Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Runs Fast, Net Runs Slow


  • This topic is locked This topic is locked
8 replies to this topic

#1 Redneck1781

Redneck1781

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 22 September 2008 - 10:29 PM

Niot sure what happened, just one day, without downloading anything, my inter net slowed way down. I went from getting around 30-40K/s to 2-4K/s, went through and deleted a lot of unused/unwanted programs, cleaned cache, history, ect... using AVG 8.0, updates every 4 hours, and scans every day, nothing found except tracking cookies from IE, which get deleted daily. Home built system, running Windows XP Home on a 256 DSL internet wired through a Netlink Router, if you need any other info just let me know, here is the log I got

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:41 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Eric\Desktop\putty.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 8346 bytes


Thanks in advance for any and all help.

Eric

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:23 PM

Posted 28 September 2008 - 09:33 PM

Hello, Redneck1781.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Redneck1781

Redneck1781
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 29 September 2008 - 10:58 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:44 AM, on 9/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\Eric\Desktop\putty.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 8558 bytes

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:23 PM

Posted 29 September 2008 - 02:25 PM

Hello, Redneck1781.
We have to remove some entries in HiJack This
  • Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
  • Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log.txt
  • RSIT Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Redneck1781

Redneck1781
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 29 September 2008 - 11:42 PM

Logfile of random's system information tool 1.02 (written by random/random)
Run by Eric at 2008-09-29 23:41:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 104 GB (68%) free of 153 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:23 PM, on 9/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Eric\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Eric.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 8056 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-07-27 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-27 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-27 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-09-26 872448]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-07-27 1235736]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-27 185896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-27 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPro620.lnk]
C:\WINDOWS\VPro620.exe [2007-06-18 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eric^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
C:\DOCUME~1\ALLUSE~1\APPLIC~1\IWINGA~1\DESKTO~1\DESKTO~1.EXE [2008-04-06 107520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe"="C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe:*:Disabled:yazak"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8551342-f81a-11dc-ad96-806d6172696f}]
shell\AutoRun\command - D:\DVD_SPECIAL_FEATURES.exe


======List of files/folders created in the last 3 months======

2008-09-29 23:41:19 ----D---- C:\rsit
2008-09-28 18:27:25 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-28 18:27:25 ----A---- C:\WINDOWS\avisplitter.ini
2008-09-28 18:27:23 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-09-28 18:27:23 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-09-28 18:27:23 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-09-28 18:27:23 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-28 18:27:23 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-28 18:27:23 ----A---- C:\WINDOWS\system32\divx.dll
2008-09-28 18:27:22 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-28 18:27:22 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-09-28 18:27:21 ----D---- C:\Program Files\K-Lite Codec Pack
2008-09-26 15:36:45 ----D---- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-09-26 15:17:32 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-26 15:17:32 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-26 15:16:38 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-26 15:16:35 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-26 14:56:06 ----D---- C:\Program Files\Microsoft Games
2008-09-26 10:04:01 ----D---- C:\Program Files\LimeWire
2008-09-24 23:59:23 ----D---- C:\Program Files\The Nightshift Code
2008-09-22 22:21:29 ----D---- C:\Program Files\Marvell
2008-09-22 21:29:25 ----D---- C:\Program Files\Trend Micro
2008-09-22 20:45:30 ----D---- C:\Program Files\Magic Encyclopedia
2008-09-21 21:40:49 ----D---- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-09-18 11:40:17 ----D---- C:\Program Files\Escape the Museum
2008-09-13 22:14:05 ----D---- C:\Program Files\Conduit
2008-09-13 22:14:04 ----D---- C:\Program Files\TorrentMan
2008-09-13 22:13:40 ----D---- C:\Program Files\BitLord
2008-09-13 15:21:41 ----D---- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
2008-09-13 11:59:59 ----D---- C:\Program Files\Mystery Chronicles - Murder Among Friends
2008-09-11 00:37:46 ----D---- C:\Program Files\Safari
2008-09-11 00:24:09 ----D---- C:\Program Files\Apple Software Update
2008-09-11 00:21:38 ----D---- C:\Program Files\iPod
2008-09-11 00:21:35 ----D---- C:\Program Files\iTunes
2008-09-11 00:21:35 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-11 00:20:42 ----D---- C:\Program Files\Bonjour
2008-09-11 00:19:55 ----D---- C:\Program Files\QuickTime
2008-09-11 00:18:22 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2008-09-10 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 23:22:54 ----D---- C:\Documents and Settings\Eric\Application Data\Apple Computer
2008-09-05 23:21:41 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-05 23:21:04 ----D---- C:\Program Files\Common Files\Apple
2008-09-05 23:21:04 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-04 21:42:03 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-09-04 21:42:01 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-09-04 21:42:01 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-09-04 21:42:01 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-09-04 21:42:01 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-09-04 21:42:01 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-09-04 21:42:01 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-09-04 21:42:01 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-09-01 22:17:27 ----D---- C:\Program Files\AskPBar
2008-09-01 22:16:48 ----D---- C:\Program Files\Trillian
2008-09-01 17:23:30 ----D---- C:\Program Files\Common Files\Adobe
2008-08-30 16:04:52 ----D---- C:\Documents and Settings\Eric\Application Data\Playrix Entertainment
2008-08-30 15:53:51 ----D---- C:\Program Files\Fishdom
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-28 12:20:00 ----D---- C:\Program Files\Azada - Ancient Magic
2008-08-27 23:14:22 ----D---- C:\Program Files\ZakFromAnotherPlanet
2008-08-23 03:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-21 23:59:09 ----D---- C:\WINDOWS\Prefetch
2008-08-21 23:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-21 23:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-21 23:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-21 23:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-21 23:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-21 23:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-21 23:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-21 23:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-21 23:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-21 23:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-21 23:50:31 ----D---- C:\WINDOWS\system32\scripting
2008-08-21 23:50:31 ----D---- C:\WINDOWS\l2schemas
2008-08-21 23:50:30 ----D---- C:\WINDOWS\system32\en
2008-08-21 23:50:30 ----D---- C:\WINDOWS\system32\bits
2008-08-21 23:47:00 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-21 23:39:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-21 23:02:44 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-21 23:02:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-21 23:02:42 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-21 23:02:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-21 23:02:38 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-21 23:02:38 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-21 23:02:34 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-21 23:02:34 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-21 23:02:31 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-21 23:02:31 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-21 23:02:31 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-21 23:02:31 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-21 23:02:31 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-21 23:02:31 ----N---- C:\WINDOWS\slrundll.exe
2008-08-21 23:02:29 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-21 23:02:28 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-21 23:02:28 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-21 23:02:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-21 23:02:27 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-21 23:02:26 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-21 23:02:26 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-21 23:02:26 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-21 23:02:25 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-21 23:02:24 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-21 23:02:19 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-21 23:02:19 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-21 23:02:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-21 23:02:19 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-21 23:02:19 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-21 23:02:19 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-21 23:02:18 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-21 23:02:18 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-21 23:02:09 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-21 23:02:09 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-21 23:02:09 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-21 23:02:09 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-21 23:02:08 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-21 23:02:03 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-21 23:01:57 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-21 23:01:57 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-21 23:01:57 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-21 23:01:57 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-21 23:01:57 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-21 23:01:46 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-21 23:01:46 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-21 23:01:44 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-21 23:01:42 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-21 23:01:39 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-21 23:01:39 ----A---- C:\WINDOWS\003019_.tmp
2008-08-21 23:01:38 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-21 23:01:38 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-21 23:01:38 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-21 23:01:38 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-21 23:01:38 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-21 23:01:37 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-21 23:01:37 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-21 23:01:37 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-21 23:01:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-21 23:01:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-21 23:01:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-21 23:01:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-21 23:01:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-21 23:01:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-21 23:01:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-21 23:01:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-21 23:01:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-21 23:01:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-21 23:01:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-21 23:01:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-21 23:01:29 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-21 23:01:29 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 23:01:29 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-21 23:01:28 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-21 23:01:28 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-21 23:01:28 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 23:01:28 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-21 23:01:28 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-21 23:01:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-20 09:30:26 ----D---- C:\Program Files\Mishterm
2008-08-15 03:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-15 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-15 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-15 03:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-15 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-10 22:58:20 ----D---- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-10 22:43:12 ----D---- C:\Program Files\HandMade Game
2008-08-10 00:14:02 ----D---- C:\Documents and Settings\Eric\Application Data\acccore
2008-08-10 00:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-10 00:13:31 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-10 00:13:25 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-10 00:13:25 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-10 00:13:10 ----D---- C:\Program Files\Common Files\AOL
2008-08-10 00:12:51 ----D---- C:\Program Files\AIM6
2008-07-27 18:17:56 ----D---- C:\Program Files\Governor of Poker
2008-07-27 00:26:45 ----HD---- C:\$AVG8.VAULT$
2008-07-27 00:11:43 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-07-27 00:11:34 ----D---- C:\Documents and Settings\Eric\Application Data\AVGTOOLBAR
2008-07-27 00:11:25 ----D---- C:\Program Files\AVG
2008-07-27 00:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 23:56:48 ----D---- C:\Program Files\Dream Chronicles 2 - The Eternal Maze
2008-07-19 19:41:02 ----D---- C:\Documents and Settings\Eric\Application Data\Meridian93
2008-07-19 19:33:00 ----D---- C:\Program Files\Mystery of Unicorn Castle
2008-07-19 17:36:12 ----D---- C:\Program Files\Hidden Mysteries - Civil War
2008-07-18 20:48:07 ----D---- C:\Program Files\Peggle Deluxe
2008-07-09 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-05 15:55:03 ----D---- C:\Documents and Settings\Eric\Application Data\Big Fish Games
2008-07-05 15:47:52 ----D---- C:\Program Files\Azada

======List of files/folders modified in the last 3 months======

2008-09-29 23:41:23 ----D---- C:\WINDOWS\Temp
2008-09-28 22:10:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-28 18:27:25 ----D---- C:\WINDOWS\system32
2008-09-28 18:27:25 ----D---- C:\WINDOWS
2008-09-28 18:27:21 ----RD---- C:\Program Files
2008-09-28 18:24:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-28 18:14:59 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 15:27:31 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-26 15:27:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-26 15:27:03 ----SHD---- C:\WINDOWS\Installer
2008-09-26 15:19:51 ----HD---- C:\WINDOWS\inf
2008-09-26 15:18:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 15:17:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-26 15:17:10 ----D---- C:\WINDOWS\system32\drivers
2008-09-26 15:16:18 ----D---- C:\WINDOWS\system32\DirectX
2008-09-26 15:15:09 ----D---- C:\WINDOWS\WinSxS
2008-09-26 10:22:17 ----D---- C:\Documents and Settings\Eric\Application Data\LimeWire
2008-09-25 00:54:51 ----D---- C:\Documents and Settings\Eric\Application Data\PlayFirst
2008-09-25 00:54:51 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-25 00:54:33 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-09-22 22:23:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-22 22:21:09 ----A---- C:\WINDOWS\AS_Debug.txt
2008-09-22 22:20:55 ----A---- C:\WINDOWS\Ascd_tmp.ini
2008-09-22 22:20:51 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-13 11:24:48 ----D---- C:\Program Files\bfgclient
2008-09-11 09:26:30 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-09-11 00:24:12 ----SD---- C:\WINDOWS\Tasks
2008-09-11 00:21:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-10 03:00:21 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 23:11:06 ----D---- C:\WINDOWS\Minidump
2008-09-05 23:21:04 ----D---- C:\Program Files\Common Files
2008-09-04 21:41:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-01 18:37:00 ----D---- C:\Documents and Settings\Eric\Application Data\AdobeUM
2008-09-01 17:23:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-01 17:07:12 ----D---- C:\Documents and Settings\Eric\Application Data\Adobe
2008-08-26 15:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-22 15:41:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-22 00:00:39 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-21 23:59:37 ----A---- C:\WINDOWS\setuplog.txt
2008-08-21 23:58:35 ----D---- C:\WINDOWS\system32\Setup
2008-08-21 23:58:35 ----D---- C:\WINDOWS\AppPatch
2008-08-21 23:58:34 ----D---- C:\WINDOWS\system32\wbem
2008-08-21 23:58:33 ----RSD---- C:\WINDOWS\Fonts
2008-08-21 23:57:23 ----D---- C:\WINDOWS\security
2008-08-21 23:55:32 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-21 23:54:45 ----D---- C:\Program Files\Messenger
2008-08-21 23:50:45 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-21 23:50:45 ----D---- C:\WINDOWS\network diagnostic
2008-08-21 23:50:45 ----D---- C:\WINDOWS\ime
2008-08-21 23:50:45 ----D---- C:\WINDOWS\Help
2008-08-21 23:50:32 ----D---- C:\WINDOWS\system32\usmt
2008-08-21 23:50:32 ----D---- C:\WINDOWS\system32\en-US
2008-08-21 23:50:30 ----D---- C:\WINDOWS\PeerNet
2008-08-21 23:50:30 ----D---- C:\Program Files\Movie Maker
2008-08-21 23:46:49 ----D---- C:\WINDOWS\system32\Restore
2008-08-21 23:46:49 ----D---- C:\WINDOWS\system32\npp
2008-08-21 23:46:48 ----D---- C:\WINDOWS\mui
2008-08-21 23:46:47 ----D---- C:\WINDOWS\msagent
2008-08-21 23:46:46 ----D---- C:\WINDOWS\srchasst
2008-08-21 23:46:45 ----D---- C:\Program Files\NetMeeting
2008-08-21 23:46:43 ----D---- C:\WINDOWS\system32\Com
2008-08-21 23:46:40 ----D---- C:\Program Files\Windows NT
2008-08-21 23:46:40 ----D---- C:\Program Files\Windows Media Player
2008-08-21 23:46:40 ----D---- C:\Program Files\Outlook Express
2008-08-21 23:46:37 ----D---- C:\Program Files\Common Files\System
2008-08-21 23:46:19 ----D---- C:\WINDOWS\system32\oobe
2008-08-21 23:46:17 ----D---- C:\WINDOWS\system
2008-08-21 23:39:53 ----D---- C:\WINDOWS\ehome
2008-08-21 20:41:01 ----D---- C:\WINDOWS\Debug
2008-08-19 03:00:22 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-15 03:01:13 ----D---- C:\Program Files\Internet Explorer
2008-07-31 10:23:02 ----D---- C:\Documents and Settings\Eric\Application Data\U3
2008-07-27 00:26:46 ----D---- C:\Program Files\iWin Games
2008-07-27 00:10:53 ----SD---- C:\Documents and Settings\Eric\Application Data\Microsoft
2008-07-26 21:50:43 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-07-26 21:48:58 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-18 21:39:47 ----D---- C:\Program Files\World of Warcraft
2008-07-07 15:26:58 ----A---- C:\WINDOWS\system32\es.dll
2008-07-05 15:28:07 ----D---- C:\Documents and Settings\Eric\Application Data\Ludia
2008-07-05 15:28:07 ----D---- C:\Documents and Settings\All Users\Application Data\Ludia
2008-07-02 19:31:50 ----D---- C:\Program Files\Hidden Expedition - Amazon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-21 5685]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-27 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-27 26824]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-27 76040]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-07 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2006-06-22 293808]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPC620;Philips SPC620NC PC Camera; C:\WINDOWS\system32\drivers\SPC620.sys [2007-09-28 484352]
S3 SPC620m;Philips SPC620NC PC Cameram; C:\WINDOWS\system32\drivers\SPC620m.sys [2007-09-28 7680]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-27 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]
R2 iWinGamesInstaller;iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-03-05 78104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.02 2008-09-29 23:41:25

======Uninstall list======

-->"C:\Program Files\Mishterm\uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Are You Smarter Than A 5th Grader (remove only)-->"C:\Program Files\iWin.com\Are You Smarter Than A 5th Grader\Uninstall.exe"
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azada ™-->"C:\Program Files\Azada\Uninstall.exe"
Azada: Ancient Magic-->"C:\Program Files\Azada - Ancient Magic\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Birdies (remove only)-->"C:\Program Files\iWin.com\Birdies\Uninstall.exe"
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Build-a-lot 2: Town of the Year-->"C:\Program Files\Build-a-lot 2 - Town of the Year\Uninstall.exe"
Can You See What I See?-->"C:\Program Files\Can You See What I See\Uninstall.exe"
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Dream Chronicles ™ 2: The Eternal Maze-->"C:\Program Files\Dream Chronicles 2 - The Eternal Maze\Uninstall.exe"
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
Escape the Museum-->"C:\Program Files\Escape the Museum\Uninstall.exe"
Fishdom-->"C:\Program Files\Fishdom\Uninstall.exe"
Governor of Poker-->"C:\Program Files\Governor of Poker\Uninstall.exe"
Hidden Expedition: Amazon ™-->"C:\Program Files\Hidden Expedition - Amazon\Uninstall.exe"
Hidden Mysteries: Civil War-->"C:\Program Files\Hidden Mysteries - Civil War\Uninstall.exe"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic Encyclopedia-->"C:\Program Files\Magic Encyclopedia\Uninstall.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Mystery Chronicles: Murder Among Friends-->"C:\Program Files\Mystery Chronicles - Murder Among Friends\Uninstall.exe"
Mystery of Unicorn Castle-->"C:\Program Files\Mystery of Unicorn Castle\Uninstall.exe"
Nero 7 Essentials-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
Peggle Deluxe-->"C:\Program Files\Peggle Deluxe\Uninstall.exe"
Philips SPC620NC Webcam-->C:\Program Files\InstallShield Installation Information\{47BE6EC4-32A5-43BC-B6CD-839101374334}\setup.exe -runfromtemp -l0x0009 -removeonly
Philips SPC620NC Webcam-->C:\Program Files\InstallShield Installation Information\{5CA6F170-E18D-4B4C-8670-3ED096478C41}\Setup.exe -runfromtemp -l0x0009 -removeonly
Philips VLounge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}\Setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Season Match (remove only)-->"C:\Program Files\iWin.com\Season Match\Uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Supercow (remove only)-->"C:\Program Files\iWin.com\Supercow\Uninstall.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Nightshift Code-->"C:\Program Files\The Nightshift Code\Uninstall.exe"
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VBRunDLL 3.3-->C:\PROGRA~1\ZAKFRO~1\VBRunDLL\Setup.exe /remove
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual Villagers: The Secret City-->"C:\Program Files\Virtual Villagers - The Secret City\Uninstall.exe"
Westward II: Heroes of the Frontier-->"C:\Program Files\Westward II - Heroes of the Frontier\Uninstall.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Driver Package - Philips (SPC620) Image (09/28/2007 1.61.1.5790)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\spc620_48FC4CE8A7196C41B051883FFB331E2ADE755BFF\spc620.inf
Windows Driver Package - Philips USB (09/28/2007 1.61.1.5790)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\spc620c_48FC4CE8A7196C41B051883FFB331E2ADE755BFF\spc620c.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: AVG Anti-Virus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------



Thanks again Billy, I really appriciate the help you are giving me.

Eric

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:23 PM

Posted 30 September 2008 - 05:34 AM

Hello, Redneck1781.
Hmm... still doesn't appear malware related. :thumbsup: Want a seccond opinioin on that though:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Redneck1781

Redneck1781
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 01 October 2008 - 01:45 AM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3484 (20080930)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=cfd62ad3891b23468df0ba1db00bdeb6
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-01 05:39:06
# local_time=2008-10-01 12:39:06 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=222435
# found=1
# scan_time=2816
C:\Documents and Settings\Eric\Local Settings\Temp\NERO14688\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean - deleted) 00000000000000000000000000000000

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:23 PM

Posted 01 October 2008 - 05:42 AM

Hello, Redneck1781.

Your problems do not appear malware related. I would be pointing fingers at your ISP at this point, for they are the most likely culprit for a speed problem :)

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:23 PM

Posted 03 October 2008 - 09:25 AM

Hello, Redneck1781.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users