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-13 08:54:18 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-13 08:54:03 ----A---- C:\rapport.txt
2008-09-13 08:45:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-13 01:57:24 ----A---- C:\WINDOWS\system32\2559387e-.txt
2008-09-13 00:51:14 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-13 00:51:00 ----D---- C:\Program Files\MSBuild
2008-09-13 00:50:46 ----D---- C:\Program Files\Reference Assemblies
2008-09-13 00:49:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-09-13 00:49:25 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-13 00:49:24 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-09-13 00:49:20 ----D---- C:\9ef05326cb020d6ab56f9d66b5bc78
2008-09-13 00:47:49 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-12 22:18:56 ----D---- C:\Documents and Settings\Boyz\Application Data\Uniblue
2008-09-12 22:18:16 ----D---- C:\Program Files\Uniblue
2008-09-12 20:56:37 ----D---- C:\Program Files\Nero
2008-09-12 16:13:58 ----A---- C:\WINDOWS\Irremote.ini
2008-09-11 18:57:11 ----D---- C:\WINDOWS\Ubisoft
2008-09-11 17:09:38 ----D---- C:\Documents and Settings\Boyz\Application Data\Nero
2008-09-11 17:05:17 ----D---- C:\Program Files\7-Zip
2008-09-11 17:04:13 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-09-11 17:00:22 ----D---- C:\Program Files\Common Files\Nero
2008-09-11 17:00:22 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 15:54:41 ----D---- C:\Documents and Settings\Boyz\Application Data\DivX
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-10 15:52:49 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-09-10 15:52:48 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-09-10 15:52:47 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-09-10 15:31:53 ----D---- C:\WINDOWS\system32\quicktime
2008-09-09 17:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 17:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 15:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 19:06:23 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-04 19:06:20 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-04 19:06:00 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-04 18:07:56 ----D---- C:\Program Files\Microsoft Games
2008-09-04 17:54:05 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-04 17:54:01 ----D---- C:\WINDOWS\Prefetch
2008-09-04 17:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-04 17:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-04 17:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-04 17:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-04 16:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-04 16:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-04 16:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-04 16:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-04 16:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-04 16:47:40 ----A---- C:\WINDOWS\setuplog.txt
2008-09-04 16:41:27 ----D---- C:\WINDOWS\system32\scripting
2008-09-04 16:41:23 ----D---- C:\WINDOWS\l2schemas
2008-09-04 16:41:19 ----D---- C:\WINDOWS\system32\en
2008-09-04 16:41:17 ----D---- C:\WINDOWS\system32\bits
2008-09-04 16:30:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-04 16:25:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-04 16:17:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-04 16:17:39 ----D---- C:\WINDOWS\EHome
2008-09-04 09:05:13 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-04 09:05:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-04 09:05:07 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-04 09:04:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-04 09:04:45 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-04 09:04:43 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-04 09:04:39 ----N---- C:\WINDOWS\slrundll.exe
2008-09-04 09:04:38 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-04 09:04:34 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-04 09:04:30 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-04 09:04:30 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-09-04 09:04:28 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-04 09:04:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-04 09:04:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-04 09:04:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-04 09:04:18 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-04 09:04:11 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-04 09:04:02 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-04 09:03:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-04 09:03:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-04 09:03:45 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-04 09:03:40 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-04 09:03:16 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-04 09:03:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-04 09:03:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-04 09:02:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-04 09:02:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-04 09:02:38 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-04 09:02:37 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-04 09:02:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-04 09:01:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-04 09:01:51 ----A---- C:\WINDOWS\002817_.tmp
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-04 09:01:47 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-04 09:01:46 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-04 09:01:40 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-04 09:01:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-04 09:01:37 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-04 09:01:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-04 09:01:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-04 09:01:28 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-04 09:01:17 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-04 09:01:16 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-04 09:01:14 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-04 09:01:12 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-04 09:01:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-04 09:00:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-03 22:42:08 ----RHD---- C:\AHCache
2008-09-03 22:40:34 ----D---- C:\d9de28300db6f094a8dc
2008-09-03 21:44:46 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 21:42:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 17:05:00 ----D---- C:\Program Files\uTorrent
2008-09-03 17:04:53 ----D---- C:\Documents and Settings\Boyz\Application Data\uTorrent

======List of files/folders modified in the last 1 months======

2008-09-27 09:50:59 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 09:49:47 ----D---- C:\WINDOWS\Internet Logs
2008-09-27 09:19:58 ----D---- C:\WINDOWS\system32\ias
2008-09-27 09:19:51 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-09-26 23:35:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 23:35:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 16:49:47 ----D---- C:\WINDOWS\system32
2008-09-26 15:06:33 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-24 15:27:13 ----HD---- C:\$AVG8.VAULT$
2008-09-23 21:45:03 ----D---- C:\WINDOWS\system32\drivers
2008-09-21 11:33:36 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-20 20:58:44 ----D---- C:\WINDOWS
2008-09-20 20:55:52 ----SHD---- C:\WINDOWS\Installer
2008-09-20 20:55:52 ----HD---- C:\Config.Msi
2008-09-20 20:25:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 20:23:51 ----D---- C:\Program Files
2008-09-20 19:13:56 ----A---- C:\WINDOWS\system.ini
2008-09-19 23:13:04 ----D---- C:\Program Files\Common Files
2008-09-19 23:08:12 ----D---- C:\WINDOWS\AppPatch
2008-09-19 17:35:57 ----D---- C:\Documents and Settings\Boyz\Application Data\Adobe
2008-09-19 12:00:53 ----RASH---- C:\boot.ini
2008-09-19 11:27:14 ----D---- C:\WINDOWS\Minidump
2008-09-17 16:00:33 ----D---- C:\WINDOWS\WinSxS
2008-09-17 16:00:22 ----D---- C:\Program Files\Messenger
2008-09-17 15:50:37 ----SD---- C:\WINDOWS\Tasks
2008-09-16 19:42:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 16:30:34 ----A---- C:\hpqp.ini
2008-09-16 16:30:25 ----A---- C:\XP_TV.ini
2008-09-15 23:46:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-15 23:46:15 ----A---- C:\WINDOWS\win.ini
2008-09-14 17:56:21 ----HD---- C:\WINDOWS\inf
2008-09-13 23:28:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-13 23:16:20 ----D---- C:\Program Files\Spyware Doctor
2008-09-13 18:59:50 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-13 18:59:40 ----RSD---- C:\WINDOWS\assembly
2008-09-13 09:09:32 ----D---- C:\Documents and Settings
2008-09-13 09:03:35 ----D---- C:\WINDOWS\system32\config
2008-09-13 09:03:14 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 09:03:14 ----D---- C:\WINDOWS\Registration
2008-09-13 00:50:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-13 00:50:54 ----RSD---- C:\WINDOWS\Fonts
2008-09-13 00:41:55 ----D---- C:\Program Files\Internet Explorer
2008-09-12 15:04:07 ----D---- C:\Program Files\EA Games
2008-09-11 17:00:13 ----D---- C:\WINDOWS\Cursors
2008-09-11 16:53:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 15:53:19 ----D---- C:\Program Files\DivX
2008-09-10 15:08:40 ----D---- C:\Program Files\Microsoft Location Finder
2008-09-09 17:26:38 ----A---- C:\WINDOWS\imsins.BAK
2008-09-08 17:52:56 ----D---- C:\Program Files\QuickVerse 2007
2008-09-08 17:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\openlp.org
2008-09-08 17:45:29 ----D---- C:\Program Files\Mozilla Thunderbird
2008-09-08 17:44:49 ----D---- C:\Program Files\EV Nova
2008-09-05 15:02:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 19:21:16 ----SD---- C:\Documents and Settings\Boyz\Application Data\Microsoft
2008-09-04 19:07:36 ----D---- C:\WINDOWS\RegisteredPackages
2008-09-04 18:32:52 ----D---- C:\WINDOWS\system32\DirectX
2008-09-04 17:58:30 ----D---- C:\WINDOWS\Debug
2008-09-04 17:52:21 ----D---- C:\WINDOWS\system32\Setup
2008-09-04 17:01:56 ----D---- C:\WINDOWS\security
2008-09-04 16:42:28 ----D---- C:\WINDOWS\ime
2008-09-04 16:42:26 ----D---- C:\WINDOWS\Help
2008-09-04 16:41:33 ----D---- C:\WINDOWS\system32\usmt
2008-09-04 16:41:17 ----D---- C:\WINDOWS\PeerNet
2008-09-04 16:41:16 ----D---- C:\Program Files\Movie Maker
2008-09-04 16:30:32 ----D---- C:\WINDOWS\system32\Restore
2008-09-04 16:30:31 ----D---- C:\WINDOWS\system32\npp
2008-09-04 16:30:27 ----D---- C:\WINDOWS\msagent
2008-09-04 16:30:24 ----D---- C:\WINDOWS\srchasst
2008-09-04 16:30:16 ----D---- C:\Program Files\NetMeeting
2008-09-04 16:30:12 ----D---- C:\WINDOWS\system32\Com
2008-09-04 16:30:08 ----D---- C:\Program Files\Windows Media Player
2008-09-04 16:30:07 ----D---- C:\Program Files\Windows NT
2008-09-04 16:30:06 ----D---- C:\Program Files\Outlook Express
2008-09-04 16:30:01 ----D---- C:\Program Files\Common Files\System
2008-09-04 16:29:13 ----D---- C:\WINDOWS\system32\oobe
2008-09-04 16:29:05 ----D---- C:\WINDOWS\system
2008-09-04 16:23:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-03 21:47:15 ----D---- C:\Program Files\Lavasoft
2008-09-03 21:47:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-03 19:15:14 ----D---- C:\Documents and Settings\Boyz\Application Data\Skype
2008-09-03 19:14:27 ----D---- C:\Documents and Settings\Boyz\Application Data\skypePM
2008-08-29 15:09:04 ----D---- C:\Documents and Settings\Boyz\Application Data\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-11 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-06-03 147984]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-11 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-21 718464]
S3 adyge6ms;adyge6ms; C:\WINDOWS\system32\drivers\adyge6ms.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000; C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys [2004-01-05 1080832]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-09-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-09-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-09-28 21744]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 Ser2pl;ATEN USB to Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-03 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 94208]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe []
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-25 1077640]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Edited by orlymopy, 27 September 2008 - 10:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users