Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Driver or service blocking malware removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 Mike_K

Mike_K

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 04 December 2008 - 09:56 PM

Hi, I've been working with boopme on this in the "Am I infected forum" Mod. edit: Topic referenced is here: http://www.bleepingcomputer.com/forums/t/183098/infected-with-something-cant-download/ ~ OB

He determined that a driver was blocking the removal of the malware affecting my computer and said I should post here.

Some background info.

My desktop computer is infected. It uses Window Vista home premium. The computer is very slow when trying to browse the net and stops responding often. I can sign on with IE but am very limited to what sites I can get to. I can't get to this site. Firefox won't start at all. I am unable to download anything and I can't updated my antispyware programs. Other programs on the computer, like photoshop, seem to work fine.

I have been using my laptop to download and update programs and transfer them to the desktop with a flash drive. I am posting this from my laptop.

Here are the RIST logs

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-04 21:36:01
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 148 GB (64%) free of 231 GB
Total RAM: 2942 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe /background []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.1\AOL.EXE [2007-10-27 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTBFirstRun]
C:\Program Files\Hewlett-Packard\SDP\hprun.exe [2006-11-14 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1178157592\ee\AOLSoftware.exe [2007-05-25 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-08-13 5562368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopularScreensaversWallpaper]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-26 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Users\Owner\AppData\Local\Temp\{F013C5FE-1EA8-425C-9BB2-3A2A5369BED5}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2008-09-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
? ? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk]
C:\Users\Owner\AppData\Local\Temp\{F013C5FE-1EA8-425C-9BB2-3A2A5369BED5}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3: Cape Typhoon /PRMP=RCTC /SKUN=PCXX /GTYP=SIMU []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
C:\Windows\system32\avgwlntf.dll [2008-03-22 9216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a247a35-f9c7-11db-814f-001a92b55f04}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc138aba-3b39-11dd-859a-00038a000015}]
shell\AutoRun\command - J:\rcaeasyrip_setup.exe


======List of files/folders created in the last 1 months======

2008-12-04 21:36:01 ----D---- C:\rsit
2008-12-04 21:36:01 ----D---- C:\Program Files\trend micro
2008-12-04 00:47:13 ----A---- C:\Windows\system32\tmp.txt
2008-12-04 00:47:11 ----A---- C:\rapport.txt
2008-12-04 00:47:03 ----A---- C:\Windows\system32\VACFix.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\o4Patch.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\IEDFix.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\IEDFix.C.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\404Fix.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\WS2Fix.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\VCCLSID.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\swxcacls.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\swsc.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\swreg.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\SrchSTS.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\Process.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\dumphive.exe
2008-11-30 21:54:28 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-11-30 21:54:10 ----D---- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-11-30 21:54:10 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-30 19:37:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 19:12:12 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-11-30 19:12:02 ----D---- C:\ProgramData\Malwarebytes
2008-11-25 14:53:22 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 14:53:21 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 14:53:21 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 14:53:21 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 14:53:20 ----A---- C:\Windows\system32\connect.dll
2008-11-17 21:45:21 ----D---- C:\ProgramData\HP Product Assistant
2008-11-17 21:43:08 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-11-17 21:43:08 ----A---- C:\Windows\RtlUpd.exe
2008-11-17 21:43:08 ----A---- C:\Windows\RtHDVCpl.exe
2008-11-17 21:21:24 ----D---- C:\Users\Owner\AppData\Roaming\Printer Info Cache
2008-11-17 21:21:24 ----D---- C:\Users\Owner\AppData\Roaming\Image Zone Express
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wups2.dll
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wucltux.dll
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-17 07:02:31 ----A---- C:\Windows\system32\wups.dll
2008-11-17 07:02:31 ----A---- C:\Windows\system32\wudriver.dll
2008-11-17 07:02:31 ----A---- C:\Windows\system32\wuapi.dll
2008-11-17 07:02:27 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-17 07:02:27 ----A---- C:\Windows\system32\wuapp.exe
2008-11-16 03:01:36 ----A---- C:\Windows\system32\msshooks.dll
2008-11-16 03:01:36 ----A---- C:\Windows\system32\msscb.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-16 03:01:34 ----A---- C:\Windows\system32\propdefs.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\msstrc.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\msshsq.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\srchadmin.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\propsys.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\wsepno.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-16 03:01:31 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-16 03:01:31 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\offfilt.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\tquery.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssvp.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssrch.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssph.dll
2008-11-15 19:46:32 ----D---- C:\ProgramData\FLEXnet
2008-11-15 19:40:33 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-15 19:35:56 ----N---- C:\Windows\system32\pxcpyi64.exe
2008-11-15 19:35:56 ----N---- C:\Windows\system32\pxcpya64.exe
2008-11-15 19:35:55 ----N---- C:\Windows\system32\pxinsi64.exe
2008-11-15 19:35:55 ----N---- C:\Windows\system32\pxinsa64.exe
2008-11-15 19:35:55 ----N---- C:\Windows\system32\pxhpinst.exe
2008-11-15 19:28:04 ----D---- C:\Users\Owner\AppData\Roaming\Uniblue
2008-11-15 15:30:20 ----D---- C:\Users\Owner\AppData\Roaming\Download Manager
2008-11-15 13:36:36 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-15 13:36:35 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-15 13:36:34 ----A---- C:\Windows\system32\wersvc.dll
2008-11-15 13:36:34 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-15 13:36:33 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-15 13:36:33 ----A---- C:\Windows\system32\dataclen.dll
2008-11-15 13:36:33 ----A---- C:\Windows\system32\cdd.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\wshext.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\wscript.exe
2008-11-15 13:36:32 ----A---- C:\Windows\system32\vbscript.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\scrrun.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\scrobj.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\jscript.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\cscript.exe
2008-11-14 21:48:17 ----D---- C:\PerfLogs
2008-11-13 14:08:39 ----D---- C:\Program Files\Kodak
2008-11-13 14:07:31 ----D---- C:\ProgramData\Kodak
2008-11-12 22:32:14 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 22:31:49 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 16:38:05 ----A---- C:\Windows\system32\GEARAspi.dll
2008-11-12 16:38:02 ----DC---- C:\Windows\system32\DRVSTORE
2008-11-12 16:37:22 ----D---- C:\Program Files\iPod
2008-11-12 16:37:05 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-12 16:37:05 ----D---- C:\Program Files\iTunes
2008-11-12 16:31:59 ----D---- C:\Program Files\Bonjour
2008-11-12 16:30:33 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2008-12-04 21:36:32 ----D---- C:\Windows\System32
2008-12-04 21:36:32 ----D---- C:\Windows\inf
2008-12-04 21:36:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-04 21:36:01 ----RD---- C:\Program Files
2008-12-04 21:36:01 ----D---- C:\Windows\Prefetch
2008-12-04 21:35:45 ----D---- C:\Windows\Temp
2008-12-04 19:43:57 ----A---- C:\Windows\ntbtlog.txt
2008-12-04 19:11:02 ----SHD---- C:\System Volume Information
2008-12-04 18:37:21 ----D---- C:\ProgramData\avg7
2008-12-04 00:42:07 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2008-12-03 23:21:38 ----D---- C:\Windows\system32\LogFiles
2008-12-03 22:06:34 ----D---- C:\Windows\system32\drivers
2008-12-03 21:46:17 ----D---- C:\Windows
2008-12-03 19:50:39 ----SHD---- C:\Windows\Installer
2008-12-03 16:38:52 ----D---- C:\Program Files\Mozilla Firefox
2008-12-03 16:32:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 16:06:06 ----D---- C:\Windows\system32\Msdtc
2008-12-03 16:06:02 ----D---- C:\Windows\system32\wbem
2008-12-03 16:05:15 ----D---- C:\Windows\system32\config
2008-12-03 16:05:02 ----D---- C:\Windows\Tasks
2008-12-03 16:05:02 ----D---- C:\Windows\system32\spool
2008-12-03 16:05:02 ----D---- C:\Windows\system32\CodeIntegrity
2008-12-03 16:05:02 ----D---- C:\Windows\system32\catroot2
2008-12-03 16:05:02 ----D---- C:\Windows\SMINST
2008-12-03 16:04:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-03 16:04:52 ----D---- C:\Windows\registration
2008-11-30 21:54:28 ----HD---- C:\ProgramData
2008-11-30 11:46:35 ----RHD---- C:\$VAULT$.AVG
2008-11-28 18:46:23 ----D---- C:\Users\Owner\AppData\Roaming\Adobe
2008-11-26 03:01:23 ----D---- C:\Windows\winsxs
2008-11-25 14:53:17 ----D---- C:\Windows\system32\catroot
2008-11-21 15:20:49 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2008-11-18 23:01:03 ----D---- C:\Windows\pss
2008-11-18 17:25:39 ----D---- C:\Windows\system32\WDI
2008-11-17 21:49:40 ----SD---- C:\ProgramData\Microsoft
2008-11-17 21:43:44 ----D---- C:\Windows\system32\RTCOM
2008-11-17 21:43:10 ----A---- C:\Windows\DIFxAPI.dll
2008-11-17 21:43:08 ----D---- C:\Program Files\Realtek
2008-11-17 21:00:53 ----D---- C:\Windows\rescache
2008-11-17 20:44:40 ----D---- C:\Windows\system32\en-US
2008-11-16 17:12:58 ----D---- C:\Program Files\Common Files
2008-11-16 03:07:58 ----D---- C:\Windows\PolicyDefinitions
2008-11-16 03:02:38 ----D---- C:\ProgramData\Microsoft Help
2008-11-15 19:48:50 ----D---- C:\ProgramData\Adobe
2008-11-15 19:40:35 ----D---- C:\Program Files\Common Files\Adobe
2008-11-15 19:37:50 ----RSD---- C:\Windows\Fonts
2008-11-15 19:36:04 ----D---- C:\Program Files\Adobe
2008-11-15 19:35:39 ----N---- C:\Windows\system32\PxAFS.DLL
2008-11-15 19:35:38 ----N---- C:\Windows\system32\PxSFS.DLL
2008-11-15 19:35:38 ----N---- C:\Windows\system32\PxMas.dll
2008-11-15 19:35:38 ----N---- C:\Windows\system32\pxdrv.dll
2008-11-15 19:35:37 ----N---- C:\Windows\system32\PxWave.dll
2008-11-15 19:35:37 ----N---- C:\Windows\system32\Px.dll
2008-11-15 19:11:40 ----D---- C:\Windows\system32\Tasks
2008-11-15 15:01:19 ----SD---- C:\Windows\Downloaded Program Files
2008-11-15 07:46:38 ----D---- C:\Program Files\AOL Games
2008-11-14 23:54:40 ----D---- C:\Windows\Logs
2008-11-14 23:24:38 ----D---- C:\Windows\Microsoft.NET
2008-11-14 23:24:35 ----RSD---- C:\Windows\assembly
2008-11-14 22:03:57 ----SHD---- C:\Boot
2008-11-14 22:03:38 ----ASH---- C:\Program Files\desktop.ini
2008-11-14 21:53:24 ----D---- C:\Program Files\Windows Sidebar
2008-11-14 21:53:24 ----D---- C:\Program Files\Windows Calendar
2008-11-14 21:53:24 ----D---- C:\Program Files\Movie Maker
2008-11-14 21:53:22 ----D---- C:\Program Files\Windows Mail
2008-11-14 21:53:21 ----D---- C:\Program Files\Internet Explorer
2008-11-14 21:53:20 ----D---- C:\Program Files\Windows Media Player
2008-11-14 21:53:18 ----D---- C:\Program Files\Windows Collaboration
2008-11-14 21:53:17 ----D---- C:\Program Files\Windows Journal
2008-11-14 21:53:15 ----D---- C:\Program Files\Windows Photo Gallery
2008-11-14 21:53:04 ----D---- C:\Program Files\Common Files\System
2008-11-14 21:53:03 ----D---- C:\Program Files\Windows Defender
2008-11-14 21:53:02 ----D---- C:\Windows\servicing
2008-11-14 21:53:00 ----D---- C:\Windows\ehome
2008-11-14 21:52:33 ----D---- C:\Windows\MSAgent
2008-11-14 21:52:31 ----D---- C:\Windows\L2Schemas
2008-11-14 21:52:31 ----D---- C:\Windows\IME
2008-11-14 21:52:31 ----D---- C:\Windows\DigitalLocker
2008-11-14 21:52:29 ----D---- C:\Windows\system32\XPSViewer
2008-11-14 21:52:29 ----D---- C:\Windows\system32\ko-KR
2008-11-14 21:52:29 ----D---- C:\Windows\system32\da-DK
2008-11-14 21:52:29 ----D---- C:\Windows\system32\com
2008-11-14 21:52:23 ----D---- C:\Windows\system32\oobe
2008-11-14 21:52:23 ----D---- C:\Windows\system32\it-IT
2008-11-14 21:52:23 ----D---- C:\Windows\system32\el-GR
2008-11-14 21:52:23 ----D---- C:\Windows\system32\de-DE
2008-11-14 21:52:21 ----D---- C:\Windows\system32\sysprep
2008-11-14 21:52:21 ----D---- C:\Windows\system32\migration
2008-11-14 21:52:12 ----D---- C:\Windows\system32\AdvancedInstallers
2008-11-14 21:52:11 ----D---- C:\Windows\system32\sv-SE
2008-11-14 21:52:11 ----D---- C:\Windows\system32\setup
2008-11-14 21:52:11 ----D---- C:\Windows\system32\ru-RU
2008-11-14 21:52:11 ----D---- C:\Windows\system32\ias
2008-11-14 21:52:11 ----D---- C:\Windows\system32\he-IL
2008-11-14 21:52:11 ----D---- C:\Windows\system32\fr-FR
2008-11-14 21:52:10 ----D---- C:\Windows\system32\SLUI
2008-11-14 21:52:10 ----D---- C:\Windows\system32\pt-PT
2008-11-14 21:52:10 ----D---- C:\Windows\system32\hu-HU
2008-11-14 21:52:10 ----D---- C:\Windows\system32\fi-FI
2008-11-14 21:52:10 ----D---- C:\Windows\system32\cs-CZ
2008-11-14 21:52:06 ----D---- C:\Windows\system32\zh-TW
2008-11-14 21:52:06 ----D---- C:\Windows\system32\zh-CN
2008-11-14 21:52:06 ----D---- C:\Windows\system32\pl-PL
2008-11-14 21:52:06 ----D---- C:\Windows\system32\manifeststore
2008-11-14 21:52:06 ----D---- C:\Windows\system32\es-ES
2008-11-14 21:52:06 ----D---- C:\Windows\system32\en
2008-11-14 21:52:05 ----D---- C:\Windows\system32\ro-RO
2008-11-14 21:52:05 ----D---- C:\Windows\system32\ja-JP
2008-11-14 21:51:58 ----D---- C:\Windows\system32\tr-TR
2008-11-14 21:51:52 ----D---- C:\Windows\system32\nl-NL
2008-11-14 21:51:52 ----D---- C:\Windows\system32\nb-NO
2008-11-14 21:51:51 ----D---- C:\Windows\system32\ar-SA
2008-11-14 21:51:47 ----D---- C:\Windows\system32\migwiz
2008-11-14 21:51:45 ----D---- C:\Windows\system32\pt-BR
2008-11-14 21:48:48 ----D---- C:\Windows\AppPatch
2008-11-14 21:48:31 ----D---- C:\Windows\Boot
2008-11-14 21:48:24 ----D---- C:\Windows\system32\Boot
2008-11-14 20:56:44 ----A---- C:\Windows\system32\ifxcardm.dll
2008-11-14 20:56:35 ----A---- C:\Windows\system32\axaltocm.dll
2008-11-14 20:30:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-14 20:10:13 ----D---- C:\Program Files\Safari
2008-11-14 19:56:21 ----RD---- C:\Users
2008-11-14 19:54:16 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-14 19:54:10 ----D---- C:\Windows\Help
2008-11-14 19:44:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 19:32:42 ----D---- C:\ProgramData\Symantec
2008-11-14 19:32:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-14 19:30:07 ----D---- C:\Program Files\Hewlett-Packard
2008-11-14 19:21:14 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer
2008-11-12 16:34:46 ----D---- C:\ProgramData\Apple Computer
2008-11-12 16:30:55 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\Windows\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 AvgClean;AVG7 Clean Driver; C:\Windows\System32\Drivers\avgclean.sys [2008-03-22 10760]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-03-22 26952]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-18 385072]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 AvgWFP;AVG7 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfp.sys [2008-03-22 53768]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-29 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EraserUtilDrv10740;EraserUtilDrv10740; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004};PCD5SRVC{8A863ACB-F5F6CC6A-05010004} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms []
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-03-22 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-03-22 49664]
R2 AvgCoreSvc;AVG7 Resident Shield Service; C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe [2008-03-22 192512]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-03-22 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-15 651720]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-13 138168]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]

-----------------EOF-----------------

and

info.txt logfile of random's system information tool 1.04 2008-12-04 21:37:12

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Type Manager 4.0-->C:\Windows\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AQUAZONE Seven Seas Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F96010B3-9876-40B4-8992-37C9D7D26541}\Setup.exe" -l0x9
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Hoyle Casino 4-->C:\Windows\IsUninst.exe -fC:\SIERRA\CASINO4\Uninst.isu
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 8.0.C-->C:\Program Files\Hewlett-Packard\Digital Imaging\{FB79A6DF-44D2-40a6-9FFC-34BDEEBD980B}\setup\hpzscr01.exe -datfile hppscr22.dat -onestop -showdisconnect -forcereboot
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP On-Screen Caps/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Product Detection-->MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Masque Slots-->C:\Masque\Slots\UNWISE.EXE C:\Masque\Slots\INSTALL.LOG
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Q-Xpress Installer 1.1.9-->C:\Program Files\ModTheSims2.com\Q-Xpress Installer\uninst.exe
RCT3 Soaked-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roll-->C:\Windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Safari-->MsiExec.exe /I{34F85A4D-03CC-428A-80A4-880228646518}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SimPE 0.64 (alpha)-->"C:\Program Files\SimPE\unins000.exe"
Sims2Pack Clean Installer -->C:\Program Files\Sims2Pack Clean Installer\uninstall.exe
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}

======Security center information======

AV: AVG 7.5.549
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Thanks

Mike

Edited by Orange Blossom, 05 December 2008 - 11:02 PM.

HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 11 December 2008 - 09:39 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 Mike_K

Mike_K
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 11 December 2008 - 11:12 PM

Hi Panda

Thanks for getting back to me. I have 2 questions.

I ran OTScanIt and have the log but I'm not sure how to attach it to my reply.

The other problem I have is I downloaded GMER but I can't unzip it. I'm using Window Vista. My evaluation version of win zip has expired. Do I need to buy win zip or is there another way? If I need to buy I will but would rather not as I don't use it much.

Update on what has happened since my original post:

While waiting for a reply I completely disconnected this computer so I could set up my daughters computer. When I hooked this one back up it started working like before my problems. My post had dropped to page 25 and I wasn't sure when someone would get back to me. I made a few changes to the computer. I updated my antispyware programs and ran them - Mbam, SuperantiSpysweeper, and Spybot S&D. I also Uninstalled AVG and installed Avast and ran it. Avast found (2) Trojan:Win32 which I moved to the chest (quarantine?). I have the logs if you want to see them. I ran disk cleanup and disk defragment. And finally just today I installed GIMP.

The computer is still not 100%. AOL and Firefox stop responding from time to time. Turning the power off and then back on sometimes fixes the problem. Now that I have you helping me I will not make any more changes without your say so.

Thanks

Mike
HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 11 December 2008 - 11:44 PM

Hello Mike.

To attach the log, click ADDREPLY in this topic window. Under the main box, there should be an attachments section.

Otherwise, please upload the log to me.

Submit File Sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/t/184167/driver-or-service-blocking-malware-removal/
  • Select the log file.
  • Under the comments section, say that Panda asked for the submission.
--
To extract GMER, you should be able to right click the zip and select Extract. If there isn't, I'll upload the executable somewhere for you.

With Regards,
The Panda

#5 Mike_K

Mike_K
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 12 December 2008 - 12:02 AM

OK, here is the OTScanIt log.

I don't any "extract" when I right click on the zip file.

And one other change I made last week. I turned off the windows firewall and installed Zone Alarm.

Mike

Attached Files


HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 12 December 2008 - 12:13 AM

Hello Mike.

Please download ZipCentral Setup. Run the setup. After it is installed, you should be able to extract GMER.

Sorry that I can't just extract it for you and host it, because that would be some kind of violation (I think).

With Regards,
The Panda

#7 Mike_K

Mike_K
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 12 December 2008 - 08:02 AM

This is not going well.

I was able to unzip gmer. I ran it the first time and my computer crashed on restart. I had to run start up repair and choose restore to get back up running. Now every time I try to scan it crashes. I've tried several times in both regular and safe mode. Anything else I can do?

I'll try again when I get home this afternoon

Mike
HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

#8 Mike_K

Mike_K
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 12 December 2008 - 05:38 PM

Success!

I kept running it and it kept crashing. Finally it ran.

I ran gmer in safe mode. When I restarted in normal I got an Avast warning: Suspicious File Found. file name: C:\Windows\SYSTEM32\process.exe
Type: Rootkit: hidden process. It then goes on to ask if I want to delete now or ignore. What should I do about this?

Here is the log from the gmer scan



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-12 17:08:27
Windows 6.0.6001 Service Pack 1


---- User code sections - GMER 1.0.14 ----

.text C:\Users\Owner\Desktop\gmer.exe[1440] kernel32.dll!CopyFileW + 3 76A56FB0 2 Bytes [ 5F, FB ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740E7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741298C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740ED3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740DF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740E7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740DE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7411B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740ED68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740E012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740E0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740D71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7416D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741075E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740DDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740D668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740D66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740E1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Thanks

Mike
HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 13 December 2008 - 12:03 AM

Hello.

Looks like whatever infection was there had been removed.

Run Scan with Kaspersky
Let's see what Kaspersky can pick up.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please also include a new HijackThis log.

With Regards,
The Panda

#10 Mike_K

Mike_K
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 13 December 2008 - 11:11 PM

Hi Panda,

Sorry it took a while to get back. Internet Explorer kept shutting down during the Kaspersky scan.

Here are the reports you requested:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-13 22:59:23
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 166 GB (72%) free of 231 GB
Total RAM: 2942 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:27 PM, on 12/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\aol\1178157592\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm128MIUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8806 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe /background []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.1\AOL.EXE [2007-10-27 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTBFirstRun]
C:\Program Files\Hewlett-Packard\SDP\hprun.exe [2006-11-14 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1178157592\ee\AOLSoftware.exe [2007-05-25 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-08-13 5562368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopularScreensaversWallpaper]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-26 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Users\Owner\AppData\Local\Temp\{F013C5FE-1EA8-425C-9BB2-3A2A5369BED5}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2008-09-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
? ? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk]
C:\Users\Owner\AppData\Local\Temp\{F013C5FE-1EA8-425C-9BB2-3A2A5369BED5}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3: Cape Typhoon /PRMP=RCTC /SKUN=PCXX /GTYP=SIMU []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a247a35-f9c7-11db-814f-001a92b55f04}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc138aba-3b39-11dd-859a-00038a000015}]
shell\AutoRun\command - J:\rcaeasyrip_setup.exe


======List of files/folders created in the last 1 months======

2008-12-13 09:52:48 ----D---- C:\Windows\Sun
2008-12-12 18:08:59 ----A---- C:\AdobeDebug.txt
2008-12-12 16:07:52 ----A---- C:\Windows\system32\tzres.dll
2008-12-12 15:45:01 ----D---- C:\Program Files\ZipCentral
2008-12-12 12:26:09 ----A---- C:\Windows\system32\gdi32.dll
2008-12-12 12:26:04 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-12 12:26:03 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-12 01:14:17 ----A---- C:\Windows\system32\shell32.dll
2008-12-12 01:13:16 ----A---- C:\Windows\system32\mshtml.dll
2008-12-12 01:13:15 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 01:13:15 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 01:13:14 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 01:13:14 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 01:13:13 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-12 01:13:13 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 01:11:19 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-12 01:11:19 ----A---- C:\Windows\system32\mf.dll
2008-12-12 01:11:18 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-12 01:11:18 ----A---- C:\Windows\system32\logagent.exe
2008-12-12 01:06:24 ----A---- C:\Windows\gmer.ini
2008-12-12 01:06:23 ----A---- C:\Windows\gmer_uninstall.cmd
2008-12-12 01:06:23 ----A---- C:\Windows\gmer.exe
2008-12-12 01:06:23 ----A---- C:\Windows\gmer.dll
2008-12-11 16:51:49 ----D---- C:\Users\Owner\AppData\Roaming\gtk-2.0
2008-12-11 16:46:35 ----D---- C:\Program Files\GIMP-2.0
2008-12-07 22:47:59 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-12-07 22:47:59 ----A---- C:\Windows\system32\netiougc.exe
2008-12-07 22:47:23 ----A---- C:\Windows\system32\vsregexp.dll
2008-12-07 22:47:21 ----A---- C:\Windows\system32\zlcommdb.dll
2008-12-07 22:47:19 ----A---- C:\Windows\system32\zlcomm.dll
2008-12-07 22:47:16 ----A---- C:\Windows\system32\vswmi.dll
2008-12-07 22:47:13 ----D---- C:\Program Files\Zone Labs
2008-12-07 22:47:13 ----A---- C:\Windows\system32\zpeng25.dll
2008-12-07 22:47:13 ----A---- C:\Windows\system32\vsxml.dll
2008-12-07 22:47:13 ----A---- C:\Windows\system32\vspubapi.dll
2008-12-07 22:47:13 ----A---- C:\Windows\system32\vsmonapi.dll
2008-12-07 22:47:12 ----A---- C:\Windows\system32\vsdata.dll
2008-12-07 22:46:38 ----D---- C:\Windows\system32\ZoneLabs
2008-12-07 22:45:30 ----D---- C:\ProgramData\CheckPoint
2008-12-07 22:45:29 ----A---- C:\Windows\system32\vsutil.dll
2008-12-07 22:45:29 ----A---- C:\Windows\system32\vsinit.dll
2008-12-07 22:45:26 ----D---- C:\Windows\Internet Logs
2008-12-07 22:31:28 ----D---- C:\Program Files\SpywareBlaster
2008-12-07 21:42:30 ----D---- C:\ProgramData\NortonInstaller
2008-12-07 10:01:52 ----D---- C:\ProgramData\Avg7
2008-12-07 09:59:19 ----A---- C:\Windows\system32\aswBoot.exe
2008-12-07 09:59:18 ----D---- C:\Program Files\Alwil Software
2008-12-04 21:36:01 ----D---- C:\rsit
2008-12-04 21:36:01 ----D---- C:\Program Files\trend micro
2008-12-04 00:47:13 ----A---- C:\Windows\system32\tmp.txt
2008-12-04 00:47:11 ----A---- C:\rapport.txt
2008-12-04 00:47:03 ----A---- C:\Windows\system32\VACFix.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\o4Patch.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\IEDFix.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\IEDFix.C.exe
2008-12-04 00:47:03 ----A---- C:\Windows\system32\404Fix.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\WS2Fix.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\VCCLSID.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\swxcacls.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\swsc.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\swreg.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\SrchSTS.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\Process.exe
2008-12-04 00:47:02 ----A---- C:\Windows\system32\dumphive.exe
2008-11-30 21:54:28 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-11-30 21:54:10 ----D---- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-11-30 21:54:10 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-30 19:37:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 19:12:12 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-11-30 19:12:02 ----D---- C:\ProgramData\Malwarebytes
2008-11-25 14:53:22 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 14:53:21 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 14:53:21 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 14:53:21 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 14:53:20 ----A---- C:\Windows\system32\connect.dll
2008-11-17 21:45:21 ----D---- C:\ProgramData\HP Product Assistant
2008-11-17 21:43:08 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-11-17 21:43:08 ----A---- C:\Windows\RtlUpd.exe
2008-11-17 21:43:08 ----A---- C:\Windows\RtHDVCpl.exe
2008-11-17 21:21:24 ----D---- C:\Users\Owner\AppData\Roaming\Printer Info Cache
2008-11-17 21:21:24 ----D---- C:\Users\Owner\AppData\Roaming\Image Zone Express
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wups2.dll
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wucltux.dll
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-17 07:02:47 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-17 07:02:31 ----A---- C:\Windows\system32\wups.dll
2008-11-17 07:02:31 ----A---- C:\Windows\system32\wudriver.dll
2008-11-17 07:02:31 ----A---- C:\Windows\system32\wuapi.dll
2008-11-17 07:02:27 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-17 07:02:27 ----A---- C:\Windows\system32\wuapp.exe
2008-11-16 03:01:36 ----A---- C:\Windows\system32\msshooks.dll
2008-11-16 03:01:36 ----A---- C:\Windows\system32\msscb.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-16 03:01:34 ----A---- C:\Windows\system32\propdefs.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\msstrc.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-16 03:01:34 ----A---- C:\Windows\system32\msshsq.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\srchadmin.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\propsys.dll
2008-11-16 03:01:33 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\wsepno.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-16 03:01:31 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-16 03:01:31 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\offfilt.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-16 03:01:31 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\tquery.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssvp.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssrch.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-16 03:01:30 ----A---- C:\Windows\system32\mssph.dll
2008-11-15 19:46:32 ----D---- C:\ProgramData\FLEXnet
2008-11-15 19:40:33 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-15 19:35:56 ----N---- C:\Windows\system32\pxcpyi64.exe
2008-11-15 19:35:56 ----N---- C:\Windows\system32\pxcpya64.exe
2008-11-15 19:35:55 ----N---- C:\Windows\system32\pxinsi64.exe
2008-11-15 19:35:55 ----N---- C:\Windows\system32\pxinsa64.exe
2008-11-15 19:35:55 ----N---- C:\Windows\system32\pxhpinst.exe
2008-11-15 19:28:04 ----D---- C:\Users\Owner\AppData\Roaming\Uniblue
2008-11-15 15:30:20 ----D---- C:\Users\Owner\AppData\Roaming\Download Manager
2008-11-15 13:36:36 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-15 13:36:35 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-15 13:36:35 ----A---- C:\Windows\system32\IKEEXT.DLL
2008-11-15 13:36:34 ----A---- C:\Windows\system32\wersvc.dll
2008-11-15 13:36:34 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2008-11-15 13:36:34 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-15 13:36:34 ----A---- C:\Windows\system32\BFE.DLL
2008-11-15 13:36:33 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-15 13:36:33 ----A---- C:\Windows\system32\dataclen.dll
2008-11-15 13:36:33 ----A---- C:\Windows\system32\cdd.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\wshext.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\wscript.exe
2008-11-15 13:36:32 ----A---- C:\Windows\system32\vbscript.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\scrrun.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\scrobj.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\jscript.dll
2008-11-15 13:36:32 ----A---- C:\Windows\system32\cscript.exe
2008-11-14 21:48:17 ----D---- C:\PerfLogs

======List of files/folders modified in the last 1 months======

2008-12-13 22:59:27 ----D---- C:\Windows\Prefetch
2008-12-13 22:59:26 ----D---- C:\Windows\Temp
2008-12-13 22:56:14 ----D---- C:\Program Files\Mozilla Firefox
2008-12-13 19:21:30 ----D---- C:\Windows\system32\drivers
2008-12-13 16:03:23 ----AD---- C:\ProgramData\TEMP
2008-12-13 15:58:34 ----A---- C:\Windows\win.ini
2008-12-13 15:23:17 ----D---- C:\Windows\System32
2008-12-13 15:23:17 ----D---- C:\Windows\inf
2008-12-13 15:23:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-13 15:17:50 ----D---- C:\Windows\Minidump
2008-12-13 15:17:50 ----D---- C:\Windows
2008-12-13 10:34:42 ----SHD---- C:\System Volume Information
2008-12-12 18:57:48 ----D---- C:\Windows\system32\config
2008-12-12 18:57:15 ----D---- C:\Windows\Tasks
2008-12-12 18:57:15 ----D---- C:\Windows\system32\spool
2008-12-12 18:57:14 ----D---- C:\Windows\system32\Msdtc
2008-12-12 18:57:13 ----D---- C:\Windows\system32\CodeIntegrity
2008-12-12 18:57:13 ----D---- C:\Windows\SMINST
2008-12-12 18:56:54 ----D---- C:\Windows\system32\wbem
2008-12-12 18:56:54 ----D---- C:\Windows\registration
2008-12-12 18:27:47 ----D---- C:\ProgramData\AOL
2008-12-12 17:37:52 ----D---- C:\Windows\rescache
2008-12-12 16:41:57 ----A---- C:\Windows\ntbtlog.txt
2008-12-12 16:26:11 ----D---- C:\Windows\AppPatch
2008-12-12 16:25:16 ----D---- C:\Windows\winsxs
2008-12-12 16:25:13 ----D---- C:\Windows\system32\en-US
2008-12-12 16:13:42 ----SHD---- C:\Windows\Installer
2008-12-12 16:13:34 ----D---- C:\ProgramData\Microsoft Help
2008-12-12 16:08:17 ----D---- C:\Windows\system32\catroot
2008-12-12 16:04:50 ----D---- C:\Windows\system32\catroot2
2008-12-12 15:45:01 ----RD---- C:\Program Files
2008-12-12 12:23:30 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2008-12-12 03:39:47 ----D---- C:\Windows\system32\LogFiles
2008-12-12 01:59:21 ----D---- C:\Windows\system32\Tasks
2008-12-10 16:24:04 ----D---- C:\Program Files\LimeWire
2008-12-09 18:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-07 22:50:49 ----D---- C:\Windows\system32\migration
2008-12-07 22:47:22 ----D---- C:\Windows\SoftwareDistribution
2008-12-07 22:45:30 ----HD---- C:\ProgramData
2008-12-07 21:44:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 13:43:04 ----SD---- C:\ProgramData\Microsoft
2008-12-07 10:01:41 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2008-12-07 10:01:41 ----D---- C:\Windows\system
2008-12-07 09:55:04 ----SD---- C:\Windows\Downloaded Program Files
2008-12-03 16:32:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 16:04:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-28 18:46:23 ----D---- C:\Users\Owner\AppData\Roaming\Adobe
2008-11-27 10:27:41 ----D---- C:\ProgramData\Kodak
2008-11-18 23:01:03 ----D---- C:\Windows\pss
2008-11-18 17:25:39 ----D---- C:\Windows\system32\WDI
2008-11-17 21:43:44 ----D---- C:\Windows\system32\RTCOM
2008-11-17 21:43:10 ----A---- C:\Windows\DIFxAPI.dll
2008-11-17 21:43:08 ----D---- C:\Program Files\Realtek
2008-11-16 17:12:58 ----D---- C:\Program Files\Common Files
2008-11-16 17:12:33 ----D---- C:\Program Files\Kodak
2008-11-16 03:07:58 ----D---- C:\Windows\PolicyDefinitions
2008-11-15 19:48:50 ----D---- C:\ProgramData\Adobe
2008-11-15 19:40:35 ----D---- C:\Program Files\Common Files\Adobe
2008-11-15 19:37:50 ----RSD---- C:\Windows\Fonts
2008-11-15 19:36:04 ----D---- C:\Program Files\Adobe
2008-11-15 19:35:39 ----N---- C:\Windows\system32\PxAFS.DLL
2008-11-15 19:35:38 ----N---- C:\Windows\system32\PxSFS.DLL
2008-11-15 19:35:38 ----N---- C:\Windows\system32\PxMas.dll
2008-11-15 19:35:38 ----N---- C:\Windows\system32\pxdrv.dll
2008-11-15 19:35:37 ----N---- C:\Windows\system32\PxWave.dll
2008-11-15 19:35:37 ----N---- C:\Windows\system32\Px.dll
2008-11-15 07:46:38 ----D---- C:\Program Files\AOL Games
2008-11-14 23:54:40 ----D---- C:\Windows\Logs
2008-11-14 23:24:38 ----D---- C:\Windows\Microsoft.NET
2008-11-14 23:24:35 ----RSD---- C:\Windows\assembly
2008-11-14 22:03:57 ----SHD---- C:\Boot
2008-11-14 22:03:38 ----ASH---- C:\Program Files\desktop.ini
2008-11-14 21:53:24 ----D---- C:\Program Files\Windows Sidebar
2008-11-14 21:53:24 ----D---- C:\Program Files\Windows Calendar
2008-11-14 21:53:24 ----D---- C:\Program Files\Movie Maker
2008-11-14 21:53:22 ----D---- C:\Program Files\Windows Mail
2008-11-14 21:53:21 ----D---- C:\Program Files\Internet Explorer
2008-11-14 21:53:20 ----D---- C:\Program Files\Windows Media Player
2008-11-14 21:53:18 ----D---- C:\Program Files\Windows Collaboration
2008-11-14 21:53:17 ----D---- C:\Program Files\Windows Journal
2008-11-14 21:53:15 ----D---- C:\Program Files\Windows Photo Gallery
2008-11-14 21:53:04 ----D---- C:\Program Files\Common Files\System
2008-11-14 21:53:03 ----D---- C:\Program Files\Windows Defender
2008-11-14 21:53:02 ----D---- C:\Windows\servicing
2008-11-14 21:53:00 ----D---- C:\Windows\ehome
2008-11-14 21:52:33 ----D---- C:\Windows\MSAgent
2008-11-14 21:52:31 ----D---- C:\Windows\L2Schemas
2008-11-14 21:52:31 ----D---- C:\Windows\IME
2008-11-14 21:52:31 ----D---- C:\Windows\DigitalLocker
2008-11-14 21:52:29 ----D---- C:\Windows\system32\XPSViewer
2008-11-14 21:52:29 ----D---- C:\Windows\system32\ko-KR
2008-11-14 21:52:29 ----D---- C:\Windows\system32\da-DK
2008-11-14 21:52:29 ----D---- C:\Windows\system32\com
2008-11-14 21:52:23 ----D---- C:\Windows\system32\oobe
2008-11-14 21:52:23 ----D---- C:\Windows\system32\it-IT
2008-11-14 21:52:23 ----D---- C:\Windows\system32\el-GR
2008-11-14 21:52:23 ----D---- C:\Windows\system32\de-DE
2008-11-14 21:52:21 ----D---- C:\Windows\system32\sysprep
2008-11-14 21:52:12 ----D---- C:\Windows\system32\AdvancedInstallers
2008-11-14 21:52:11 ----D---- C:\Windows\system32\sv-SE
2008-11-14 21:52:11 ----D---- C:\Windows\system32\setup
2008-11-14 21:52:11 ----D---- C:\Windows\system32\ru-RU
2008-11-14 21:52:11 ----D---- C:\Windows\system32\ias
2008-11-14 21:52:11 ----D---- C:\Windows\system32\he-IL
2008-11-14 21:52:11 ----D---- C:\Windows\system32\fr-FR
2008-11-14 21:52:10 ----D---- C:\Windows\system32\SLUI
2008-11-14 21:52:10 ----D---- C:\Windows\system32\pt-PT
2008-11-14 21:52:10 ----D---- C:\Windows\system32\hu-HU
2008-11-14 21:52:10 ----D---- C:\Windows\system32\fi-FI
2008-11-14 21:52:10 ----D---- C:\Windows\system32\cs-CZ
2008-11-14 21:52:06 ----D---- C:\Windows\system32\zh-TW
2008-11-14 21:52:06 ----D---- C:\Windows\system32\zh-CN
2008-11-14 21:52:06 ----D---- C:\Windows\system32\pl-PL
2008-11-14 21:52:06 ----D---- C:\Windows\system32\manifeststore
2008-11-14 21:52:06 ----D---- C:\Windows\system32\es-ES
2008-11-14 21:52:06 ----D---- C:\Windows\system32\en
2008-11-14 21:52:05 ----D---- C:\Windows\system32\ro-RO
2008-11-14 21:52:05 ----D---- C:\Windows\system32\ja-JP
2008-11-14 21:51:58 ----D---- C:\Windows\system32\tr-TR
2008-11-14 21:51:52 ----D---- C:\Windows\system32\nl-NL
2008-11-14 21:51:52 ----D---- C:\Windows\system32\nb-NO
2008-11-14 21:51:51 ----D---- C:\Windows\system32\ar-SA
2008-11-14 21:51:47 ----D---- C:\Windows\system32\migwiz
2008-11-14 21:51:45 ----D---- C:\Windows\system32\pt-BR
2008-11-14 21:48:31 ----D---- C:\Windows\Boot
2008-11-14 21:48:24 ----D---- C:\Windows\system32\Boot
2008-11-14 20:56:44 ----A---- C:\Windows\system32\ifxcardm.dll
2008-11-14 20:56:35 ----A---- C:\Windows\system32\axaltocm.dll
2008-11-14 20:30:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-14 20:10:13 ----D---- C:\Program Files\Safari
2008-11-14 19:56:21 ----RD---- C:\Users
2008-11-14 19:54:16 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-14 19:54:10 ----D---- C:\Windows\Help
2008-11-14 19:44:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 19:30:07 ----D---- C:\Program Files\Hewlett-Packard
2008-11-14 19:21:14 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 ATMhelpr;ATMhelpr; C:\Windows\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-11-13 293776]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-29 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EraserUtilDrv10740;EraserUtilDrv10740; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys []
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-12-12 85969]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004};PCD5SRVC{8A863ACB-F5F6CC6A-05010004} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms []
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-15 651720]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-13 138168]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]

-----------------EOF-----------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 13, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 13, 2008 17:01:50
Records in database: 1458249
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 237687
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:06:58


File name / Threat name / Threats count
C:\Users\Owner\Shared\lets srart riot three days.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\Owner\Shared\outside stiand.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\Owner\Shared\sky is over.mpg Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.


Thanks

Mike
HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 13 December 2008 - 11:53 PM

Hello.

Kaspersky found some infected Mp3s. Let's use OTScanIt to remove those.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Disable Avast!'s realtime protection by right clicking on the try icon beside your clock that looks like Posted Image and selecting Stop On-Access Protection.

In the settings:
Posted Image
(please ignore the comment about ComboFix)

Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Custom Items]
    :files
    C:\PROGRA~1\MYWEBS~1\
    C:\Users\Owner\Shared\lets srart riot three days.mp3
    C:\Users\Owner\Shared\outside stiand.mp3
    C:\Users\Owner\Shared\sky is over.mpg
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "aim6"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    :end
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Is there any sign of infection right now?

With Regards,
The Panda

#12 Mike_K

Mike_K
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 14 December 2008 - 12:11 AM

Thanks Panda

Everything seems fine now. The problem I've been having is that after the computer has been on for a while, a day or two, Internet Explorer and Firefox will stop responding. We leave our computer on all night for scans and updates. Is this a bad idea? When IE stops responding turning off the computer for 10 minutes seems to fix the problem until next time.

Here is the log

[Custom Items]
========== FILES ==========
Folder C:\PROGRA~1\MYWEBS~1\ not found.
C:\Users\Owner\Shared\lets srart riot three days.mp3 moved successfully.
C:\Users\Owner\Shared\outside stiand.mp3 moved successfully.
C:\Users\Owner\Shared\sky is over.mpg moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aim6 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.3.0 fix logfile created on 12142008_000342

Mike
HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 14 December 2008 - 12:18 AM

Hello.

I would not leave a computer on for extended periods of time, if possible. A lot can happen in 48 hours.

I do weekly scans when my computer is free, and similarly for updates.

Only thing I can think of is perhaps uninstalling some toolbars.
Windows Live Toolbar
AIM Toolbar

With Regards,
The Panda

#14 Mike_K

Mike_K
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Location:SE Pa
  • Local time:06:51 AM

Posted 14 December 2008 - 12:24 AM

Thank you so much Panda.

I take it this means my computer is clean. I'll take your advice to not leave the computer on and uninstall the tool bars. I will also create a new restore point and dump all the old ones. If there isn't anything else I should do, I'll consider this issue closed.

Have a Merry Christmas

Mike
HP a6009n, windows vista home premium SP2, AMD 64X2 dual core processor 3800+, 2.00GHz, 3G ram, 32 bit operating system, AOL

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 14 December 2008 - 01:01 AM

Hello.

Open OTScanIt and push the CleanUp! button. This will remove the tools we've used.

Happy holidays.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users